From 53ca279739365f9a604fba0a673f0539dfd67c55 Mon Sep 17 00:00:00 2001 From: Patrick Griffis Date: Mon, 8 Apr 2024 10:21:34 -0700 Subject: [PATCH 1/6] Cherry-pick 277203@main (bd1249cc9c4f). https://bugs.webkit.org/show_bug.cgi?id=272309 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Workaround restrict error in GCC 12 https://bugs.webkit.org/show_bug.cgi?id=272309 Reviewed by Darin Adler. In GCC 12.3.0: In static member function ‘static constexpr std::char_traits::char_type* std::char_traits::copy(char_type*, const char_type*, std::size_t)’, inlined from ‘static constexpr void std::__cxx11::basic_string<_CharT, _Traits, _Alloc>::_S_copy(_CharT*, const _CharT*, size_type) [with _CharT = char; _Traits = std::char_traits; _Alloc = std::allocator]’ at /usr/include/c++/12/bits/basic_string.h:431:21, inlined from ‘constexpr std::__cxx11::basic_string<_CharT, _Traits, _Allocator>& std::__cxx11::basic_string<_CharT, _Traits, _Alloc>::_M_replace(size_type, size_type, const _CharT*, size_type) [with _CharT = char; _Traits = std::char_traits; _Alloc = std::allocator]’ at /usr/include/c++/12/bits/basic_string.tcc:532:22, inlined from ‘constexpr std::__cxx11::basic_string<_CharT, _Traits, _Alloc>& std::__cxx11::basic_string<_CharT, _Traits, _Alloc>::replace(size_type, size_type, const _CharT*, size_type) [with _CharT = char; _Traits = std::char_traits; _Alloc = std::allocator]’ at /usr/include/c++/12/bits/basic_string.h:2179:19, inlined from ‘constexpr std::__cxx11::basic_string<_CharT, _Traits, _Alloc>& std::__cxx11::basic_string<_CharT, _Traits, _Alloc>::insert(size_type, const _CharT*) [with _CharT = char; _Traits = std::char_traits; _Alloc = std::allocator]’ at /usr/include/c++/12/bits/basic_string.h:1936:22, inlined from ‘std::ostream& WTF::operator<<(std::ostream&, Int128Impl)’ at /host/home/tingping/Projects/WebKit/Source/WTF/wtf/Int128.cpp:268:17: /usr/include/c++/12/bits/char_traits.h:435:56: error: ‘void* __builtin_memcpy(void*, const void*, long unsigned int)’ accessing 9223372036854775810 or more bytes at offsets [2, 9223372036854775807] and 1 may overlap up to 9223372036854775813 bytes at offset -3 [-Werror=restrict] 435 | return static_cast(__builtin_memcpy(__s1, __s2, __n)); | ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~ * Source/WTF/wtf/Int128.cpp: (WTF::operator<<): Canonical link: https://commits.webkit.org/277203@main Canonical link: https://commits.webkit.org/274313.129@webkitglib/2.44 --- Source/WTF/wtf/Int128.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Source/WTF/wtf/Int128.cpp b/Source/WTF/wtf/Int128.cpp index 3962059d0cb9..c04f6d74543a 100644 --- a/Source/WTF/wtf/Int128.cpp +++ b/Source/WTF/wtf/Int128.cpp @@ -265,9 +265,9 @@ std::ostream& operator<<(std::ostream& os, Int128Impl v) { (flags & std::ios::basefield) == std::ios_base::fmtflags(); if (print_as_decimal) { if (Int128High64(v) < 0) { - rep = "-"; + rep.append("-"); } else if (flags & std::ios::showpos) { - rep = "+"; + rep.append("+"); } } -- 2.43.0 From 8ce83c4bf224122e0062248752a3ed014efc67e5 Mon Sep 17 00:00:00 2001 From: Tim Nguyen Date: Wed, 3 Apr 2024 09:22:37 -0700 Subject: [PATCH 4/6] Cherry-pick 277007@main (1870b119a450). https://bugs.webkit.org/show_bug.cgi?id=272044 CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::ValidatedFormListedElement::updateValidity