| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ensure that XRLayer includes base EventTarget in Trace
Trace was skipping a level in the class hierarchy and calling
ScriptWrappable::Trace() instead. This was likely the result of the
class inheritance changing in the spec a while back and getting updated
elsewhere but not here, since it didn't raise any warnings.
Bug: 1219857
Change-Id: I4ac9f7b037ac5e5dd0e6d670f1d5a30e6344862f
Commit-Queue: Brandon Jones <bajones@chromium.org>
Reviewed-by: Alexander Cooper <alcooper@chromium.org>
Cr-Commit-Position: refs/heads/master@{#892650}
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[M86-LTS] Squashed multiple commits.
Merged: [runtime] Fix handling of interceptors
Revision: f9857fdf74
Merged: [runtime] Fix handling of interceptors, pt.2
Revision: 1f5113816c
BUG=chromium:1216437
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
(cherry picked from commit 1936d568193b37d50d99218724ebbb76785a30d2)
Change-Id: Iab94f9e4738548ef730028cf97f3dfa41384d820
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[M86-LTS] BFCache: remove a controllee stored in `bfcached_controllee_map_`
This CL fixes the UAF that happens with the following case:
Let's assume we have 2 service workers (sw1.js and sw2.js) are
registered in the same page. When the second service worker (sw2.js) is
registered, ServiceWorkerContainerHost::UpdateController() is called
and the previous SWVersion (sw1.js) removes a controllee from
`controllee_map_`. If BackForwardCache is enabled, a controllee is
stored in `bfcached_controllee_map_` instead and the controllee will
not be removed in ServiceWorkerContainerHost::UpdateController().
When ServiceWorkerContainerHost::UpdateController() is called and
keep a controllee in `bfcached_controllee_map_`, and a page navigates to
a different page (evicts BFCache), use-after-free (UAF) happens.
This CL updates ServiceWorkerContainerHost::UpdateController()
to remove a controllee from `bfcached_controllee_map_` if it exists.
(cherry picked from commit a2414a05a486ca0ad18ba4caf78e883a668a0555)
(cherry picked from commit 7cd7f6741fc4491c2f7ef21052a370ee23887e37)
Bug: 1212618
Change-Id: I6e4bc496bf11406988f17f1c21c8cf3cf52867b1
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/deps/icu/+/2842864:
Fix crash caused by locale assign/move operators
https://unicode-org.atlassian.net/browse/ICU-21587
https://bugs.chromium.org/p/chromium/issues/detail?id=1194899
Bug: chromium:1194899
Change-Id: I39edcf04f43c52f6937365e50f521fab3679568b
Reviewed-by: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2917013:
Prevent Cross-Origin iframe from navigating top to a different scheme
Cross-origin iframes were prevented to navigate top with [1]. Those
iframes were allowed to navigate top only to same domain (eTLD+1)
following reports of adverse impact. This severely restrains the ability
of said iframe to cause nuisance.
It does not seem necessary however to loosen the constraint to allow
different schemes, especially from https to http. As a result this CL
prevents a cross-origin iframe from navigating top to the same eTLD + 1
with a different schemes if there's no user gesture.
[1] https://github.com/WICG/interventions/issues/16
Bug: 1151507
Fixed: 1151507
(cherry picked from commit 1baf9eba07b806f86a6e60851428c7ab318da093)
Change-Id: Ia1568175c044831594154ceea3e3aacb4e2efb2c
Commit-Queue: Nate Chapin <japhet@chromium.org>
Auto-Submit: Pâris Meuleman <pmeuleman@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#863936}
Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
Commit-Queue: Jana Grill <janagrill@google.com>
Owners-Override: Jana Grill <janagrill@google.com>
Cr-Commit-Position: refs/branch-heads/4240@{#1649}
Cr-Branched-From: f297677702651916bbf65e59c0d4bbd4ce57d1ee-refs/heads/master@{#800218}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherr-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2875846:
Return false when the size of audio_port_1 and audio_port_2 is different
The current code assumes the size of audio ports is identical because
the number of inputs and outputs cannot change after construction. This
assumption is broken when multiple AudioWorkletNodes share a singleton
AudioWorkletProcessor instance.
This patch removes the assumption and explicitly returns false when the
number of inputs and outputs does not match.
