| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2838329:
M86-LTS: Add null pointer check in RenderWidgetHostInputEventRouter
We have some crashes in RenderWidgetHostInputEventRouter class, we are
adding some null pointer check in this class to avoid the crash.
(cherry picked from commit 5f47666b79ac7ded20e1c7657037498561bd3352)
Bug: 1155297
Change-Id: I3b63d5748523ae2ce8ab469832adfc75d586e411
Reviewed-by: Charlie Reis <creis@chromium.org>
Commit-Queue: Lan Wei <lanwei@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#871108}
Reviewed-by: Lan Wei <lanwei@chromium.org>
Commit-Queue: Achuith Bhandarkar <achuith@chromium.org>
Owners-Override: Achuith Bhandarkar <achuith@chromium.org>
Cr-Commit-Position: refs/branch-heads/4240@{#1617}
Cr-Branched-From: f297677702651916bbf65e59c0d4bbd4ce57d1ee-refs/heads/master@{#800218}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2828858:
Add weak pointer to RWHIER::FrameSinkIdOwnerMap and RWHIER::TargetMap
In RWHIER::FrameSinkIdOwnerMap and RWHIER::TargetMap, we change raw
pointer of RenderWidgetHostViewBase to weak pointer, such as
using FrameSinkIdOwnerMap = std::unordered_map<viz::FrameSinkId,
base::WeakPtr<RenderWidgetHostViewBase>,
viz::FrameSinkIdHash>;
using TargetMap = std::map<uint32_t,
base::WeakPtr<RenderWidgetHostViewBase>>;
This CL should fix the crash of stale pointer.
(cherry picked from commit 3e3e3cf7036d7e33a4d68b8416ae25730f9eee1d)
Bug: 1155297
Change-Id: I5b3270882ef06ae48c86bd460261723c7113953d
Reviewed-by: James MacLean <wjmaclean@chromium.org>
Reviewed-by: Aaron Colwell <acolwell@chromium.org>
Commit-Queue: Lan Wei <lanwei@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#870013}
Auto-Submit: Lan Wei <lanwei@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Lan Wei <lanwei@chromium.org>
Cr-Commit-Position: refs/branch-heads/4430@{#1293}
Cr-Branched-From: e5ce7dc4f7518237b3d9bb93cccca35d25216cbe-refs/heads/master@{#857950}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2828850:
Add crashkeys to identify where |target| is assigned to a stale value
In RenderWidgetHostInputEventRouter::DispatchTouchscreenGestureEvent, the
|target|'s address is changed and assigned to a stale value.
(cherry picked from commit b7758233216445264174dd249e7565ab4849daa6)
Bug: 1155297
Change-Id: Id87175059b6d74eeac165abe0ccfd5f6c25d659a
Commit-Queue: Lan Wei <lanwei@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: James MacLean <wjmaclean@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#867419}
Auto-Submit: Lan Wei <lanwei@chromium.org>
Reviewed-by: Adrian Taylor <adetaylor@google.com>
Owners-Override: Lan Wei <lanwei@chromium.org>
Cr-Commit-Position: refs/branch-heads/4430@{#1292}
Cr-Branched-From: e5ce7dc4f7518237b3d9bb93cccca35d25216cbe-refs/heads/master@{#857950}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2826321:
[views] Handle window deletion during HandleDisplayChange.
In principle there is no reason why the HWNDMessageHandler shouldn't be
deleted by a HandleDisplayChange() call out to the delegate, e.g. if the
change results in a change in window layout.
(cherry picked from commit 299155e5e37a77670b7969771e09e9a16b1f5612)
Bug: 1192552
Change-Id: I9fca35ff32e7037c6492f4cee7069e272059b920
Auto-Submit: Wez <wez@chromium.org>
Commit-Queue: Scott Violet <sky@chromium.org>
Reviewed-by: Scott Violet <sky@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#869603}
Cr-Commit-Position: refs/branch-heads/4430@{#1291}
Cr-Branched-From: e5ce7dc4f7518237b3d9bb93cccca35d25216cbe-refs/heads/master@{#857950}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2821961:
[LTS-M86][builtins] Harden Array.prototype.concat.
Defence in depth patch to prevent JavaScript from executing
from within IterateElements.
R=ishell@chromium.org
R=cbruni@chromium.org
(cherry picked from commit 8284359ed0607e452a4dda2ce89811fb019b4aaa)
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Bug: chromium:1195977
Change-Id: Ie59d468b73b94818cea986a3ded0804f6dddd10b
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#73898}
Commit-Queue: Jana Grill <janagrill@chromium.org>
Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
Cr-Commit-Position: refs/branch-heads/8.6@{#76}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2823829:
[LTS-M86][builtins] Fix Array.prototype.concat with @@species
(cherry picked from commit 7989e04979c3195e60a6814e8263063eb91f7b47)
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Bug: chromium:1195977
Change-Id: I16843bce2e9f776abca0f2b943b898ab5e597e42
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#73842}
Commit-Queue: Jana Grill <janagrill@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
Cr-Commit-Position: refs/branch-heads/8.6@{#77}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2838235:
M86-LTS: [compiler] Fix bug in RepresentationChanger::GetWord32RepresentationFor
We have to respect the TypeCheckKind.
(cherry picked from commit fd29e246f65a7cee130e72cd10f618f3b82af232)
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Bug: chromium:1195777
Change-Id: If1eed719fef79b7c61d99c29ba869ddd7985c413
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#73909}
Owners-Override: Achuith Bhandarkar <achuith@chromium.org>
Reviewed-by: Artem Sumaneev <asumaneev@google.com>
Commit-Queue: Achuith Bhandarkar <achuith@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.6@{#79}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2837712:
M86-LTS: Mojo: Properly validate broadcast events
This corrects broadcast event deserialization by adding a missing
validation step when decoding the outer message header.
