| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RE2 has taken a dependency on Abseil. re2::StringPiece is (for now)
an alias; its old member functions no longer exist. This CL is just
one of many needed to unblock updating Chromium's copy of RE2 soon.
Bug: 1447090
Change-Id: I23e94fd3b55c615f4cbe03350ede9bf1eaa4f73d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4549044
Owners-Override: Nico Weber <[email protected]>
Auto-Submit: Paul Wankadia <[email protected]>
Commit-Queue: Nico Weber <[email protected]>
Reviewed-by: Muhammad Hasan Khan <[email protected]>
Reviewed-by: Nico Weber <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1146652}
Fixes: QTBUG-115931
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/497030
Reviewed-by: Allan Sandfeld Jensen <[email protected]>
(cherry picked from commit 3e6cb8936d3b00a9af375875d240d912d53af851)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/507098
Reviewed-by: Qt Cherry-pick Bot <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
Manual roll of libxml to include cherry-picked security fix.
Originally reviewed on:
https://chromium-review.googlesource.com/c/chromium/src/+/4457227
Change-Id: I5dd9fbd29aaea404609b8a6b533fa79ae8d0f127
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/480825
Reviewed-by: Allan Sandfeld Jensen <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
Manual update of sqlite to version 3.41.2 to get to the same version
as reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/4404861.
This includes the fix for Chromium bug 1430644 / CVE-2023-2137.
Change-Id: I79130f25c34e23ed91c9945bc69737a654b41049
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/480823
Reviewed-by: Allan Sandfeld Jensen <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://skia-review.googlesource.com/c/skia/+/673576:
Enforce program stack limits on function parameters.
M108 merge issues:
resources/sksl/BUILD.bazel:
File doesn't exist in M108, tests are added manually to gn/sksl_tests.gni.
gn/sksl_tests.gni:
Conflicting rts entries
src/sksl/ir/SkSLFunctionDefinition.cpp:
- Conflicting includes
- visitStatement():
Conflicting declarations of const Variable* var (const Variable& var
on 108)
Previously, a function's parameter list did not count against its
stack size limit.
Bug: chromium:1432603
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Change-Id: If49dce98f3155f3144a766c26b5a3a39401ce1b2
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/670236
Auto-Submit: John Stiles <[email protected]>
Commit-Queue: John Stiles <[email protected]>
(cherry picked from commit 4dc748f14c6650cb45c7086a39af1760bfda41d2)
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/673576
Reviewed-by: John Stiles <[email protected]>
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/480821
Reviewed-by: Allan Sandfeld Jensen <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/angle/angle/+/4428752:
M112: Mark RGBX and BGRX formats as having 8 unused bits.
This makes sure that pixelBytes ends up being 4 and fixes potential
buffer size validation.
Fix EGL configs using pixelBytes to compute EGL_BUFFER_SIZE which
is not supposed to include unused bits. This is covered by
dEQP-EGL.functional.query_config.constraints.color_buffer_size
Bug: chromium:1404790
Change-Id: Ie0480cbdc6229c4bb3a6c6242337eaed5a3ae3b7
Reviewed-on: https://chromium-review.googlesource.com/c/angle/angle/+/4428752
Reviewed-by: Amirali Abdolrashidi <[email protected]>
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/480820
Reviewed-by: Allan Sandfeld Jensen <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4352658:
Add lock to AlternativeStateNameMap.
To prevent the class from accessing its localized_state_names_map_ and
localized_state_names_reverse_lookup_map_ members, a lock is added. It
locks all reads/write from the aforementioned members.
Bug: 1360571, 1414241, 1425951
Change-Id: Ic01b0cba3878748617863274deb04ec9e13645d4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4352658
Reviewed-by: Christoph Schwering <[email protected]>
Commit-Queue: Florian Leimgruber <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1119411}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/480819
Reviewed-by: Allan Sandfeld Jensen <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/4422621:
Reland "[M108-LTS][runtime] Make Error.captureStackTrace() a no-op for global object"
This is a reland of commit 12be50e5ccf198c6353bc82fe0d17e614bfb7431
Original change's description:
> [M108-LTS][runtime] Make Error.captureStackTrace() a no-op for global object
>
> (cherry picked from commit fa81078cca6964def7a3833704e0dba7b05065d8)
>
> Bug: chromium:1432210
> Change-Id: I8aa4c3f1d9ecbfffce503085c2879416ff916c69
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4417690
> Commit-Queue: Igor Sheludko <[email protected]>
> Commit-Queue: Tobias Tebbi <[email protected]>
> Auto-Submit: Igor Sheludko <[email protected]>
> Cr-Original-Commit-Position: refs/heads/main@{#87045}
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4422621
> Reviewed-by: Igor Sheludko <[email protected]>
> Cr-Commit-Position: refs/branch-heads/10.8@{#52}
> Cr-Branched-From: f1bc03fd6b4c201abd9f0fd9d51fb989150f97b9-refs/heads/10.8.168@{#1}
> Cr-Branched-From: 237de893e1c0a0628a57d0f5797483d3add7f005-refs/heads/main@{#83672}
Bug: chromium:1432210
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Change-Id: I4c06a76db005a61b2259b836c1f06c78eb004e16
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4459252
Reviewed-by: Igor Sheludko <[email protected]>
Commit-Queue: Roger Felipe Zanoni da Silva <[email protected]>
Cr-Commit-Position: refs/branch-heads/10.8@{#56}
Cr-Branched-From: f1bc03fd6b4c201abd9f0fd9d51fb989150f97b9-refs/heads/10.8.168@{#1}
Cr-Branched-From: 237de893e1c0a0628a57d0f5797483d3add7f005-refs/heads/main@{#83672}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/480818
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/4381738:
Merged: [compiler] Prevent constant folding of TypeGuard
TypeGuard are used to prevent operations from floating before a
preceding check, and thus shouldn't be constant-folded.