Bug: 1201033, 120260
Test: 3 repro cases submitted do not crash on ASAN.
Change-Id: I4065e7970b9b7b54468fc82558509a3238ff28e4
Commit-Queue: Hongchan Choi <hongchan@chromium.org>
Reviewed-by: Raymond Toy <rtoy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#879631}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch cherry-picked on
https://chromium-review.googlesource.com/c/chromium/src/+/2893189:
Cherry pick: Improve restart handling.
This fixes in particular a possible use after free bug reported
Anatoly Korniltsev and Taylor Brandstetter for the userland stack
Change-Id: Iac58373f368e198f7f799fd8f9a262521ed5c43c
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
| |
Add the dependency where it is used.
Change-Id: Iff1dee5198a1ceef496e3e948ac61562717ce0e5
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2880214:
Merged: [const-tracking] Generalize constness when delete properties
Revision: d570bbe0c74ec4ae40d1abc34bea617ff2d63f26
BUG=chromium:1201938
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=leszeks@chromium.org
Change-Id: I2745bd574d9f971b3f1e41d5084ec9e9fbbeef07
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/branch-heads/9.0@{#55}
Cr-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1}
Cr-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2875210:
Merged: [liftoff] Fix >=2GB memory accesses on 32-bit
We were inconsistent in handling offsets >= 2GB on 32-bit systems. The
code was still relying on this being detected as statically out of
bounds, but with the increase of {kV8MaxWasmMemoryPages} to support 4GB
memories, this is not the case any more.
This CL fixes this by again detecting such situations as statically OOB.
We do not expect to be able to allocate memories of size >2GB on such
systems. If this assumptions turns out to be wrong, we will erroneously
trap. If that happens, we will have to explicitly disallow memories of
such size on 32-bit systems.
Tbr: jkummerow@chromium.org
(cherry picked from commit 7ad5b961553d7d9bc30da1bb839726be2b92bb51)
Bug: v8:7881, chromium:1201340
Change-Id: I8a91dd067a1c63a6d1caacb874a27b44b0983774
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/branch-heads/9.0@{#51}
Cr-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1}
Cr-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reland "M86-LTS: [const-tracking] Ensure map is updated before generalizing constness"
This reverts commit 4b4ad58888faf938a76e0d792c3c3a639c79e2e4.
M86 merge conflicts and resolution:
* src/objects/map-updater.cc
Map::instance_descriptor with kRelaxedLoad dispatcher was introduced after
8.6 branch: https://crrev.com/c/2424130. Before the patch
Map::instance_descriptor without distpacher was used. Do the same
here.
* test/mjsunit/regress/regress-crbug-1195331.js
HasOwnConstDataProperty did not exist in 8.6. Add it from
https://crrev.com/c/2566757.
Original change's description:
> Revert "M86-LTS: [const-tracking] Ensure map is updated before generalizing constness"
>
> This reverts commit 69a043b410ff83f31ceba23eab410163403c1db0.
>
> Reason for revert: causes compilation errors. kRelaxedLoad is missing.
>
> Original change's description:
> > M86-LTS: [const-tracking] Ensure map is updated before generalizing constness
> >
> > Revision: db2acd7a046d42a8013da76c3f47d2970cef5447
> >
> > BUG=chromium:1195331
> > NOTRY=true
> > NOPRESUBMIT=true
> > NOTREECHECKS=true
> > R=leszeks@chromium.org
> >
> > (cherry picked from commit 5a0dd788cdae65bbfa37fbbd47a5e5dde15dd894)
> >
> > Change-Id: I7ce1b36b8860a49838d208bc7857021e03f83916
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2831474
> > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> > Cr-Original-Commit-Position: refs/branch-heads/9.0@{#37}
> > Cr-Original-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1}
> > Cr-Original-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001}
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2850705
> > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
> > Commit-Queue: Artem Sumaneev <asumaneev@google.com>
> > Cr-Commit-Position: refs/branch-heads/8.6@{#82}
> > Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
> > Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
>
> Bug: chromium:1195331
> Change-Id: Id7170c30d67329b784e9a283c0171fed010970dc
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2853588
> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
> Commit-Queue: Artem Sumaneev <asumaneev@google.com>
> Cr-Commit-Position: refs/branch-heads/8.6@{#84}
> Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
> Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1195331
Change-Id: Ie103a7795893860c4c4834eefe9dc327c5c46d19
Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
Commit-Queue: Victor-Gabriel Savu <vsavu@google.com>
Cr-Commit-Position: refs/branch-heads/8.6@{#93}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2869986:
Fix f64x2 min max to use registers
We don't have memory alignment yet, so using memory operands will cause
segv if we try to access the unaligned operands (on non-AVX systems).