(cherry picked from commit 6740adb28374ddeee13febfd5e5d20cb8a365979)
Fixed: 1195308
Change-Id: Ia67a20e48614e7ef00b1b32f7f4e5f20235be310
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Ken Rockot <rockot@google.com>
Cr-Original-Commit-Position: refs/heads/master@{#870238}
Owners-Override: Achuith Bhandarkar <achuith@chromium.org>
Auto-Submit: Achuith Bhandarkar <achuith@chromium.org>
Reviewed-by: Artem Sumaneev <asumaneev@google.com>
Commit-Queue: Achuith Bhandarkar <achuith@chromium.org>
Cr-Commit-Position: refs/branch-heads/4240@{#1614}
Cr-Branched-From: f297677702651916bbf65e59c0d4bbd4ce57d1ee-refs/heads/master@{#800218}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2838077:
M86-LTS: [GeneratedCodeCache] Copy large data before hashing and writing
- Makes a copy before hashing and writing large code entries.
(cherry picked from commit cea0cb8eee9900308d9b43661e9faca449086940)
Bug: chromium:1194046
Change-Id: Id5a6e6d3a04c83cfed2f18db53587d654d642fc0
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#870064}
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Achuith Bhandarkar <achuith@chromium.org>
Owners-Override: Achuith Bhandarkar <achuith@chromium.org>
Cr-Commit-Position: refs/branch-heads/4240@{#1612}
Cr-Branched-From: f297677702651916bbf65e59c0d4bbd4ce57d1ee-refs/heads/master@{#800218}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2667468:
Fetch: Remove Response loaded_with_credentials.
Since the opaque padding refactor in crrev.com/c/2590076 the fetch
response loaded_with_credentials attribute has been unused. This CL
removes the stale code.
Bug: 1143526
Change-Id: I1d7ee1e546d29d180767ac9dd915185a343e8497
Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Commit-Queue: Ben Kelly <wanderview@chromium.org>
Cr-Commit-Position: refs/heads/master@{#850570}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2658741:
CacheStorage: Remove padding key management code.
After the padding refactor in the previous CL we no longer need to
manage separate padding keys. This CL removes this key management code.
Bug: 1143526
Change-Id: I0fee6ea7a6c4672e80032569b6b46a90496f4749
Reviewed-by: Marijn Kruisselbrink <mek@chromium.org>
Commit-Queue: Ben Kelly <wanderview@chromium.org>
Cr-Commit-Position: refs/heads/master@{#850134}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2590076:
CacheStorage: Refactor opaque padding.
This CL refactors how we generate and store opaque response padding:
* Padding values are now generated immediately in fetch().
* Padding values are associated with the Response and follow it.
* Network loaded responses get a purely random pad.
* Http cache loaded responses get a hashed padding value.
* CacheStorage now stores padding values in each entry.
* CacheStorage entries with side data for code cache have a separate,
additional padding value added.
* Many additional tests.
Bug: 1143526
Change-Id: I40b094097b64be7bab8899acad8b9baffe304d33
Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
Reviewed-by: Marijn Kruisselbrink <mek@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Commit-Queue: Ben Kelly <wanderview@chromium.org>
Cr-Commit-Position: refs/heads/master@{#849608}
Change-Id: I56d667a2f0ad266a3cd978c842e78e501eb79c60
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2648212:
CacheStorage: Make LegacyCacheStorage::SizeImpl respect padding.
Previously LegacyCacheStorage::SizeImpl() would include the full padded
size of a Cache object, but it would not detect if the padding had been
invalidated for some reason. In addition, it did not properly propagate
the size information to doomed caches. This CL corrects those issues.
Note, this CL does not contain a test. A follow-up CL that performs
a padding migration will include a test that exercises this path. For
now this CL has been manually tested and verified. This CL was split
out from the migration CL in an attempt to reduce CL size and make them
easier to understand.
Bug: 1143526
Change-Id: I049adbe4a5cc931dc079f330ffa27f9212eb2fa7
Reviewed-by: Marijn Kruisselbrink <mek@chromium.org>
Commit-Queue: Ben Kelly <wanderview@chromium.org>
Cr-Commit-Position: refs/heads/master@{#847262}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2634124:
CacheStorage: Factor writing entry metadata into separate method.
This CL factors out the code to write an entry's metadata into its own
method. This is in preparation for a later CL that will need to rewrite
the metadata with an updated value.
Bug: 1143526
Change-Id: I887bbd5f631e41c19c1e863c04d531764de807c9
Commit-Queue: Ben Kelly <wanderview@chromium.org>
Reviewed-by: Marijn Kruisselbrink <mek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#845689}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://webrtc-review.googlesource.com/c/src/+/215060:
[Merge M86] - Reland "Fix race between destroying SctpTransport and receiving notification on timer thread."
This reverts commit 8a38b1cf681cd77f0d59a68fb45d8dedbd7d4cee.
Reason for reland: Problem was identified; has something to do with
the unique_ptr with the custom deleter.
Original change's description:
> Revert "Fix race between destroying SctpTransport and receiving notification on timer thread."
>
> This reverts commit a88fe7be146b9b85575504d4d5193c007f2e3de4.
>
> Reason for revert: Breaks downstream test, still investigating.
>
> Original change's description:
> > Fix race between destroying SctpTransport and receiving notification on timer thread.
> >
> > This gets rid of the SctpTransportMap::Retrieve method and forces
> > everything to go through PostToTransportThread, which behaves safely
> > with relation to the transport's destruction.
> >
> > Bug: webrtc:12467
> > Change-Id: Id4a723c2c985be2a368d2cc5c5e62deb04c509ab
> > Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/208800
> > Reviewed-by: Niels Moller <nisse@webrtc.org>
> > Commit-Queue: Taylor <deadbeef@webrtc.org>
> > Cr-Commit-Position: refs/heads/master@{#33364}
>
> TBR=nisse@webrtc.org
>
> Bug: webrtc:12467
> Change-Id: Ib5d815a2cbca4feb25f360bff7ed62c02d1910a0
> Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/209820
> Reviewed-by: Taylor <deadbeef@webrtc.org>
> Commit-Queue: Taylor <deadbeef@webrtc.org>
> Cr-Commit-Position: refs/heads/master@{#33386}
TBR=nisse@webrtc.org
Bug: webrtc:12467
Change-Id: I5f9fcd6df7a211e6edfa64577fc953833f4d9b79
Reviewed-by: Niels Moller <nisse@webrtc.org>
Reviewed-by: Florent Castelli <orphis@webrtc.org>
Commit-Queue: Taylor <deadbeef@webrtc.org>
Cr-Original-Commit-Position: refs/heads/master@{#33427}
No-Try: True
No-Presubmit: True
Reviewed-by: Taylor <deadbeef@webrtc.org>
Commit-Queue: Mirko Bonadei <mbonadei@webrtc.org>
Cr-Commit-Position: refs/branch-heads/4240@{#19}
Cr-Branched-From: 93a9d19d4eb53b3f4fb4d22e6c54f2e2824437eb-refs/heads/master@{#31969}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://webrtc-review.googlesource.com/c/src/+/215101:
Fix race with SctpTransport destruction and usrsctp timer thread.