(cherry picked from commit 867716437273c16dc6ef5bc85b9c18affa1fb242)
Fixed: chromium:1427388
Change-Id: Id93807aa7553c6a42b17024b7f7975a1a28fbb78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4381738
Bot-Commit: Rubber Stamper <[email protected]>
Commit-Queue: Darius Mercadier <[email protected]>
Cr-Commit-Position: refs/branch-heads/11.3@{#6}
Cr-Branched-From: b0a3a06aa78a9beb4e8485eb502b20b2abe2abbf-refs/heads/11.3.244@{#1}
Cr-Branched-From: 0326cf6343caaa6ea32bb3208e894cb7412e1313-refs/heads/main@{#86647}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/480822
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4466648:
Fix ScopedObservation UaF in BubbleDialogDelegate::AnchorWidgetObserver
A ScopedObservation can outlive the aura::Window it observes, leading to
a use-after-free error in ~ScopedObservation(). The problem occurs in
BubbleDialogDelegate::AnchorWidgetObserver. This fix listens for
OnWindowDestroying() and resets the observation to prevent the UaF.
(cherry picked from commit 72bd6a1018548ee63a2ec06d6c7714d3a8cdf8a8)
Bug: 1423360
Change-Id: I742b4624b2664dea3fd97db7b399fcd15e45c8fe
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4455016
Code-Coverage: Findit <[email protected]>
Reviewed-by: Elly Fong-Jones <[email protected]>
Commit-Queue: Keren Zhu <[email protected]>
Cr-Original-Commit-Position: refs/heads/main@{#1133511}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4466648
Reviewed-by: Allen Bauer <[email protected]>
Cr-Commit-Position: refs/branch-heads/5672@{#868}
Cr-Branched-From: 5f2a72468eda1eb945b3b5a2298b5d1cd678521e-refs/heads/main@{#1121455}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/480824
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4365724:
Use weak pointer to store duplicate requests
Bug: 1423304
Change-Id: I7ab170f085c3d05c582f7065b88c1ad2510cc633
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4365724
Commit-Queue: Thomas Nguyen <[email protected]>
Reviewed-by: Andy Paicu <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1124133}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/480826
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4437791:
Check callback availability in SpdyProxyClientSocket::RunWriteCallback
OnClose() could consume `write_callback_` so it may not be available
when RunWriteCallback() is invoked.
Bug: 1428820
Change-Id: I9a5ade62d67f5bf15e12d0915d1ad6098657ffd4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4437791
Code-Coverage: Findit <[email protected]>
Reviewed-by: Adam Rice <[email protected]>
Commit-Queue: Kenichi Ishibashi <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1131689}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/480817
Reviewed-by: Allan Sandfeld Jensen <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4394863:
Check SpdyProxyClientSocket is alive after write callback
To ensure that we don't use any member field.
Bug: 1428820
Change-Id: Icf6677c652a47dc2fd2d01675e94cda031a015f2
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4394863
Commit-Queue: Kenichi Ishibashi <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1125634}
(cherry picked from commit b71541b22ca19d5c3a7c01fedffe521b26577b72)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/480816
Reviewed-by: Allan Sandfeld Jensen <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4393905:
Remove the second WeakPtrFactory from SpdyProxyClientSocket
It was introduced [1] to work around an old issue that wouldn't happen
any more since we store a write callback in the class. Instead of having
the second WeakPtrFactory and moving the callback, we can just keep it
until RunWriteCallback() is called.
This is a speculative fix for the linked bug.
[1] https://codereview.chromium.org/338583003/
Bug: 1428820
Change-Id: I0b5af2675b68188e208c2ecd42293251b2722b28
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4393905
Commit-Queue: Kenichi Ishibashi <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1125216}
(cherry picked from commit 01b25615896b911e21103dd381fafc1f85886d91)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/480815
Reviewed-by: Allan Sandfeld Jensen <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/3841864:
FSA: Restrict suggestedName extensions to 16 characters
Matches the extension length restriction for FilePickerOptions
Bug: 1354505
Change-Id: I37d61aed0bcebbdf05d131a33cc0f14b117f04e5
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3841864
Commit-Queue: Daseul Lee <[email protected]>
Reviewed-by: Daseul Lee <[email protected]>
Auto-Submit: Austin Sullivan <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1037829}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/480814
Reviewed-by: Allan Sandfeld Jensen <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4242104:
Enable GPU watchdog for SwiftShader.
At a longer timeout.
[email protected],[email protected]
TEST=bots
Bug: 1223346
Change-Id: Ic8b7f5e77eae5257711d9c210c4ede1816b834be
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4242104
Commit-Queue: Zhenyao Mo <[email protected]>
Reviewed-by: Maggie Chen <[email protected]>
Reviewed-by: Kyle Charbonneau <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1113632}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/480813
Reviewed-by: Allan Sandfeld Jensen <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/angle/angle/+/3430243:
Vulkan: Wait forever when waiting on fences
If a timeout occurs while waiting for the VK queue to be idle during
context destruction, there is no way to safely delete the resources
without potentially crashing as the driver is still reading them.
Instead, wait forever and let Chrome's watchdog tear the process down.