The fix here is kept simple (the logic can be cleaned up a bit and
optimized to not use unique registers), in order to keep the cherry-pick
and back-merge as small and safe as possible.
Bug: chromium:1204071
Change-Id: Ieda23dcc097a06c6db20b952d7061708c3be0d24
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74363}
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2856118:
Replace std::vector with base::ObserverList to support container modification while iterating
TaskTracker saves list of viewers in vector, that needs to be notified
when distillation is completed. At the time of notifying the viewers,
we are indirectly erasing viewers from vector while iterating.
This is causing container-overflow in asan build when vector has more
than one viewer while notifying.
This change is to replace vector with ObserverList that can be modified
during iteration without invalidating the iterator.
Bug: 1203590
Change-Id: I7c7b8237584c48c9ebc2639b9268a6a78c2db4b2
Reviewed-by: Matt Jones <mdjones@chromium.org>
Commit-Queue: Akhila Veerapuraju <dhveerap@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#877492}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2859102:
Guard WebContents::DownloadImage() against malformed renderer response
Callers expect that ImageDownloadCallback gets invoked with two vectors
having the same number of elements (one containing the bitmaps and the
other one the corresponding sizes).
However, these vectors are populated directly from the Mojo response,
so there needs to be some browser-process sanitization to protect
against buggy or compromised renderers.
In this patch, WebContentsImpl::OnDidDownloadImage() mimics a 400 error
if the response is malformed, similarly to how it's done in other edge
cases (renderer process dead upon download). Because this scenario is
a violation of the Mojo API contract, the browser process also issues
a bad message log (newly-introduced WCI_INVALID_DOWNLOAD_IMAGE_RESULT)
and shuts down the renderer process.
Change-Id: I29baa421b3590e9a9eeaee95a6e331c08dce5096
Fixed: 1201446
Reviewed-by: Avi Drissman <avi@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Mikel Astiz <mastiz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#877817}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2860442:
FileAPI: Terminate FileReaderLoader before dispatching onabort event.
Otherwise FileReader could end up in an inconsistent state where a load
is still in progress while the state was set to done.
Bug: 1201073
Change-Id: Ib2c833537e1badc57d125568d5d35f53f12582a8
Reviewed-by: Austin Sullivan <asully@chromium.org>
Commit-Queue: Marijn Kruisselbrink <mek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#877579}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of commit originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2883780:
Reland "[compiler] Fix more truncation bugs in SimplifiedLowering"
This is a reland of 47077d94492cb604e3a7f02c0d7c3c495ff6b713 without
changes. The revert was false alarm.
[M86]: Resolved simple conflicts.
Original change's description:
> [compiler] Fix more truncation bugs in SimplifiedLowering
>
> Bug: chromium:1200490
> Change-Id: I3555b6d99bdb4b4e7c302a43a82c17e8bff84ebe
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2840452
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74097}
(cherry picked from commit e4a580c9104e42968e8e13b8c7d933f0b2eda2a3)
(cherry picked from commit 97ad04543438f7b235b21346fdd198f81028cd5e)
Bug: chromium:1200490
Tbr: nicohartmann@chromium.org
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Change-Id: Iedddcf2d0117fa59dc9d7a3604ef203808ad2903
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Original-Commit-Position: refs/branch-heads/9.0@{#47}
Cr-Original-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1}
Cr-Original-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001}
Reviewed-by: Jana Grill <janagrill@google.com>
Commit-Queue: Victor-Gabriel Savu <vsavu@google.com>
Cr-Commit-Position: refs/branch-heads/8.6@{#95}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Partial cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2838205:
Notifications: crash if improper action icons sent from renderer.
Previously, the code only called DCHECK but as this data is from a
renderer we should probably crash the browser.