The race occurs if the transport is being destroyed at the same time as
a callback occurs on the usrsctp timer thread (for example, for a
retransmission). Fixed by slightly extending the scope of mutex
acquisition to include posting a task to the network thread, where it's
safe to do further work.
Bug: chromium:1162424
Change-Id: Ia25c96fa51cd4ba2d8690ba03de8af9e9f1605ea
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Taylor <deadbeef@webrtc.org>
Cr-Original-Commit-Position: refs/heads/master@{#33048}
No-Try: True
No-Presubmit: True
Reviewed-by: Mirko Bonadei <mbonadei@webrtc.org>
Cr-Commit-Position: refs/branch-heads/4240@{#18}
Cr-Branched-From: 93a9d19d4eb53b3f4fb4d22e6c54f2e2824437eb-refs/heads/master@{#31969}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://skia-review.googlesource.com/c/skia/+/392437:
SkScalerContext::getImage less brittle.
Properly handle edge cases like
* the temporary glyph being a different size than expected
* filters which reduce in size
* filters which return false to indicate no filtering has been done
Bug: chromium:1190525
Change-Id: Ibc53eb1d7014210019e96cd6bae3e256d967be54
Commit-Queue: Ben Wagner <bungeman@google.com>
Reviewed-by: Herb Derby <herb@google.com>
(cherry picked from commit 348ee387a96d7d94733d46ad9e82b19cb890dd16)
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2639959:
[heap] Fix alignment of large fixed double array.
This ensures that large objects have alignment suitable for a fixed
double arrays.
Bug: chromium:1161759
Change-Id: I64fe88d641fedbb5e27c2b38c1b9a4e75cab535a
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72251}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2681148
Set mode for top-level module worker scripts to kSameOrigin
Bug: 1175503
Change-Id: I9a744da07beea87564b9563656c8ba81325d9a13
Commit-Queue: Hiroshige Hayashizaki <hiroshige@chromium.org>
Reviewed-by: Dominic Farolino <dom@chromium.org>
Reviewed-by: Kouhei Ueno <kouhei@chromium.org>
Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org>
Cr-Commit-Position: refs/heads/master@{#851900}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/deps/sqlite/+/2730249:
Fix a couple of memory-sanitizer complaints that could be triggered by a corrupt database.
Cherry-picking from https://www.sqlite.org/src/info/39c8686cabe6c437
FossilOrigin-Name:
39c8686cabe6c437ba4860aade49a701c4f5772b97d9fbe6cb9a394e85b9c092
Bug: 1181276, 1175522
Change-Id: Icc7e115ec54789fab59c03071dccf97987d5ac7f
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2633964:
Check yet another return code from FORM_GetFocusedAnnot()
Bug: 1166972
Change-Id: I258c25573d5900e8dae2d3f26bde5eeb200fd8b1
Reviewed-by: K. Moon <kmoon@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#844268}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2630735:
Check still more return codes from FPDF_ functions.
There are a few more spots similar to
https://chromium-review.googlesource.com/c/chromium/src/+/2628044
Either check the return code, or pre-initialize the out parameters
so that uninitialized reads are avoided should false someday be
returned.
-- tidy one multiple-assignment encountered while looking for
other occurences.
Bug: 1166478,1166462
Change-Id: I2aef090f87aac0cd393e977809c8a24eb8d36de8
Reviewed-by: K. Moon <kmoon@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#843842}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2727306:
Fix removal of observers in NetworkStateNotifier
The NetworkStateNotifier has a per-thread list of observer pointers. If
one is deleted mid-iteration, what we do is replace the pointer in the
list with a 0, and add the index to the zeroed list of observers to
remove after iteration completes. Well, the removal step was broken
for cases where there were multiple elements to remove. It didn't adjust
for the fact that the indexes shifted after each removal.
Bug: 1170148
Change-Id: I446acaae5f8a805a58142848634a0ee8c5f90882
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Josh Karlin <jkarlin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#858853}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2817801:
Web MIDI: Add a SECURITY_CHECK to be robust for attacks and changes
In the current production code, `client_` is always set immediately
after the MIDIDispatcher construction, and there is no timing to run
SessionStarted without a valid `client_` on the same thread.
This SECURITY_CHECK just makes the code robust against attacks via
mojo injections and code changes in the future.
(cherry picked from commit 5c63f62b2d58a4fcd4acd22a18dd1f5bfd129045)
Bug: 1161806
Change-Id: Ic8a5f6e0dc70e6bb4c7cccb4d69d63fc12382c19
Commit-Queue: Takashi Toyoshima <toyoshim@chromium.org>
Auto-Submit: Takashi Toyoshima <toyoshim@chromium.org>
Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#844503}
Reviewed-by: Artem Sumaneev <asumaneev@google.com>
Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
Commit-Queue: Jana Grill <janagrill@chromium.org>
Cr-Commit-Position: refs/branch-heads/4240@{#1593}
Cr-Branched-From: f297677702651916bbf65e59c0d4bbd4ce57d1ee-refs/heads/master@{#800218}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2778871:
Never fail in ReceiverSet::Add
Because of how UniqueReceiverSet is implemented and used, it is
dangerous to allow Add() to fail: callers reasonably assume that added
objects are still alive immediately after the Add() call.
This changes ReceiverId to a uint64 and simply CHECK-fails on
insert collision.
This fundamentally increases binary size of 32-bit builds, because
a widely used 32-bit data type is expanding to 64 bits for the sake
of security and stability. It is effectively unavoidable for now, and
also just barely above the tolerable threshold.