Bug: chromium:1223346
Change-Id: Ifa91465270f54b62a5ead88e8f26b3315072c380
Reviewed-on: https://chromium-review.googlesource.com/c/angle/angle/+/3430243
Reviewed-by: Zhenyao Mo <[email protected]>
Reviewed-by: Shahbaz Youssefi <[email protected]>
Commit-Queue: Geoff Lang <[email protected]>
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/480812
Reviewed-by: Allan Sandfeld Jensen <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4201191:
Remove use of g_utf8_substring
Bug: 1406588
Change-Id: Iae03fce3d8332fdc5144b9b80a9ba146bf359693
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4201191
Reviewed-by: David Tseng <[email protected]>
Commit-Queue: Valerie Young <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1098756}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/480811
Reviewed-by: Allan Sandfeld Jensen <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4357658:
Take encoding into account for ParkableString hashing
Hashing is used for string deduplication, must take encoding into
account. See linked bug for details.
(cherry picked from commit ab66c0409aece5bd57511792a3867920f31c589b)
Bug: 1418224
Change-Id: I63c024d0a97e44b1f3323cd1ca4d9e953c2beed1
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4328136
Commit-Queue: Benoit Lize <[email protected]>
Reviewed-by: Kentaro Hara <[email protected]>
Cr-Original-Commit-Position: refs/heads/main@{#1117528}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4357658
Bot-Commit: Rubber Stamper <[email protected]>
Owners-Override: Benoit Lize <[email protected]>
Auto-Submit: Benoit Lize <[email protected]>
Cr-Commit-Position: refs/branch-heads/5615@{#696}
Cr-Branched-From: 9c6408ef696e83a9936b82bbead3d41c93c82ee4-refs/heads/main@{#1109224}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/480810
Reviewed-by: Allan Sandfeld Jensen <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4372837:
Move the edit commands to an on stack variable
DevTools uses nested event loops and the usage of the class member can
be problematic for iteration because the nested loop can change the
variable's storage causing a UAF.
Bug: 1420510
Change-Id: Ie08a71b60401fa4322cca0cc31062ba64672126a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4355811
Commit-Queue: Dave Tapuska <[email protected]>
Reviewed-by: Daniel Cheng <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1120123}
(cherry picked from commit d9b34f0f3a2d0dd73648eca3ef940fb66806227b)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/480809
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originallt reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4298330:
Add CHECKs in HostFrameSinkManager
It looks like it's possible for a compromised renderer to get multiple
things to register the same FrameSinkId with HostFrameSinkManager. This
violates assumptions around ownership so turn DCHECKs here into CHECKs.
Also convert DCHECKs into CHECKs for registering/unregistering frame
sink hierarchy just in case.
(cherry picked from commit a707ac2d95e4726f4cf0267c9b0c038926c2a691)
Bug: 1414018
Change-Id: If948e758a8484024666f4066360620bc3a9cb493
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4283141
Reviewed-by: Martin Kreichgauer <[email protected]>
Reviewed-by: Jonathan Ross <[email protected]>
Commit-Queue: Kyle Charbonneau <[email protected]>
Cr-Original-Commit-Position: refs/heads/main@{#1109533}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4298330
Cr-Commit-Position: refs/branch-heads/5615@{#69}
Cr-Branched-From: 9c6408ef696e83a9936b82bbead3d41c93c82ee4-refs/heads/main@{#1109224}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/480808
Reviewed-by: Allan Sandfeld Jensen <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://pdfium-review.googlesource.com/c/pdfium/+/104630:
Store global proxy object in CJS_Document
Avoid leaking actual global object back to V8 during callbacks. This
triggered a DCHECK() in some recent V8 versions.
Bug: chromium:1418955
Change-Id: Iad6173dcd2ac8dd49fb3d6c95825fa7fe9889edb
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/104630
Reviewed-by: Nigi <[email protected]>
Commit-Queue: Tom Sepez <[email protected]>
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/480827
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual update of libdav1d to match the version introduced by patch
https://chromium-review.googlesource.com/c/chromium/src/+/4114163:
Roll src/third_party/dav1d/libdav1d/ 87f9a81cd..ed63a7459 (104 commits)
This roll required a few changes to get working:
- "properties" => "built in options" crossfile configuration change due to Meson deprecation.
- generic config creation never worked, so fixed.
- PPC64 configs were never checked in, so switched to generic.
- copyright header changes for generate_sources.
- Updated readme.chromium with potential issues that can arise.