https://bugs.webkit.org/show_bug.cgi?id=272044 rdar://117727866 Reviewed by Ryosuke Niwa. It speculatively fixes a bug that RadioButtonGroup::m_members may contain a nullptr WeakRef. * Source/WebCore/dom/RadioButtonGroups.cpp: (WebCore::RadioButtonGroup::isEmpty const): (WebCore::RadioButtonGroup::remove): (WebCore::RadioButtonGroup::setNeedsStyleRecalcForAllButtons): (WebCore::RadioButtonGroup::updateValidityForAllButtons): Canonical link: https://commits.webkit.org/277007@main Canonical link: https://commits.webkit.org/274313.132@webkitglib/2.44 --- Source/WebCore/dom/RadioButtonGroups.cpp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Source/WebCore/dom/RadioButtonGroups.cpp b/Source/WebCore/dom/RadioButtonGroups.cpp index ba07a3fbdf09..4bbae6cbb72f 100644 --- a/Source/WebCore/dom/RadioButtonGroups.cpp +++ b/Source/WebCore/dom/RadioButtonGroups.cpp @@ -31,7 +31,7 @@ namespace WebCore { class RadioButtonGroup { WTF_MAKE_FAST_ALLOCATED; public: - bool isEmpty() const { return m_members.isEmpty(); } + bool isEmpty() const { return m_members.isEmptyIgnoringNullReferences(); } bool isRequired() const { return m_requiredCount; } RefPtr checkedButton() const { return m_checkedButton.get(); } void add(HTMLInputElement&); @@ -47,7 +47,7 @@ private: bool isValid() const; void setCheckedButton(HTMLInputElement*); - HashSet> m_members; + WeakHashSet m_members; WeakPtr m_checkedButton; size_t m_requiredCount { 0 }; }; @@ -60,7 +60,7 @@ inline bool RadioButtonGroup::isValid() const Vector> RadioButtonGroup::members() const { auto sortedMembers = WTF::map(m_members, [](auto& element) -> Ref { - return element.get(); + return element; }); std::sort(sortedMembers.begin(), sortedMembers.end(), [](auto& a, auto& b) { return is_lt(treeOrder(a, b)); @@ -155,7 +155,7 @@ void RadioButtonGroup::remove(HTMLInputElement& button) } } - if (m_members.isEmpty()) { + if (m_members.isEmptyIgnoringNullReferences()) { ASSERT(!m_requiredCount); ASSERT(!m_checkedButton); } else if (wasValid != isValid()) @@ -170,7 +170,7 @@ void RadioButtonGroup::remove(HTMLInputElement& button) void RadioButtonGroup::setNeedsStyleRecalcForAllButtons() { for (auto& checkedButton : m_members) { - Ref button = checkedButton.get(); + Ref button = checkedButton; ASSERT(button->isRadioButton()); button->invalidateStyleForSubtree(); } @@ -179,7 +179,7 @@ void RadioButtonGroup::setNeedsStyleRecalcForAllButtons() void RadioButtonGroup::updateValidityForAllButtons() { for (auto& checkedButton : m_members) { - Ref button = checkedButton.get(); + Ref button = checkedButton; ASSERT(button->isRadioButton()); button->updateValidity(); } -- 2.43.0 From 93bde17ed761f5de54726de83ced4959303794c6 Mon Sep 17 00:00:00 2001 From: Abrar Rahman Protyasha Date: Mon, 1 Apr 2024 22:42:12 -0700 Subject: [PATCH 5/6] Cherry-pick 276925@main (59cedf7135bc). https://bugs.webkit.org/show_bug.cgi?id=271962 Linker error when logging ViewportConfiguration to TextStream in Release configuration https://bugs.webkit.org/show_bug.cgi?id=271962 rdar://125713559 Reviewed by Sihui Liu. WebCore::operator<<(WTF::TextStream&, WebCore::ViewConfiguration const&) is defined behind !LOG_DISABLED, which means in Release configuration, the linker cannot find this definition. This patch fixes the linker error by removing the relevant !LOG_DISABLED checks around both the operator<< overload