A follow-up (but less backwards-mergeable) change should be able to
reduce binary size beyond this increase by consolidating shared
code among ReceiverSet template instantiations.
Fixed: 1185732
Change-Id: I9acf6aaaa36e10fdce5aa49a890173caddc13c52
Binary-Size: Unavoidable (see above)
Commit-Queue: Ken Rockot <rockot@google.com>
Auto-Submit: Ken Rockot <rockot@google.com>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#865815}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2808893:
Mojo: Remove some inappropriate DCHECKs
There are a few places where we DCHECK conditions that cannot be
reliably asserted since they depend on untrusted inputs. These are
replaced with logic to conditionally terminate the connection to the
offending peer process.
Fixed: 1195333
Change-Id: I0c6873bf55d6b0b1d0cbb3c2e5b256e1a57ff696
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Ken Rockot <rockot@google.com>
Cr-Commit-Position: refs/heads/master@{#870007}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2787572:
Fix Mac crash due to use after free of BlinkScrollbarPartAnimation
What is happening is that the BlinkScrollbarPartAnimation instance
passed to BlinkScrollbarPartAnimationTimer is released while
the BlinkScrollbarPartAnimationTimer::TimerFired method runs as
part of BlinkScrollbarPartAnimation::setCurrentProgress call,
during the execution of ScrollbarPainter::setKnobAlpha which ends
up calling BlinkScrollbarPainterDelegate::setUpAlphaAnimation
through a chain of observers.
BlinkScrollbarPainterDelegate::setUpAlphaAnimation releases the
BlinkScrollbarPartAnimation instance which gets deallocated.
BlinkScrollbarPartAnimation::setCurrentProgress continues execution
after ScrollbarPainter::setKnobAlpha returns, but the _scrollbar
pointer is overwritten with garbage and when SetNeedsPaintInvalidation
is called the crash happens.
I believe that BlinkScrollbarPartAnimationTimer::TimerFired should
retain the animation_ while it runs and release animation_ before
it exits. By retaining Objective C runtime won't free animation_
while BlinkScrollbarPartAnimationTimer is running and the crash
should be avoided.
Bug: 1183276, 1189926
Change-Id: Ibd5092a1dbae53bc21940c43883536624d1b03f3
Commit-Queue: Robert Flack <flackr@chromium.org>
Reviewed-by: Robert Flack <flackr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#867587}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of commit originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2792423:
Don't erase InterpolationTypes used by other documents
A registered custom property in one document caused the entry for the
same custom property (unregistered) used in another document to be
deleted, which caused a use-after-free.
Only store the CSSDefaultInterpolationType for unregistered custom
properties and never store registered properties in the map. They may
have different types in different documents when registered.
Bug: 1192054
Change-Id: I1af03d0a298795db99acc9c62f0d0fff8a5e801d
Commit-Queue: Rune Lillesveen <futhark@chromium.org>
Reviewed-by: Robert Flack <flackr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#867692}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2787756:
DevTools: expect PageHandler may be destroyed during Page.navigate
Bug: 1188889
Change-Id: I5c2fcca84834d66c46d77a70683212c2330177a5
Commit-Queue: Andrey Kosyakov <caseq@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Reviewed-by: Karan Bhatia <karandeepb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#867507}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Partial backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2791431:
Use IDType for permission change subscriptions.
Bug: 1025683
Change-Id: I3b44ba7833138e8a657a4192e1a36c978695db32
Reviewed-by: Richard Coles <torne@chromium.org>
Reviewed-by: Yuchen Liu <yucliu@chromium.org>
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Reviewed-by: Andrey Kosyakov <caseq@chromium.org>
Reviewed-by: Fabrice de Gans-Riberi <fdegans@chromium.org>
Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org>
Reviewed-by: Illia Klimov <elklm@google.com>
Auto-Submit: Balazs Engedy <engedy@chromium.org>
Commit-Queue: Balazs Engedy <engedy@chromium.org>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change brings back the behavior when the site for cookies was
stored as an URL before Chromium 81. QtWebEngine implementation relies
on that becuase it uses SiteForCookies to provide first party url in
some cases.
The site for cookies url was replaced by net::SiteForCookies in change
https://chromium-review.googlesource.com/c/chromium/src/+/1925189
Task-number: QTBUG-90231
Change-Id: Ie1e4be21535a646699b031c3a2ebdb0a19617fc7
Reviewed-by: Florian Bruhin <qt-project.org@the-compiler.org>
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
for x86_64
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2821959:
Fix bug in InstructionSelector::ChangeInt32ToInt64
(cherry picked from commit 02f84c745fc0cae5927a66dc4a3e81334e8f60a6)
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Bug: chromium:1196683
Change-Id: Ib4ea738b47b64edc81450583be4c80a41698c3d1
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#73903}
Commit-Queue: Jana Grill <janagrill@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
Cr-Commit-Position: refs/branch-heads/8.6@{#75}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2821879:
Forbid script execution while updating the paint lifecycle.
(cherry picked from commit 5425d3b100fab533ea9ddc2ed8fbfc4870db0587)
Bug: 1196781
Change-Id: Idc8d24792d5c413691977b09ca821de4e13887ad
Commit-Queue: Adrian Taylor <adetaylor@chromium.org>
Commit-Queue: Robert Flack <flackr@chromium.org>
Reviewed-by: Xianzhu Wang <wangxianzhu@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#870275}
Reviewed-by: Robert Flack <flackr@chromium.org>
Reviewed-by: Achuith Bhandarkar <achuith@chromium.org>
Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
Commit-Queue: Jana Grill <janagrill@chromium.org>
Cr-Commit-Position: refs/branch-heads/4240@{#1601}
Cr-Branched-From: f297677702651916bbf65e59c0d4bbd4ce57d1ee-refs/heads/master@{#800218}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
| |
With following change we no longer can compile with no extensions:
https://chromium-review.googlesource.com/c/chromium/src/+/2272030
Remove gn assertion in favor of the condition.
Change-Id: I008e38a06db8397cd6632e559062fcf8aea614aa
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2779886:
x11/ozone: fix two edge cases
WindowTreeHost::OnHostMovedInPixels() may trigger a nested message
loop (tab dragging), which when the stack unravels means this may
be deleted. This adds an early out if this happens.