https://chromium.googlesource.com/external/github.com/videolan/dav1d.git/+log/87f9a81cd770..ed63a7459376
$ git log 87f9a81cd..ed63a7459 --date=short --no-merges --format='%ad %ae %s'
2022-12-09 jamrial dav1d: add an option to skip decoding some frame types
2022-12-08 jamrial picture: support creating and freeing refs without tile data
2022-12-07 gramner x86: Add 10bpc 8x32/32x8 itx AVX-512 (Ice Lake) asm
2022-12-07 gramner x86: Add minor DC-only IDCT optimizations
2022-12-13 gramner getbits: Fix assertion failure
2022-12-13 gramner checkasm: Fix integer overflow in refmvs test
2022-01-26 gramner dav1dplay: Update to new libplacebo API
2022-12-09 gramner Add minor getbits improvements
2022-12-09 gramner Add a separate getbits function for getting a single bit
2022-12-09 gramner Remove redundant zeroing in sequence header parsing
2022-12-09 gramner Set the correct default value of initial_display_delay
2022-12-09 jamrial tools: remove the null last entry in inloop_filters_tbl
2022-12-04 lu_zero Do not assume the picture allocation starts as the left edge
2022-11-21 lu_zero ppc: Allocate the correct temp buffer size
2022-11-21 lu_zero ppc: Do not use static const with vec_splats
2022-11-02 charlie.c.hayden Add info to dav1d_send_data docs
2022-10-30 jbeich build: drop -D_DARWIN_C_SOURCE on macOS/iOS after 6b611d36acab
2022-10-30 jbeich build: drop -D_POSIX_C_SOURCE on non-Linux after 6b611d36acab
2022-06-28 victorien threading: Add a pending list for async task insertion
2022-10-26 martin Implement atomic_compare_exchange_strong in the atomic compat headers
2022-10-06 victorien threading: Fix a race around frame completion (frame-mt)
2022-10-07 sebastian Handle host_machine.system() 'ios' and 'tvos' the same way as 'darwin'
2022-09-23 gramner x86: Add 10-bit 8x8/8x16/16x8/16x16 itx AVX-512 (Ice Lake) asm
2022-09-30 gramner Specify hidden visibility for global data symbol declarations
2022-09-28 gramner build: strip() the result of cc.get_define()
2022-09-26 gramner checkasm: Move printf format string to .rodata on x86
2022-09-26 gramner checkasm: Improve 32-bit parameter clobbering on x86-64
2022-09-26 gramner x86: Fix incorrect 32-bit parameter usage in high bit-depth AVX-512 mc
2022-09-09 martin arm: itx: Add clipping to row_clip_min/max in the 10 bpc codepaths
2022-09-15 gramner x86: Fix overflows in 12bpc AVX2 IDCT/IADST
2022-09-15 gramner x86: Fix overflows in 12bpc AVX2 DC-only IDCT
2022-09-15 gramner x86: Fix clipping in high bit-depth AVX2 4x16 IDCT
2022-03-21 martin Don't use gas-preprocessor with clang-cl for arm targets
2022-06-07 david_conrad Fix checking the reference dimesions for the projection process
2022-06-07 david_conrad Fix calculation of OBMC lap dimensions
2022-06-07 david_conrad Support film grain application whose only effect is clipping to video range
2022-06-07 david_conrad Ignore T.35 metadata if the OBU contains no payload
2022-06-07 david_conrad Fix chroma deblock filter size calculation for lossless
2022-06-07 david_conrad Fix rounding in the calculation of initialSubpelX
2022-06-07 david_conrad Fix overflow when saturating dequantized coefficients clipped to 0
2022-06-08 david_conrad Fix overflow in 8-bit NEON ADST
2022-09-14 martin tools: Allocate the priv structs with proper alignment
2022-09-08 gramner x86: Fix clipping in 10bpc SSE4.1 IDCT asm
2022-09-08 gramner build: Improve Windows linking options
2022-09-08 gramner tools: Improve demuxer probing
2022-08-30 code CI: Disable trimming on some tests
2022-08-30 code CI: Remove git 'safe.directory' config
2022-08-30 code gcovr: Ignore parsing errors
2022-08-30 code crossfiles: Update Android toolchains
2022-08-30 code CI: Update images
(...)
2022-09-01 victorien checkasm: Add short options
2022-09-01 victorien checkasm: Add pattern matching to --test
2022-09-01 victorien checkasm: Remove pattern matching from --bench
2022-08-29 victorien checkasm: Add a --function option
2022-08-30 victorien threading: Fix copy_lpf_progress initialization
2022-08-19 jamrial data: don't overwrite the Dav1dDataProps size value
2022-07-18 gramner Adjust inlining attributes on some functions
2022-07-19 gramner x86: Remove leftover instruction in loopfilter AVX2 asm
2022-06-07 david_conrad Enable pointer authentication in assembly when building arm64e
2022-06-07 david_conrad Don't trash the return stack buffer in the NEON loop filter
2022-07-03 thresh CI: Removed snap package generation
2022-07-06 gramner Eliminate unused C DSP functions at compile time
2022-07-06 gramner cpu: Inline dav1d_get_cpu_flags()
2022-06-22 gramner x86: Add minor loopfilter asm improvements
2022-06-15 gramner checkasm: Speed up signal handling
2022-06-15 gramner checkasm: Improve seed generation on Windows
2022-06-20 gramner ci: Don't specify a specific MacOS version
2022-06-14 gramner x86: Add high bit-depth loopfilter AVX-512 (Ice Lake) asm
2022-06-13 victorien checkasm/lpf: Use operating dimensions
2022-06-03 gramner checkasm: Print the cpu model and cpuid signature on x86
2022-06-03 gramner checkasm: Add a vzeroupper check on x86
2022-06-02 gramner x86: Add a workaround for quirky AVX-512 hardware behavior
2022-05-31 victorien checkasm: Fix uninitialized variable
2022-05-14 code CI: Update coverage collecting
2022-05-05 code CI: Add a build with the minimum requirements
2022-05-05 code CI: Deactivate git 'safe.directory'
2022-03-24 code CI: Update images
2022-05-25 victorien Fix typo
2022-05-19 gramner x86: Add high bit-depth cdef_filter AVX-512 (Ice Lake) asm
2022-05-20 gramner checkasm: Print --help message to stderr instead of stdout
2022-05-20 gramner checkasm: Split cdef test into separate pri/sec/pri+sec parts
2022-05-20 gramner checkasm: Improve benchmarking of functions that modify their input
2022-05-18 b x86/itx_avx2: fix typo
2022-04-22 code CI: Add gcc12 and clang14 builds with mold linker
2022-04-26 code CI: Trigger documentation rebuild if configuration changes
2022-04-24 code meson/doc: Fix doxygen config
2022-04-28 gramner Use a relaxed memory ordering in dav1d_ref_inc()
2022-04-28 gramner Remove redundant code in dav1d_cdf_thread_unref()
2022-04-28 gramner Inline dav1d_ref_inc()
2022-04-24 code x86/itx: Add 32x8 12bpc AVX2 transforms
2022-04-24 code x86/itx: Add 8x32 12bpc AVX2 transforms
2022-04-24 code x86/itx: Deduplicate dconly code
2022-04-23 code lib: Fix typo in documentation
2022-04-07 jamrial obu: don't output invisible but showable key frames more than once
2022-04-07 jamrial obu: check that the frame referenced by existing_frame_idx is showable
2022-04-07 jamrial obu: check refresh_frame_flags is not equal to allFrames on Intra Only frames
2022-03-29 robux4 remove multipass wait from dav1d_decode_frame
2022-04-07 jamrial picture: ensure the new seq header and op param info flags are attached to the next visible picture in display order
2022-03-31 jamrial lib: add a function to query the decoder frame delay
2022-03-31 jamrial lib: split calculating thread count to its own function
Created with:
roll-dep src/third_party/dav1d/libdav1d
Fixed: 1401571
Change-Id: Ic3cef540a87a2cf411abe6071fd4c9963ea61f75
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4114163
Reviewed-by: Wan-Teh Chang <[email protected]>
Commit-Queue: Dale Curtis <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1084574}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468619
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/4290868:
Merged: [ic] store slow stubs for objects with access checks in DefineNamedIC
The CheckIfCanDefine() used to check the attributes of the object
as well as reporting to access check failure callbacks can update
the lookup iterator, resulting in wrong store handlers being
installed. Restart the lookup iterator in this case to make
sure that slow handlers are installed.