Bug: 1200019
Change-Id: If4d9d48c8e18a3ed9c8bb3a50b952591259e0db5
Commit-Queue: Justin DeWitt <dewittj@chromium.org>
Reviewed-by: Peter Beverloo <peter@chromium.org>
Cr-Commit-Position: refs/heads/master@{#875788}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2868317:
views: handle deletion when toggling fullscreen
This differs from the first in so far as needing to add more early
outs in the windows side if destroyed. This was caught by the asan
bot.
Toggling fullscreen means the bounds change. There are some
code paths that may delete the Widget when the bounds changes.
This patch ensures the right thing happens if the Widget is
deleted when this happens.
BUG=1197436
TEST=DesktopWidgetTest.DestroyInSetFullscreen
(cherry picked from commit 60fe7a686c0620855c28a60721f668a99e409ee4)
Change-Id: I8ce8f2045878b6f6de530f58e386149189900498
Reviewed-by: Thomas Anderson <thomasanderson@chromium.org>
Commit-Queue: Scott Violet <sky@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#877640}
Auto-Submit: Scott Violet <sky@chromium.org>
Commit-Queue: Thomas Anderson <thomasanderson@chromium.org>
Cr-Commit-Position: refs/branch-heads/4430@{#1383}
Cr-Branched-From: e5ce7dc4f7518237b3d9bb93cccca35d25216cbe-refs/heads/master@{#857950}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2847504:
Media Feeds: Disable Media Feeds and related features in M90
Media Feeds is deleted in M91 and later and is unused in previous
versions as well. There is a security issue with Media Feeds though, so
we'd like to force it to be disabled in previous versions, so this CL
turns it off for M90.
Bug: 1195340
Change-Id: I29e18be2abe4c1b4560d6324af3b6da93a97d947
Reviewed-by: dpapad <dpapad@chromium.org>
Reviewed-by: Frank Liberato <liberato@chromium.org>
Commit-Queue: Tommy Steimel <steimel@chromium.org>
Cr-Commit-Position: refs/branch-heads/4430@{#1389}
Cr-Branched-From: e5ce7dc4f7518237b3d9bb93cccca35d25216cbe-refs/heads/master@{#857950}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
| |
Comparing std::string with base::BasicStringPiece<std::string> doesn't
seem to work properly in std::binary_search().
Task-number: QTBUG-91467
Change-Id: I535faa358e3ce20ddb87a0830aa97fa1953d5994
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
|
|
|
|
|
|
| |
Add missing header for size_t type
Change-Id: I022ea0a393867af8d94d5cf37882a9c4912bcb75
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some backported patches to v8 require us to update the version string,
otherwise stale cache files might not be cleaned properly.
The V8_PATCH_LEVEL will de facto be decoupled from its upstream
counterpart, but that should not matter in practice.
Fixes: QTBUG-93744
Change-Id: I77d0d2a5b011955d22e6ae4c2eb45406f4c52863
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
| |
Change-Id: Ifc73421768e2c6123225064314d39d8479ea4ed8
Fixes: QTBUG-93824
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
| |
Is needed for linux-clang spec build to not depend on atomic lib
Task-number: QTBUG-93294
Change-Id: I9fcb275b9dd7973653c7897c1e19ddb9f6daeb58
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
| |
It is used for Keyboard.getLayoutMap() on Linux.
Task-number: QTBUG-92971
Change-Id: I86ff88edd4de3f4b6c7f7e2deaf6c9c522cc0fcd
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
| |
Wasn't adapted to 87-based.