X11WholeScreenMoveLoop has a similar issue, in so far as notifying
the delegate may delete this.
BUG=1185482
TEST=WindowTreeHostPlatform.DeleteHostFromOnHostMovedInPixels
(cherry picked from commit 5e3a738b1204941aab9f15c0eb3d06e20fefd96e)
Change-Id: Ieca1c90b3e4358da50b332abe2941fdbb50c5c25
Reviewed-by: Thomas Anderson <thomasanderson@chromium.org>
Commit-Queue: Scott Violet <sky@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#860852}
Cr-Commit-Position: refs/branch-heads/4389@{#1583}
Cr-Branched-From: 9251c5db2b6d5a59fe4eac7aafa5fed37c139bb7-refs/heads/master@{#843830}
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Partial cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2748077:
Merged: Squashed multiple commits.
Merged: [const-tracking] Mark const field as mutable when reconfiguring
Revision: 7535b91f7cb22274de734d5da7d0324d8653d626
Merged: [const-tracking] Fix incorrect DCHECK in MapUpdater
Revision: f95db8916a731e6e5ccc0282616bc907ce06012f
BUG=chromium:1161847,chromium:1185463,v8:9233
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=ishell@chromium.org
Change-Id: I4a34bafb3b072f2e788b47949947c76110f1b85c
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/branch-heads/9.0@{#18}
Cr-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1}
Cr-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001}
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2600386:
[privacy_budget] Remove unnecessary kCanvasReadback metrics.
The identifiability metrics recorded under kCanvasReadback surface type
used two conflicting sources as inputs: the CanvasRenderingContext
type, and the paint-op digest.
There are known collisions between resulting IdentifiableSurface values
from the two sources, which makes it impossible to losslessly separate
the two during analysis.
While the fact that a canvas readback happened is interesting, it
doesn't help determine the observed diversity of clients. Hence this
change removes one of those sources: the CanvasRenderingContext type.
Bug: 1161379
Change-Id: I770cb631c9c4afe4c36d1b129aaf61410db25d43
Commit-Queue: Asanka Herath <asanka@chromium.org>
Reviewed-by: Caleb Raitto <caraitto@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Cr-Commit-Position: refs/heads/master@{#847480}
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Partial cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2779918:
Don't use BigBuffer for IPC::Message transport
M86 merge conflicts and resolution:
* ipc/ipc_message_pipe_reader.cc
Fixed extra include.
(cherry picked from commit 85bd7c88523545ab0e497d5e7b3e929793813358)
(cherry picked from commit fad3b9ffe7c7ff82909d911c573bd185aa3b3b50)
Fixed: 1184399
Change-Id: Iddd91ae8d7ae63022b61c96239f5e39261dfb735
Commit-Queue: Ken Rockot <rockot@google.com>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Cr-Original-Original-Commit-Position: refs/heads/master@{#860010}
Auto-Submit: Ken Rockot <rockot@google.com>
Reviewed-by: Adrian Taylor <adetaylor@chromium.org>
Reviewed-by: Alex Gough <ajgo@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Cr-Original-Commit-Position: refs/branch-heads/4389@{#1597}
Cr-Original-Branched-From: 9251c5db2b6d5a59fe4eac7aafa5fed37c139bb7-refs/heads/master@{#843830}
Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
Reviewed-by: Artem Sumaneev <asumaneev@google.com>
Reviewed-by: Ken Rockot <rockot@google.com>
Auto-Submit: Artem Sumaneev <asumaneev@google.com>
Commit-Queue: Artem Sumaneev <asumaneev@google.com>
Cr-Commit-Position: refs/branch-heads/4240@{#1587}
Cr-Branched-From: f297677702651916bbf65e59c0d4bbd4ce57d1ee-refs/heads/master@{#800218}
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Partial cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2780300:
Merged: [deoptimizer] Fix bug in OptimizedFrame::Summarize
Revision: 3353a7d0b017146d543434be4036a81aaf7d25ae
BUG=chromium:1182647
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=bmeurer@chromium.org
Change-Id: I86abd6a3f34169be5f99aa9f54bb7bb3706fa85a
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.9@{#49}
Cr-Branched-From: 16b9bbbd581c25391981aa03180b76aa60463a3e-refs/heads/8.9.255@{#1}
Cr-Branched-From: d16a2a688498bd1c3e6a49edb25d8c4ca56232dc-refs/heads/master@{#72039}
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
| |
Do not make the build believe it is using clang on Windows.
Change-Id: I7916c361d34b4d6d12bf885329b38103709e274e
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2748756:
Mark additional RootInlineBox dirty when culled inline box is removed
When a |LayoutInline| is removed, |LineBoxList::
DirtyLinesFromChangedChild| tries to mark affected
|RootInlineBox| dirty.
When the |LayoutInline| to be removed is culled, it tries to
find the |RootInlineBox| from its previous siblings, then look
for its previous and next |RootInlineBox|es.
Occasionally, the next next line of the previous sibling is
wrapped at the |LayoutInline|, and that its |LineBreakObj()|
holds the reference to the |LayoutInline|. This patch marks
such |RootInlineBox| dirty.
(cherry picked from commit 2dbdabb28d647c8ee20cbe36e3c957e74aff663b)
Bug: 1186287
Change-Id: I8ca73ebb4f5e4f13e997662fffd803d6a74ef49a
Auto-Submit: Koji Ishii <kojii@chromium.org>
Reviewed-by: Ian Kilpatrick <ikilpatrick@chromium.org>
Commit-Queue: Ian Kilpatrick <ikilpatrick@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#861724}
Commit-Queue: Jana Grill <janagrill@chromium.org>
Reviewed-by: Achuith Bhandarkar <achuith@chromium.org>
Reviewed-by: Koji Ishii <kojii@chromium.org>
Cr-Commit-Position: refs/branch-heads/4240@{#1577}
Cr-Branched-From: f297677702651916bbf65e59c0d4bbd4ce57d1ee-refs/heads/master@{#800218}
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2639893:
Iterate more carefully over DTLS transports at close
Ensure that even if the set of DTLS transports is modified during
callbacks called from close, the process will be well-defined.