Bug: chromium:1415249
(cherry picked from commit da2df213bc70437ef76f47e0ab6995fa45f8014a)
Change-Id: I92d60af7ea798d80b1115e63b7fce8e2e8026ed9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4290868
Reviewed-by: Leszek Swirski <[email protected]>
Commit-Queue: Igor Sheludko <[email protected]>
Cr-Commit-Position: refs/branch-heads/11.0@{#33}
Cr-Branched-From: 06097c6f0c5af54fd5d6965d37027efb72decd4f-refs/heads/11.0.226@{#1}
Cr-Branched-From: 6bf3344f5d9940de1ab253f1817dcb99c641c9d3-refs/heads/main@{#84857}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468618
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4288168:
Convert known it != end() DCHECK failures to CHECK
M102 merge issues:
third_party/blink/renderer/core/annotation/annotation_agent_impl.cc is
not present in 102
These have hit on DCHECK builds in the wild and precede erasing or
dereferencing an iterator that is UB.
This CL excludes DCHECK failures that precede non-DCHECK handling of the
it != end() failures. Those should probably be rewritten as CHECKs
but are less urgent and semi-orthogonal.
Known crashes (one per file) are:
crash/dc49e3cadab36d4c
crash/0ee3427d25937024
crash/b89303e84d123019
crash/cc35183b861a4992
Bug: 1418734
Change-Id: I81ed7b45be33769e250c65c8bb7334a34be4380e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4288168
Commit-Queue: Peter Boström <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1109350}
(cherry picked from commit 1aec0b297900a7b59bd24314dff239f3c5697f45)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468621
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originallt reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4150813:
Handle a transitory state of context/destination correctly for AudioWorklet operation
When the context resumes from a suspended state, it is possible for
the internal (destination) and the external (context) state to be
different in a rare case. This allows the non-worklet thread to
touch the worklet-related objects, which can causes invalid access
to the V8-managed memory space.
This CL adds a check; if the context state is suspended it swaps
the task runner right away without waiting until a resume() promise
is resolved.
Bug: 1403515
Test: The provided repro case doesn't crash ASAN anymore.
Change-Id: Ic2ea7b0337c444b7dc7d9d8b7195ed3e9ac3955f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4150813
Reviewed-by: Michael Wilson <[email protected]>
Commit-Queue: Hongchan Choi <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1096948}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468224
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
| |
Change-Id: I2484e4c4b2a2643e7bdb38b4f8900259acf083f0
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468669
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4116604:
Fix extension fingerprinting via resource timing entry
This CL is to prevent resource timing entry being emitted for resources
that are initiated in the Non main world.
Test cases are added for resources initiated from both the main world
and non main world.
Bug: 1045681
Change-Id: I309b54dae63f56e8d1d71e5c33507623b0c80389
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4116604
Reviewed-by: Yoav Weiss <[email protected]>
Reviewed-by: Lei Zhang <[email protected]>
Commit-Queue: Hao Liu <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1088254}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468622
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/4296377:
check if maps become deprecated during optimization
M102 merge issues:
codegen/bailout-reason.h:
Conflicting entries and indent level for BAILOUT_MESSAGES_LIST
Bug: chromium:1417585
Change-Id: Ie8eb76d2afb3ee4be66cf5d1c4bff8f745dc145b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4255648
Commit-Queue: Tobias Tebbi <[email protected]>
Cr-Commit-Position: refs/heads/main@{#85848}
(cherry picked from commit f82d802a20aa62e42269f977302f26c5c3ed031b)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468620
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/4184203:
Fix error dispatch in the v8 inspector session.
Bug: chromium:1337747
Change-Id: I920f3c6370ac9f9bc351eff34e46b1e8d520fe3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4184203
Auto-Submit: Danil Somsikov <[email protected]>
Commit-Queue: Benedikt Meurer <[email protected]>
Reviewed-by: Michael Achenbach <[email protected]>
Reviewed-by: Benedikt Meurer <[email protected]>
Cr-Commit-Position: refs/heads/main@{#85449}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468617
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4276661:
webcodecs: Fix VP9 p2 encoding of NV12 frames
(cherry picked from commit 503831d1bdfdbe20c096f04cefc2231efd9ca4c0)
Bug: 1412991
Change-Id: I2e596f65170c1fc98c122bfb0ecff4b241feee15
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4250421
Commit-Queue: Eugene Zemtsov <[email protected]>
Cr-Original-Commit-Position: refs/heads/main@{#1105528}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4276661
Cr-Commit-Position: refs/branch-heads/5563@{#709}
Cr-Branched-From: 3ac59a6729cdb287a7ee629a0004c907ec1b06dc-refs/heads/main@{#1097615}
(cherry picked from commit 2a98a1c69f6df6c93bddfeba6f1ea887c8e23d8a)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468616
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4324998:
Disable glShaderBinary in the passthrough cmd decoder.