definition and the description()/dump() declarations, since said methods are referenced by the operator<< overload. * Source/WebCore/page/ViewportConfiguration.cpp: (WebCore::ViewportConfiguration::setIsKnownToLayOutWiderThanViewport): (WebCore::ViewportConfiguration::dump const): * Source/WebCore/page/ViewportConfiguration.h: Canonical link: https://commits.webkit.org/276925@main Canonical link: https://commits.webkit.org/274313.133@webkitglib/2.44 --- Source/WebCore/page/ViewportConfiguration.cpp | 4 ++-- Source/WebCore/page/ViewportConfiguration.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Source/WebCore/page/ViewportConfiguration.cpp b/Source/WebCore/page/ViewportConfiguration.cpp index 51abb1154515..c58bc368cd6c 100644 --- a/Source/WebCore/page/ViewportConfiguration.cpp +++ b/Source/WebCore/page/ViewportConfiguration.cpp @@ -674,8 +674,6 @@ bool ViewportConfiguration::setIsKnownToLayOutWiderThanViewport(bool value) return true; } -#if !LOG_DISABLED - TextStream& operator<<(TextStream& ts, const ViewportConfiguration::Parameters& parameters) { ts.startGroup(); @@ -747,6 +745,8 @@ String ViewportConfiguration::description() const return ts.release(); } +#if !LOG_DISABLED + void ViewportConfiguration::dump() const { WTFLogAlways("%s", description().utf8().data()); diff --git a/Source/WebCore/page/ViewportConfiguration.h b/Source/WebCore/page/ViewportConfiguration.h index acd5a92ae089..1a7c27225a4b 100644 --- a/Source/WebCore/page/ViewportConfiguration.h +++ b/Source/WebCore/page/ViewportConfiguration.h @@ -148,9 +148,9 @@ public: WEBCORE_EXPORT static Parameters imageDocumentParameters(); WEBCORE_EXPORT static Parameters xhtmlMobileParameters(); WEBCORE_EXPORT static Parameters testingParameters(); - -#if !LOG_DISABLED + String description() const; +#if !LOG_DISABLED WEBCORE_EXPORT void dump() const; #endif -- 2.43.0 From aff53249f2d491d082094a2aa57008c46e55d278 Mon Sep 17 00:00:00 2001 From: Erica Li Date: Tue, 19 Mar 2024 18:27:04 -0700 Subject: [PATCH 6/6] Cherry-pick 276379@main (d036679431a5). https://bugs.webkit.org/show_bug.cgi?id=271028 ASAN_SEGV | WebCore::LocalFrame::injectUserScripts. rdar://124432384 https://bugs.webkit.org/show_bug.cgi?id=271028 Reviewed by Ryosuke Niwa. Frame might be detached early, null checking before injectUserScripts from image document. * Source/WebCore/html/ImageDocument.cpp: (WebCore::ImageDocument::createDocumentStructure): Canonical link: https://commits.webkit.org/276379@main Canonical link: https://commits.webkit.org/274313.134@webkitglib/2.44 --- Source/WebCore/html/ImageDocument.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Source/WebCore/html/ImageDocument.cpp b/Source/WebCore/html/ImageDocument.cpp index f91478f138fe..67d3ed0d09af 100644 --- a/Source/WebCore/html/ImageDocument.cpp +++ b/Source/WebCore/html/ImageDocument.cpp @@ -230,7 +230,8 @@ void ImageDocument::createDocumentStructure() rootElement->insertedByParser(); rootElement->setInlineStyleProperty(CSSPropertyHeight, 100, CSSUnitType::CSS_PERCENTAGE); - frame()->injectUserScripts(UserScriptInjectionTime::DocumentStart); + if (RefPtr localFrame = frame()) + localFrame->injectUserScripts(UserScriptInjectionTime::DocumentStart); // We need a so that the call to setTitle() later on actually has an to append to to. auto head = HTMLHeadElement::create(*this); -- 2.43.0