Bug: chromium:1167357
Change-Id: I712280e7382a647027912178156127831b437f75
Reviewed-by: Henrik Boström <hbos@chromium.org>
Commit-Queue: Harald Alvestrand <hta@chromium.org>
Cr-Commit-Position: refs/heads/master@{#845122}
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport (library update) of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2600334:
Roll src/third_party/sqlite/src/ 0324bd3ef..d9581878f (171 commits)
https://chromium.googlesource.com/chromium/deps/sqlite.git/+log/0324bd3ef1af..d9581878fcf8
$ git log 0324bd3ef..d9581878f --date=short --no-merges --format='%ad %ae %s'
2020-12-22 huangdarwin Fix SQLITE_OMIT_WINDOWFUNC builds by moving declaration of sqlite3ExpandSubquery out of "ifndef SQLITE_OMIT_WINDOWFUNC" block.
2020-12-22 huangdarwin Amalgamations for release 3.34.0
2020-12-01 drh Version 3.34.0
2020-11-30 Dan Kennedy Update the tea/win/makefile.vc file that ships as part of the autoconf package to use "sqlite3" instead of "tclsqlite3" for the installed dll filename.
2020-11-30 drh Do not reuse the obsolete SQLITE_TESTCTRL_PRNG_RESET value for SQLITE_TESTCTRL_SEEK_COUNT. Give SEEK_COUNT its own unique value. This avoids incompatibility with legacy test code.
2020-11-27 Dan Kennedy Fix a compiler warning in fts5_aux.c.
2020-11-27 Dan Kennedy Add missing cast to fts5 bm25() code.
2020-11-27 Dan Kennedy Remove a redundant "if( rc==SQLITE_OK )" from the fts5 bm25() code.
2020-11-27 Dan Kennedy Move an "if( rc==SQLITE_OK )" to outside a loop body in the fts5 bm25() code.
2020-11-27 Dan Kennedy Fix a case in the FTS5 integrity check where a corrupt database could cause a buffer overread.
2020-11-26 Dan Kennedy Update mkunicode.tcl to match the change erroneously made to machine generated file fts5_unicode2.c in [b7b7bde9].
2020-11-25 drh Update a requirement mark in the e_expr.test script.
2020-11-25 drh Fix harmless compiler warnings about unused function parameters.
2020-11-25 drh Fix a potential NULL pointer dereference in the geopoly_overlap() routine of the GeoPoly extension.
2020-11-25 drh Fix the shell1.test test script so that it works on windows.
2020-11-25 drh Change the -init option to the command-line shell to honor the -bail option. Also change it to report an error if the filename mentioned cannot be opened.
2020-11-24 drh Fix a typo in the sqlite3_txn_state() documentation.
2020-11-24 drh Add the new sqlite3_txn_state() interface to the set of routines accessible by run-time loadables extensions.
2020-11-24 drh Fix a harmless typo in a comment.
2020-11-24 dan Fix a bug in OOM handling code introduced by [6a28713d].
2020-11-24 dan Ensure that super-journal and other journal filenames passed by SQLite to an sqlite3_vfs.xOpen() implementation may be safely passed to sqlite3_uri_parameter() and similar functions.
2020-11-24 drh Remove the VERSION_NUMBER macro from configure.ac as it has been unused since 2009 check-in [7f4810747b086498]. See also [forum:/forumpost/bb2c634fcd|forum post bb2c634fcd].
2020-11-23 drh Syntactic changes to work around a bug in gcov 9.3.0. No changes to the generated code for release builds.
2020-11-23 drh In os_unix.c, put ALWAYS() on unreachable branches associated with pathname normalization.
2020-11-23 dan Fix a test script problem causing crash8.test to fail when run with leak-sanitizer.
2020-11-23 drh Allow "substring()" as an alias for "substr()" for compatibility with other SQL engines.
2020-11-20 dan Add file doc/vdbesort-memory.md, containing notes on the way vdbesort.c uses heap memory.
2020-11-19 drh More test case changes so that shared-cache mode tests all work with normalized database names.
2020-11-19 drh Fix the tkt3793 test case so that work even when filenames are normalized.
2020-11-18 drh Improvements to the mechanism that attempts to report SQLITE_CORRUPT if pread() says that the underlying filesystem is corrupt.
2020-11-18 dan Update cksumvfs.c so that if SQLITE_AMALGAMATION is defined, SQLITE_CKSUMVFS_STATIC is implied.
2020-11-18 dan Add test infrastructure for cksumvfs. And update cksumvfs so that it works in concert with version 2 VFSs. No changes to core SQLite.
2020-11-18 dan Fix a problem causing sqlite3_carray_bind() to return an undefined value.
2020-11-18 dan Update test code to fix a problem with SQLITE_OMIT_VIRTUAL_TABLE builds.
2020-11-18 drh On unix, for certain error codes of read()/pread() return SQLITE_IOERR_CORRUPTFS instead of SQLITE_IOERR_READ. And then convert this error into SQLITE_CORRUPT prior to returning back to the application.
2020-11-17 drh Claw back most of the performance lost in the previous commit.
2020-11-17 dan Fix trivial memory leaks in the shell and sqldiff programs.
2020-11-17 dan Fix test file busy2.test so that it works with the "inmemory_journal" permutation.
2020-11-17 drh Add a single-argument form to the CARRAY table-valued function, with content bound using the sqlite3_carray_bind() interface that is included with the extension.
2020-11-16 drh Enhance the unix VFS so that it removes extra "/", "/./" and "/../" from the database filename.
2020-11-14 drh Modify UPDATE so that two-pass updates on a rowid table use an ephemeral table to store rowids rather than a RowSet. This uses less memory, though it is slower.
2020-11-12 drh Improved diagnostics output with ".wheretrace 0x800". No changes to non-debug builds.
2020-11-11 drh Fix a typo in a comment. No changes to code.
2020-11-08 drh Use NEVER and ALWAYS macros to confirm that the return value from sqlite3ExprSkipCollateAndLikely() is never NULL in some of its use cases.
2020-11-06 drh Add ALWAYS() to conditionals associated with SHM locking that are always true.