This matches the behaviour of the validating command decoder. The client
does not use this function and it's not exposed to WebGL.
Bug: 1422594
Change-Id: I87c670e4e80b0078fddb9f089b7ac7777a6debfa
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4324998
Commit-Queue: Geoff Lang <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1115379}
(cherry picked from commit 4a81311a62d853a43e002f45c6867f73c0accdab)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468615
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/angle/angle/+/4348335:
M110: D3D11: Add logic to disassociate EGL image storages.
The TextureStorage classes for External and EGLImages were missing the
logic to disassociate from images. This lead to the images continuing
to hold references to deleted storages.
Bug: chromium:1415330
Change-Id: I8303f6751d87a9b0a52993c7d4e9509b086b93f3
Reviewed-on: https://chromium-review.googlesource.com/c/angle/angle/+/4328347
Reviewed-by: Peng Huang <[email protected]>
Commit-Queue: Geoff Lang <[email protected]>
(cherry picked from commit a8720455fda43167465c3d2f9a13fca60c21f56e)
Reviewed-on: https://chromium-review.googlesource.com/c/angle/angle/+/4348335
Reviewed-by: Shahbaz Youssefi <[email protected]>
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468614
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://pdfium-review.googlesource.com/c/pdfium/+/104511:
More tightly validate XML names in CXFA_FFDocView::GetWidgetByName()
Widget names must conform to XML name rules.
-- Beef up tests while at it.
Fixed: chromium:1419831
Change-Id: Id36b4a7b3d84aa0b74d54c91eed2f1a11da8298f
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/104511
Reviewed-by: Lei Zhang <[email protected]>
Commit-Queue: Tom Sepez <[email protected]>
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468613
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://pdfium-review.googlesource.com/c/pdfium/+/104833:
Observe CPWL_* object destruction across CPDFSDK_Widget methods
This is a simple fix to stop the symptoms while we investigate
how to avoid mutations at these points in the first place.
-- fix some nearby braces and annoying blank lines while at it.
Bug: chromium:1419831
Change-Id: I20c38806b91c7c0c9016bb1b567a04ce319243d8
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/104397
Commit-Queue: Tom Sepez <[email protected]>
Reviewed-by: Lei Zhang <[email protected]>
(cherry picked from commit 63e3719f1ec20ee6db804b2b2d4b00680db18d9c)
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/104833
Auto-Submit: Tom Sepez <[email protected]>
(cherry picked from commit a0d16d18d072ce77e639a09ed211340a2ad9034e)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468612
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4320692:
hid: Handle empty input reports
It's possible for a HID device to define its report descriptor such that
one or more reports have no data fields within the report. When receiving these reports, the report buffer should contain only the
report ID byte and no other data.
Ensure that we do not read past the end of the buffer when handling
zero-length input reports.
(cherry picked from commit c9d77da78bc66c135520ac77873d67b89cdcaee6)
Bug: 1419718
Change-Id: I51d32c20f6b16f0d2b0172e0a165469b6b79748c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4296562
Commit-Queue: Matt Reynolds <[email protected]>
Cr-Original-Commit-Position: refs/heads/main@{#1112009}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4320692
Commit-Queue: Reilly Grant <[email protected]>
Auto-Submit: Matt Reynolds <[email protected]>
Cr-Commit-Position: refs/branch-heads/5481@{#1341}
Cr-Branched-From: 130f3e4d850f4bc7387cfb8d08aa993d288a67a9-refs/heads/main@{#1084008}
(cherry picked from commit b041159d06adbf7487639bd33a261cc0270d7a34)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468611
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of commit originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4150308:
Ensure that invoked method is an actual v8::Function
CallMethodOnFrame invokes a function part of an object which in turn
is installed on globalThis. E.g. globalThis['foo'].bar();
CallMethodOnFrame already bails out if 'foo' or 'bar' can't be found,
but we should also bail out if 'bar' is not an actual function.
Fixed: 1404704
Change-Id: I67c0883a53b358176898bd04fad3c45cf98721ed
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4150308
Reviewed-by: David Bokan <[email protected]>
Commit-Queue: Simon Zünd <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1091189}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468226
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4289351:
Fix potential out of bounds write in base::SampleVectorBase
BUG=1417185
(cherry picked from commit 552939b035e724e022fedb90fd80cd008e441fcf)
Change-Id: I70719d0f9afb81dda373f88ab3a1c177397659ec
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4265437
Commit-Queue: Will Harris <[email protected]>
Cr-Original-Commit-Position: refs/heads/main@{#1106984}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4289351
Commit-Queue: Zakhar Voit <[email protected]>
Reviewed-by: Victor-Gabriel Savu <[email protected]>
Owners-Override: Victor-Gabriel Savu <[email protected]>
Cr-Commit-Position: refs/branch-heads/5359@{#1397}
Cr-Branched-From: 27d3765d341b09369006d030f83f582a29eb57ae-refs/heads/main@{#1058933}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468223
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4280124:
Prevent potential integer overflow in PersistentMemoryAllocator
https://crrev.com/c/4250177 added an extra check for potential
integer overflow in GetAllocSize but forgot to add the same
check in GetBlock.