Change-Id: I2e07bbcf902be226b76e01c44964293574569f16
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2827899:
Merged: [TurboFan] Fix SpeculativeNumberEqual[Number] with undefined
(cherry picked from commit 7c7cdec5373127ad24e75edb2d2d75b25d604850)
Bug: chromium:1198309, v8:5660
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Change-Id: I9cb5f66643c0c0ab9b18ca953cf85d2f6aa84b42
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#74038}
Cr-Commit-Position: refs/branch-heads/9.0@{#45}
Cr-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1}
Cr-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2833911:
Merged: [turbofan] Harden ArrayPrototypePop and ArrayPrototypeShift
Revision: d4aafa4022b718596b3deadcc3cdcb9209896154
TBR=glazunov@chromium.org
BUG=chromium:1198696
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
Change-Id: I1840ffabbed3a3caab75b0abea1d37d9ed446d3f
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/branch-heads/9.0@{#39}
Cr-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1}
Cr-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2835705:
Fix off-by-one error in kAdditiveSafeInteger
Bug: chromium:1198705
Change-Id: I6b3ad82754e1ca72701ce57f16c4f085f8c87f77
Auto-Submit: Georg Neis <neis@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74033}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual cherry-pick of patch orignally reviewed on
https://chromium-review.googlesource.com/c/angle/angle/+/2836786:
D3D11: Skip blits if there is no intersection of dest areas
Blit11 would clip the destination rectangle with the destination size
but ignore the result. gl::ClipRectangle returns false when the
rectangles do not intersect at all, indicating the blit can be skipped.
This could lead to an out-of-bounds write to the GPU memory for the
destination texture.
Mark ClipRectangle as nodiscard to prevent future issues.
Bug: chromium:1199402
Change-Id: I260e82d0917b8aa7e7887f2c9f7ed4b1a03ba785
Reviewed-by: Jamie Madill <jmadill@chromium.org>
Commit-Queue: Geoff Lang <geofflang@chromium.org>
Also fixes Chromium bug 1182937.
Change-Id: I6cb64f2e888c605b0c205bb296f1d5143612796e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2839559:
Merged: [compiler] Fix a bug in VisitSpeculativeIntegerAdditiveOp
Revision: 9313c4ce3f32ad81df1c65becccec7e129181ce3
BUG=chromium:1199345
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=nicohartmann@chromium.org
Change-Id: I0ee9f13815b1a7d248d4caa506c6930697e1866c
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/branch-heads/9.0@{#41}
Cr-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1}
Cr-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The case seems to trigger if the opener is coop-coep-cross-origin-
isolated, the load is speculative, site-related and not (yet) similarly
isolated.
The latter might be a separate/underlying bug though
Change-Id: I9aacc1611ececc91425efe8a1c84ea941b575669
Fixes: QTBUG-92110
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
| |
- https://bugs.gentoo.org/781236
- https://chromium-review.googlesource.com/c/v8/v8/+/2477751
Change-Id: I8ea93bfe0acb87da9233fced73ff5ae7c5f4cb3e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2838329:
M86-LTS: Add null pointer check in RenderWidgetHostInputEventRouter
We have some crashes in RenderWidgetHostInputEventRouter class, we are
adding some null pointer check in this class to avoid the crash.
(cherry picked from commit 5f47666b79ac7ded20e1c7657037498561bd3352)
Bug: 1155297
Change-Id: I3b63d5748523ae2ce8ab469832adfc75d586e411
Reviewed-by: Charlie Reis <creis@chromium.org>
Commit-Queue: Lan Wei <lanwei@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#871108}
Reviewed-by: Lan Wei <lanwei@chromium.org>
Commit-Queue: Achuith Bhandarkar <achuith@chromium.org>
Owners-Override: Achuith Bhandarkar <achuith@chromium.org>
Cr-Commit-Position: refs/branch-heads/4240@{#1617}
Cr-Branched-From: f297677702651916bbf65e59c0d4bbd4ce57d1ee-refs/heads/master@{#800218}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2828858:
Add weak pointer to RWHIER::FrameSinkIdOwnerMap and RWHIER::TargetMap
In RWHIER::FrameSinkIdOwnerMap and RWHIER::TargetMap, we change raw
pointer of RenderWidgetHostViewBase to weak pointer, such as
using FrameSinkIdOwnerMap = std::unordered_map<viz::FrameSinkId,
base::WeakPtr<RenderWidgetHostViewBase>,
viz::FrameSinkIdHash>;
using TargetMap = std::map<uint32_t,
base::WeakPtr<RenderWidgetHostViewBase>>;
This CL should fix the crash of stale pointer.