2020-11-05 drh Suppress errors associated with TEMP triggers that reference objects in non-TEMP databases. This is a continuation of the fix for ticket #3810 shown in check-in [ba1afc040171810d] from [/timeline?c=trunk:200908061743|2009-08-06], based on a bug report in [forum:/forumpost/157dc791df|forum post 157dc791df]
2020-11-05 drh Remove unused variable from speedtest1.c
2020-11-02 drh Fix an another OSS-Fuzz discovered assertion fault due to ALTER TABLE and strange triggers.
2020-10-31 drh Add the -tabs command-line option to the CLI.
2020-10-31 dan Update the ALTER TABLE command to correctly handle UPDATE ... FROM statements within trigger programs.
(...)
2020-09-15 drh Do not invoke usleep() for more than 999999 microseconds.
2020-09-11 dan Catch fts5 index corruption caused by issuing 'delete' commands with incorrect data earlier in some cases. Also fix a couple of test script problems.
2020-09-10 drh Try again to fix the typo in the sqlite3_txn_state() documentation.
2020-09-10 drh Fix typo in the documentation for the new sqlite3_txn_state() interface.
2020-09-10 drh If an amalgamation is created using SQLITE_ENABLE_UPDATE_DELETE_LIMIT, ensure that it can still be compiled without that option by setting the SQLITE_UDL_CAPABLE_PARSER flag in the preamble.
2020-09-07 dan Fix another (harmless in practice) tsan error in shared-cache mode.
2020-09-06 drh Remove an artifical limitation on the length of columns in the "box" output mode of the command-line shell.
2020-09-05 drh Fix a bug in Fossil that might cause it to crash if there is a multi-terminal token with a space following the "|" separator. This does not affect SQLite.
2020-09-04 dan Fix a tsan error that could occur when using shared-cache mode.
2020-09-04 dan Ensure that the busy-handler count is reset at the end of each sqlite3_file_control() and sqlite3_prepare() (and _v2() and _v3()).
2020-09-01 mistachkin Fix harmless compiler warning.
2020-09-01 drh In the Lemon output, add a prefix comment that explains that the output file is automatically generated and shows the name of the source file.
2020-09-01 drh Lemon updates: (1) include the #defines for all tokens in the generated C file, so that the C-file can be stand-alone. (2) If the grammar begins with a %include {...} directive on line one, make that directive the header for the generated C file. (3) Enhance the lemon.html documentation.
2020-09-01 drh Improvements to the IN-early-out optimization so that it works more efficiently when there are two or more indexed IN clauses on a single table.
2020-09-01 drh Fix a harmless compiler warning.
2020-08-31 drh New test-control that returns the number of calls to sqlite3BtreeMovetoUnpacked() on the main database and then resets the counter. This only works for SQLITE_DEBUG builds.
2020-08-31 drh Fix the documentation for the OP_IdxGT family of opcodes to show that the P5 operand is not used.
2020-08-29 dan Fix a sanitizer warning in zipfile.c.
2020-08-28 dan Fix handling of an xShmLock(SHARED, UNLOCK) call when the caller does not hold any lock on the specified slot, but another connection in the same process holds an EXCLUSIVE.
2020-08-28 dan Modify the unixShmLock() function to avoid iterating through the (possibly large) set of connections to the same database file.
2020-08-28 mistachkin Add the miscellaneous 'series' extension to the shell.
2020-08-28 drh Update Lemon documentation. Patches from sgbeal.
2020-08-28 drh Fix a couple of unreachable branches.
2020-08-28 dan Add fts5 test to confirm that for a table with columns a, b, c and d, "{a b}" and "-{c d}" are handled similarly.
2020-08-27 drh Remove a (harmless) redundant variable from the CLI implementation.
2020-08-27 drh Include the original text of the CHECK constraint in the error message for anonymous CHECK constraints.
2020-08-27 drh Apple the same fix for ticket [9eda2697f5cc1aba] to text-to-integer conversions that was done for floating point conversions by check-in [1c76f1d8ec0937a2].
2020-08-27 dan Do not attempt to run test script analyze3.test as part of the "prepare" permutation.
2020-08-26 drh Enhance the ".databases" command in the CLI so that it shows the result of sqlite3_db_readonly() and sqlite3_txn_state() for each database file.
2020-08-26 drh If the argument to the ".read" command in the CLI begins with "|" then run the remainder of the argument as a command and read input from the output of that command.
2020-08-25 drh Add support for the sqlite3_txn_state() interface.
2020-08-24 drh Reduce the N in the logN term for the sorting cost associated with computing DISTINCT by B-Tree by half, under the assumption that the DISTINCT will eliminate about half the rows of output. This is really a wild guess. But we do not have any better way of estimating what the row-count reduction due to DISTINCT will actually be.
2020-08-24 dan Correctly handle expressions like "x IS (not) true/false" within the rhs of IN() expressions. Fix for [f3ff1472].
2020-08-20 dan Fix a crash that could occur in SQLITE_MAX_EXPR_DEPTH=0 builds when processing SQL containing syntax errors.
2020-08-20 dan Avoid a buffer overrun in test code that could occur if certain test functions were passed a hex-string containing an odd number of digits.
2020-08-19 drh Try to make SQLite easier to compiler for Mac Catalyst. See [https://sqlite.org/forum/forumpost/803387a1c5|forum post 803387a1c5].
2020-08-19 drh Do not skip over TK_IF_NULL_ROW operators when bypassing TK_COLLATE operators. Fix to check-in [ac31edd3eeafcef4] which was itself a fix for ticket [45f4bf4eb4ffd788].
2020-08-19 dan Update releasetest_data.tcl so that the "Fast-One" configuration runs bigmmap.test as part of release testing.
2020-08-19 dan Fix a problem in test file bigmmap.test.
2020-08-17 drh Fix the -quote option on the CLI to set the correct column separator.
2020-08-16 drh Optimization to sqlite3BeginWriteOperation().
2020-08-15 drh Optimization of the sqlite3SrcListDelete() routine.
2020-08-15 drh Remove more unnecessary sqlite3GetVdbe() calls, replacing them with assert()s.
2020-08-15 drh Avoid unnecessary calls to the sqlite3GetVdbe() routine. Add assert() statements to prove each call is unnecessary.