This meant that it was possible to get a pointer to a block
but calling GetAllocSize on the same block would return zero.
This change makes the two functions consistent with each other
so calling GetBlock on invalid data will return nullptr.
BUG=1417317,1415328
(cherry picked from commit 81be8e8f2e13a9f1fe6d3150205a3c13af1db6e9)
Change-Id: I8eb3d91bae4528fc97517d202baf337536a4c81f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4264177
Commit-Queue: Alexei Svitkine <[email protected]>
Cr-Original-Commit-Position: refs/heads/main@{#1107105}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4280124
Owners-Override: Victor-Gabriel Savu <[email protected]>
Reviewed-by: Victor-Gabriel Savu <[email protected]>
Commit-Queue: Zakhar Voit <[email protected]>
Cr-Commit-Position: refs/branch-heads/5359@{#1402}
Cr-Branched-From: 27d3765d341b09369006d030f83f582a29eb57ae-refs/heads/main@{#1058933}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468222
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4279942:
Do not register browser_watcher activity report with crashpad
BUG=1415328
(cherry picked from commit f93c88303ccbb64014a575b8ae093aa166832922)
Change-Id: I109f6dac083a69a26841ee5e975e02093ca4cbf6
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4257669
Commit-Queue: Will Harris <[email protected]>
Cr-Original-Commit-Position: refs/heads/main@{#1106253}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4279942
Reviewed-by: Victor-Gabriel Savu <[email protected]>
Commit-Queue: Zakhar Voit <[email protected]>
Owners-Override: Victor-Gabriel Savu <[email protected]>
Cr-Commit-Position: refs/branch-heads/5359@{#1401}
Cr-Branched-From: 27d3765d341b09369006d030f83f582a29eb57ae-refs/heads/main@{#1058933}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468221
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4279513:
Prevent potential integer overflow in PersistentMemoryAllocator
BUG=1415328
(cherry picked from commit 19de280a0c28065acf2a7e001af5c981698a461c)
Change-Id: I66dcae6a1aacc1310ddd715033b3704c932b9800
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4250177
Commit-Queue: Will Harris <[email protected]>
Commit-Queue: Alexei Svitkine <[email protected]>
Cr-Original-Commit-Position: refs/heads/main@{#1105177}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4279513
Commit-Queue: Zakhar Voit <[email protected]>
Owners-Override: Victor-Gabriel Savu <[email protected]>
Reviewed-by: Victor-Gabriel Savu <[email protected]>
Cr-Commit-Position: refs/branch-heads/5359@{#1400}
Cr-Branched-From: 27d3765d341b09369006d030f83f582a29eb57ae-refs/heads/main@{#1058933}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468220
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4291513:
Shutdown RtpContributingSourceCache in Dispose().
The cache is an off-heap object, but it is owned by an on-heap object
(RTCPeerConnection). Dispoing the owning object poisons memory owned by
it, but the cache may have in-flight tasks (cache doing ClearCache in a
delayed microtask). This CL adds a Shutdown() method to ensure the
cache isn't doing anything in the next microtask after disposal.
No reliable way to repro this has been found but the change should be
safe so hoping we can land without tests.
(cherry picked from commit 4d450ecd6ec7776c7505dcf7d2f04157ff3ba0eb)
Bug: 1413628
Change-Id: I479aace9859f4c10cd75d4aa5a34808b4726299d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4247023
Commit-Queue: Henrik Boström <[email protected]>
Cr-Original-Commit-Position: refs/heads/main@{#1105653}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4291513
Reviewed-by: Achuith Bhandarkar <[email protected]>
Owners-Override: Achuith Bhandarkar <[email protected]>
Reviewed-by: Henrik Boström <[email protected]>
Commit-Queue: Zakhar Voit <[email protected]>
Cr-Commit-Position: refs/branch-heads/5359@{#1404}
Cr-Branched-From: 27d3765d341b09369006d030f83f582a29eb57ae-refs/heads/main@{#1058933}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468219
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4284559:
win: Only process up to EXCEPTION_MAXIMUM_PARAMETERS in an EXCEPTION_RECORD
The EXCEPTION_RECORD contains a NumberParameters field, which could
store a value that exceeds the amount of space allocated for the
ExceptionInformation array.
Bug: chromium:1412658
Change-Id: Ibfed8eb6317e28d3addf9215cda7fffc32e1030d
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4284559
Reviewed-by: Alex Gough <[email protected]>
Commit-Queue: Robert Sesek <[email protected]>
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468218
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4307470:
In Typed CSSOM, reject adding to something that is not a list.
M102 merge issues:
third_party/blink/renderer/core/css/cssom/style_property_map.cc:
The check before the added IsValueList check isn't present in 102
Fixed: 1417176
Change-Id: Idef1a81af46d334c181979778c28f19ce6369718
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4293477
Commit-Queue: Steinar H Gunderson <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1110281}
(cherry picked from commit 7301cf1e40fdd97594ea491676b867cf4e577edc)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468217
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
Fixes: QTBUG-111697
Change-Id: I51fca3b3eb627b2617ff5c6c051fa1182671244d
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/464490
Reviewed-by: Allan Sandfeld Jensen <[email protected]>
(cherry picked from commit 9de0d8a90d9b0176542db8b54d678a9fcbb69337)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468197
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4274984:
Exclude Policy and Play API engines from Sync merging
There's a security bug in which the call to ResetTemplateURLGUID can
cause a policy-created engine to be deleted. This means that after
the call, either the current `conflicting_turl` pointer, or future
iterations in the loop may point to an already-freed TemplateURL,
causing the use-after free bug.