(cherry picked from commit 3e3e3cf7036d7e33a4d68b8416ae25730f9eee1d)
Bug: 1155297
Change-Id: I5b3270882ef06ae48c86bd460261723c7113953d
Reviewed-by: James MacLean <wjmaclean@chromium.org>
Reviewed-by: Aaron Colwell <acolwell@chromium.org>
Commit-Queue: Lan Wei <lanwei@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#870013}
Auto-Submit: Lan Wei <lanwei@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Lan Wei <lanwei@chromium.org>
Cr-Commit-Position: refs/branch-heads/4430@{#1293}
Cr-Branched-From: e5ce7dc4f7518237b3d9bb93cccca35d25216cbe-refs/heads/master@{#857950}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2828850:
Add crashkeys to identify where |target| is assigned to a stale value
In RenderWidgetHostInputEventRouter::DispatchTouchscreenGestureEvent, the
|target|'s address is changed and assigned to a stale value.
(cherry picked from commit b7758233216445264174dd249e7565ab4849daa6)
Bug: 1155297
Change-Id: Id87175059b6d74eeac165abe0ccfd5f6c25d659a
Commit-Queue: Lan Wei <lanwei@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: James MacLean <wjmaclean@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#867419}
Auto-Submit: Lan Wei <lanwei@chromium.org>
Reviewed-by: Adrian Taylor <adetaylor@google.com>
Owners-Override: Lan Wei <lanwei@chromium.org>
Cr-Commit-Position: refs/branch-heads/4430@{#1292}
Cr-Branched-From: e5ce7dc4f7518237b3d9bb93cccca35d25216cbe-refs/heads/master@{#857950}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2826321:
[views] Handle window deletion during HandleDisplayChange.
In principle there is no reason why the HWNDMessageHandler shouldn't be
deleted by a HandleDisplayChange() call out to the delegate, e.g. if the
change results in a change in window layout.
(cherry picked from commit 299155e5e37a77670b7969771e09e9a16b1f5612)
Bug: 1192552
Change-Id: I9fca35ff32e7037c6492f4cee7069e272059b920
Auto-Submit: Wez <wez@chromium.org>
Commit-Queue: Scott Violet <sky@chromium.org>
Reviewed-by: Scott Violet <sky@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#869603}
Cr-Commit-Position: refs/branch-heads/4430@{#1291}
Cr-Branched-From: e5ce7dc4f7518237b3d9bb93cccca35d25216cbe-refs/heads/master@{#857950}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2821961:
[LTS-M86][builtins] Harden Array.prototype.concat.
Defence in depth patch to prevent JavaScript from executing
from within IterateElements.
R=ishell@chromium.org
R=cbruni@chromium.org
(cherry picked from commit 8284359ed0607e452a4dda2ce89811fb019b4aaa)
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Bug: chromium:1195977
Change-Id: Ie59d468b73b94818cea986a3ded0804f6dddd10b
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#73898}
Commit-Queue: Jana Grill <janagrill@chromium.org>
Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
Cr-Commit-Position: refs/branch-heads/8.6@{#76}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2823829:
[LTS-M86][builtins] Fix Array.prototype.concat with @@species
(cherry picked from commit 7989e04979c3195e60a6814e8263063eb91f7b47)
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Bug: chromium:1195977
Change-Id: I16843bce2e9f776abca0f2b943b898ab5e597e42
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#73842}
Commit-Queue: Jana Grill <janagrill@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
Cr-Commit-Position: refs/branch-heads/8.6@{#77}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2838235:
M86-LTS: [compiler] Fix bug in RepresentationChanger::GetWord32RepresentationFor
We have to respect the TypeCheckKind.
(cherry picked from commit fd29e246f65a7cee130e72cd10f618f3b82af232)
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Bug: chromium:1195777
Change-Id: If1eed719fef79b7c61d99c29ba869ddd7985c413
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#73909}
Owners-Override: Achuith Bhandarkar <achuith@chromium.org>
Reviewed-by: Artem Sumaneev <asumaneev@google.com>
Commit-Queue: Achuith Bhandarkar <achuith@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.6@{#79}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2837712:
M86-LTS: Mojo: Properly validate broadcast events
This corrects broadcast event deserialization by adding a missing
validation step when decoding the outer message header.
(cherry picked from commit 6740adb28374ddeee13febfd5e5d20cb8a365979)
Fixed: 1195308
Change-Id: Ia67a20e48614e7ef00b1b32f7f4e5f20235be310
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Ken Rockot <rockot@google.com>
Cr-Original-Commit-Position: refs/heads/master@{#870238}
Owners-Override: Achuith Bhandarkar <achuith@chromium.org>
Auto-Submit: Achuith Bhandarkar <achuith@chromium.org>
Reviewed-by: Artem Sumaneev <asumaneev@google.com>
Commit-Queue: Achuith Bhandarkar <achuith@chromium.org>
Cr-Commit-Position: refs/branch-heads/4240@{#1614}
Cr-Branched-From: f297677702651916bbf65e59c0d4bbd4ce57d1ee-refs/heads/master@{#800218}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2838077:
M86-LTS: [GeneratedCodeCache] Copy large data before hashing and writing
- Makes a copy before hashing and writing large code entries.
(cherry picked from commit cea0cb8eee9900308d9b43661e9faca449086940)
Bug: chromium:1194046
Change-Id: Id5a6e6d3a04c83cfed2f18db53587d654d642fc0
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#870064}
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Achuith Bhandarkar <achuith@chromium.org>
Owners-Override: Achuith Bhandarkar <achuith@chromium.org>
Cr-Commit-Position: refs/branch-heads/4240@{#1612}
Cr-Branched-From: f297677702651916bbf65e59c0d4bbd4ce57d1ee-refs/heads/master@{#800218}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2667468:
Fetch: Remove Response loaded_with_credentials.
Since the opaque padding refactor in crrev.com/c/2590076 the fetch
response loaded_with_credentials attribute has been unused. This CL
removes the stale code.
Bug: 1143526
Change-Id: I1d7ee1e546d29d180767ac9dd915185a343e8497
Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Commit-Queue: Ben Kelly <wanderview@chromium.org>
Cr-Commit-Position: refs/heads/master@{#850570}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2658741:
CacheStorage: Remove padding key management code.
After the padding refactor in the previous CL we no longer need to
manage separate padding keys. This CL removes this key management code.
Bug: 1143526
Change-Id: I0fee6ea7a6c4672e80032569b6b46a90496f4749
Reviewed-by: Marijn Kruisselbrink <mek@chromium.org>
Commit-Queue: Ben Kelly <wanderview@chromium.org>
Cr-Commit-Position: refs/heads/master@{#850134}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2590076:
CacheStorage: Refactor opaque padding.
This CL refactors how we generate and store opaque response padding:
* Padding values are now generated immediately in fetch().
* Padding values are associated with the Response and follow it.
* Network loaded responses get a purely random pad.
* Http cache loaded responses get a hashed padding value.
* CacheStorage now stores padding values in each entry.
* CacheStorage entries with side data for code cache have a separate,
additional padding value added.
* Many additional tests.
Bug: 1143526
Change-Id: I40b094097b64be7bab8899acad8b9baffe304d33
Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
Reviewed-by: Marijn Kruisselbrink <mek@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Commit-Queue: Ben Kelly <wanderview@chromium.org>
Cr-Commit-Position: refs/heads/master@{#849608}
Change-Id: I56d667a2f0ad266a3cd978c842e78e501eb79c60
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2648212:
CacheStorage: Make LegacyCacheStorage::SizeImpl respect padding.
Previously LegacyCacheStorage::SizeImpl() would include the full padded
size of a Cache object, but it would not detect if the padding had been
invalidated for some reason. In addition, it did not properly propagate
the size information to doomed caches. This CL corrects those issues.
Note, this CL does not contain a test. A follow-up CL that performs
a padding migration will include a test that exercises this path. For
now this CL has been manually tested and verified. This CL was split
out from the migration CL in an attempt to reduce CL size and make them
easier to understand.
Bug: 1143526
Change-Id: I049adbe4a5cc931dc079f330ffa27f9212eb2fa7
Reviewed-by: Marijn Kruisselbrink <mek@chromium.org>
Commit-Queue: Ben Kelly <wanderview@chromium.org>
Cr-Commit-Position: refs/heads/master@{#847262}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2634124:
CacheStorage: Factor writing entry metadata into separate method.
This CL factors out the code to write an entry's metadata into its own
method. This is in preparation for a later CL that will need to rewrite
the metadata with an updated value.