This CL addresses that by forbidding Policy-created and Play API
engines from being merged into Synced engines.
Although Play API engines aren't directly affected, they seem to also
not be something that should be merged to Synced engines.
(cherry picked from commit 315632458eb795ef9d9dce3fd1062f9e6f2c2077)
Bug: 1414224
Change-Id: Ide43d71e9844e04a7ffe2e7ad2a522b6ca1535a3
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4250623
Commit-Queue: Tommy Li <[email protected]>
Cr-Original-Commit-Position: refs/heads/main@{#1106249}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4274984
Commit-Queue: Krishna Govind <[email protected]>
Cr-Commit-Position: refs/branch-heads/5481@{#1238}
Cr-Branched-From: 130f3e4d850f4bc7387cfb8d08aa993d288a67a9-refs/heads/main@{#1084008}
(cherry picked from commit 06851790480e8e16a2913461d271437d525451a2)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/462770
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual cherry-pick of patch originally reviewed on
https://pdfium-review.googlesource.com/c/pdfium/+/103078:
Validate the page count.
In CountPages(), which recursively calls itself, validate the page
count. When any part of the pages tree contains bad data, bail out.
Bug: chromium:1404864
Change-Id: Ifdbc14213ec3f963b4b2cb5793b83c15d03336e8
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/103078
Reviewed-by: Tom Sepez <[email protected]>
Commit-Queue: Lei Zhang <[email protected]>
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/462769
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4225497:
Further simplify WebMediaPlayerMSCompositor lifetime.
M102 merge issues:
third_party/blink/renderer/modules/mediastream/webmediaplayer_ms.cc:
- video_task_runner_ is named io_task_runner_ in 102
- Conflicting arguments for CrossThreadBindOnce in ActivateSurfaceLayerForVideo()
third_party/blink/renderer/modules/mediastream/webmediaplayer_ms_compositor.cc:
- The use_surface_layer check is different in 102
- video_task_runner_ is named io_task_runner_ in 102 (conflict in
ReplaceCurrentFrameWithACopy)
Due to the raw pointer held by VideoFrameSubmitter, there may be
tasks pending on the compositor task runner after the RefCounted
traits have "destructed" WebMediaPlayerMSCompositor. Through this
raw pointer VFS was invoking OnContextLost which attempts to use
the zero ref count compositor.
The solution here is again similar to VideoFrameCompositor, its
destruction should be explicit instead of a tangle of RefCounted
owners.
(cherry picked from commit 1622bffc6534a0cc4f53d07c43e0cd8f49975d10)
Fixed: 1407701, 1411601
Change-Id: Ic77294d1113d54ab83bc0f5b625a997edf57bf7c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4210508
Commit-Queue: Tony Herre <[email protected]>
Auto-Submit: Dale Curtis <[email protected]>
Cr-Original-Commit-Position: refs/heads/main@{#1099726}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4225497
Reviewed-by: Michael Ershov <[email protected]>
Commit-Queue: Roger Felipe Zanoni da Silva <[email protected]>
Owners-Override: Michael Ershov <[email protected]>
Cr-Commit-Position: refs/branch-heads/5005@{#1436}
Cr-Branched-From: 5b4d9450fee01f821b6400e947b3839727643a71-refs/heads/main@{#992738}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/462768
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed
https://chromium-review.googlesource.com/c/chromium/src/+/4227731:
Simplify WebMediaPlayerMSCompositor destruction.
The code was only sometimes calling StopUsingProvider() and posted
the submitter destruction unnecessarily.
Destruction now works the same as in VideoFrameCompositor, where the
class itself is responsible for calling StopUsingProvider() during
its own destruction.
(cherry picked from commit cbd238e85903b7d94910bd2c6362ff9abf9908cc)
Fixed: 1407701
Change-Id: Ia649cb5532519468eea34e12745ed9c990580d82
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4195824
Auto-Submit: Dale Curtis <[email protected]>
Commit-Queue: Tony Herre <[email protected]>
Cr-Original-Commit-Position: refs/heads/main@{#1098505}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4227731
Owners-Override: Michael Ershov <[email protected]>
Commit-Queue: Roger Felipe Zanoni da Silva <[email protected]>
Reviewed-by: Michael Ershov <[email protected]>
Cr-Commit-Position: refs/branch-heads/5005@{#1435}
Cr-Branched-From: 5b4d9450fee01f821b6400e947b3839727643a71-refs/heads/main@{#992738}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/462767
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4143606:
CHECK that YUV readback finished synchronously
DoReadbackYUVImagePixelsINTERNAL is implemented using skia asynchronous
readback and to make it synchronous we use sync cpu and gpu. In some
edge cases on linux we saw that doesn't happen if readback triggered
vulkan device lost.
To avoid use after free, CHECK that callback was actually called. In
case of device-lost gpu process will restart anyway, so while this is
not proper fix of the problem, it doesn't result in worse user visible
behaviour.
Bug: 1399742
Change-Id: Ie2172539bb907b9696ef62c70d398aca3967177c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4143606
Reviewed-by: Peng Huang <[email protected]>
Commit-Queue: Vasiliy Telezhnikov <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1093064}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/462766
Reviewed-by: Michal Klocek <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The lack of checksum may cause assert and error messages when a mailbox
is passed from a release render process to a debug render process.
Task-number: QTBUG-110504
Change-Id: Ib7d78e1e86a3f2ddda6dc8066abf9198040c38f6
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/461554
Reviewed-by: Allan Sandfeld Jensen <[email protected]>
(cherry picked from commit f10c0c429f688fa7ee39ca8af4ff522e30776bea)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/462336
Reviewed-by: Qt Cherry-pick Bot <[email protected]>
|