Bug: 1143526
Change-Id: I887bbd5f631e41c19c1e863c04d531764de807c9
Commit-Queue: Ben Kelly <wanderview@chromium.org>
Reviewed-by: Marijn Kruisselbrink <mek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#845689}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://webrtc-review.googlesource.com/c/src/+/215060:
[Merge M86] - Reland "Fix race between destroying SctpTransport and receiving notification on timer thread."
This reverts commit 8a38b1cf681cd77f0d59a68fb45d8dedbd7d4cee.
Reason for reland: Problem was identified; has something to do with
the unique_ptr with the custom deleter.
Original change's description:
> Revert "Fix race between destroying SctpTransport and receiving notification on timer thread."
>
> This reverts commit a88fe7be146b9b85575504d4d5193c007f2e3de4.
>
> Reason for revert: Breaks downstream test, still investigating.
>
> Original change's description:
> > Fix race between destroying SctpTransport and receiving notification on timer thread.
> >
> > This gets rid of the SctpTransportMap::Retrieve method and forces
> > everything to go through PostToTransportThread, which behaves safely
> > with relation to the transport's destruction.
> >
> > Bug: webrtc:12467
> > Change-Id: Id4a723c2c985be2a368d2cc5c5e62deb04c509ab
> > Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/208800
> > Reviewed-by: Niels Moller <nisse@webrtc.org>
> > Commit-Queue: Taylor <deadbeef@webrtc.org>
> > Cr-Commit-Position: refs/heads/master@{#33364}
>
> TBR=nisse@webrtc.org
>
> Bug: webrtc:12467
> Change-Id: Ib5d815a2cbca4feb25f360bff7ed62c02d1910a0
> Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/209820
> Reviewed-by: Taylor <deadbeef@webrtc.org>
> Commit-Queue: Taylor <deadbeef@webrtc.org>
> Cr-Commit-Position: refs/heads/master@{#33386}
TBR=nisse@webrtc.org
Bug: webrtc:12467
Change-Id: I5f9fcd6df7a211e6edfa64577fc953833f4d9b79
Reviewed-by: Niels Moller <nisse@webrtc.org>
Reviewed-by: Florent Castelli <orphis@webrtc.org>
Commit-Queue: Taylor <deadbeef@webrtc.org>
Cr-Original-Commit-Position: refs/heads/master@{#33427}
No-Try: True
No-Presubmit: True
Reviewed-by: Taylor <deadbeef@webrtc.org>
Commit-Queue: Mirko Bonadei <mbonadei@webrtc.org>
Cr-Commit-Position: refs/branch-heads/4240@{#19}
Cr-Branched-From: 93a9d19d4eb53b3f4fb4d22e6c54f2e2824437eb-refs/heads/master@{#31969}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://webrtc-review.googlesource.com/c/src/+/215101:
Fix race with SctpTransport destruction and usrsctp timer thread.
The race occurs if the transport is being destroyed at the same time as
a callback occurs on the usrsctp timer thread (for example, for a
retransmission). Fixed by slightly extending the scope of mutex
acquisition to include posting a task to the network thread, where it's
safe to do further work.
Bug: chromium:1162424
Change-Id: Ia25c96fa51cd4ba2d8690ba03de8af9e9f1605ea
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Taylor <deadbeef@webrtc.org>
Cr-Original-Commit-Position: refs/heads/master@{#33048}
No-Try: True
No-Presubmit: True
Reviewed-by: Mirko Bonadei <mbonadei@webrtc.org>
Cr-Commit-Position: refs/branch-heads/4240@{#18}
Cr-Branched-From: 93a9d19d4eb53b3f4fb4d22e6c54f2e2824437eb-refs/heads/master@{#31969}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://skia-review.googlesource.com/c/skia/+/392437:
SkScalerContext::getImage less brittle.
Properly handle edge cases like
* the temporary glyph being a different size than expected
* filters which reduce in size
* filters which return false to indicate no filtering has been done
Bug: chromium:1190525
Change-Id: Ibc53eb1d7014210019e96cd6bae3e256d967be54
Commit-Queue: Ben Wagner <bungeman@google.com>
Reviewed-by: Herb Derby <herb@google.com>
(cherry picked from commit 348ee387a96d7d94733d46ad9e82b19cb890dd16)
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|