2020-08-15 drh Omit the unnecessary not-NULL check on the upper bound of a forward index range scan. The subsequent OP_IdxGT will always catch the NULL. Similarly, omit the not-NULL check on the lower bound of a reverse index range scan, as the SeekLE opcode will disallow the NULL.
2020-08-14 drh Update the version number to 3.34.0 for the next development cycle.
2020-08-14 drh Optimizations to the logic that converts main table accesses into equivalent index accesses. Code is now slightly smaller and faster than trunk.
2020-08-14 drh For UPDATE and DELETE, use OP_DeferredSeek always. If the seek must later be resolved, add the OP_FinishSeek opcode after all WHERE clause terms have been processed. This obviates the need for the WHERE_SEEK_TABLE and WHERE_SEEK_UNIQ_TABLE flags to sqlite3WhereBegin() and the ensuing complication, and it allows the covering index optimization to be used further into WHERE clause processing.
2020-08-14 drh Experimental change to try to get some DELETE operations to access values using the index rather than the main table, so as to avoid unnecessary main table seeks.
2020-08-14 dan Fix an inconsequential memory leak in sqldiff. Update the "Sanitize" case in wapptest.tcl to use -fsanitize=address,undefined, and to run more tests.
Created with:
roll-dep src/third_party/sqlite/src
Bug: 1161048
Change-Id: Ieb8f0154930d6cc0597b5aee9444678cf021035b
Reviewed-by: Chris Mumford <cmumford@google.com>
Commit-Queue: Darwin Huang <huangdarwin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#839609}
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on:
https://chromium-review.googlesource.com/c/chromium/src/+/2575392:
Make sure to check read permission when iterating a directory.
Also adds unit tests for that case and a couple of other cases.
Bug: 1155710
Change-Id: Ibb6818e9608c9334641212a3f8514d963117333d
Commit-Queue: Marijn Kruisselbrink <mek@chromium.org>
Reviewed-by: Victor Costan <pwnall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#834787}
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport (library update) of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2692542:
Roll src/third_party/libyuv/ 6866adbec..1d3f901aa (17 commits)
https://chromium.googlesource.com/libyuv/libyuv.git/+log/6866adbec5af..1d3f901aa016
$ git log 6866adbec..1d3f901aa --date=short --no-merges --format='%ad %ae %s'
2020-12-25 fbarchard Scale bug fix with msan when scaling up in height and down in width with box filter.
2020-12-22 fbarchard Test Box filter scale plane with 1 dimension growing and the other reducing
2020-12-03 eshr NV12 Copy, include scale_uv.h
2020-11-18 thakis Stop setting mac_xcode_version in DEPS
2020-11-06 libyuv-ci-autoroll-builder Roll chromium_revision 5aaa70b53c..64c8c30faa (822628:824854)
2020-11-03 fbarchard Scale by even factor low level row function
2020-10-30 libyuv-ci-autoroll-builder Roll chromium_revision df9aecfc0b..5aaa70b53c (820568:822628)
2020-10-28 fbarchard PlaneScale, UVScale and ARGBScale test 3x and 4x down sample.
2020-10-27 fbarchard MJPGToNV12 added and build files sorted
2020-10-24 libyuv-ci-autoroll-builder Roll chromium_revision e812106b13..df9aecfc0b (817907:820568)
2020-10-16 libyuv-ci-autoroll-builder Roll chromium_revision 4892423355..e812106b13 (815587:817907)
2020-10-13 fbarchard UVScale down use AVX2 and Neon for aarch32
2020-10-13 fbarchard UVScale down by 4 use SSSE3/NEON
2020-10-12 fbarchard 2x down sample for UV planes ported to SSSE3 / NEON
2020-10-09 libyuv-ci-autoroll-builder Roll chromium_revision ccec2ad009..4892423355 (811963:815587)
2020-10-02 fbarchard I420ToARGB prototype added to convert_from.h
2020-10-01 fbarchard scale neon adjust PRFM instruction to co-issue with math
Created with:
roll-dep src/third_party/libyuv
(cherry picked from commit 1a60856f34aa15def686168c3b392dc37a120c51)
Bug: chromium:1158178, chromium:1062941, libyuv:875, b/176195584
Change-Id: Iecf360198a90acabcbd71e57791634f5e3e861c3
Commit-Queue: Frank Barchard <fbarchard@chromium.org>
Reviewed-by: Frank Barchard <fbarchard@chromium.org>
Reviewed-by: Eugene Zemtsov <eugene@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#839493}
Commit-Queue: Jana Grill <janagrill@chromium.org>
Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
Cr-Commit-Position: refs/branch-heads/4240@{#1545}
Cr-Branched-From: f297677702651916bbf65e59c0d4bbd4ce57d1ee-refs/heads/master@{#800218}
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2596871:
indexeddb: Have ReleaseOnIDBSequence used rvalue reference.
Making change to be consistent with SequencedTaskRunner::ReleaseSoon.
Bug: 1142712
Change-Id: Ic0c84f3c656f0504b87091be1f70c51949259f24
Auto-Submit: Chris Mumford <cmumford@google.com>
Commit-Queue: Daniel Murphy <dmurph@chromium.org>
Reviewed-by: Daniel Murphy <dmurph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#838338}
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2731578:
M86: indexeddb: Convert IndexedDBContextImpl back to RefCountedThreadSafe<>.
Switch IndexedDBContextImpl from using RefCountedDeleteOnSequence to
use RefCountedThreadSafe.
This change is to eliminate a user-after-free situation which is caused
by the recreation of a scoped_refptr *after* the deletion of the
IndexedDBContextImpl posted to the the correct sequence for deletion.
This fix converts the "delete on sequence" into a "release on sequence",
thus avoiding this crash.
[M86 merge]: Fixed conflicts in indexed_db_context_impl.h
indexed_db_quota_client.cc.
(cherry picked from commit 416482976e398bbcc082e93f0d3c8522b16474e8)
Bug: 1142712
Change-Id: I74359b515f5c05cdff9104de89691ef1f3d4557e
Reviewed-by: Marijn Kruisselbrink <mek@chromium.org>
Reviewed-by: Daniel Murphy <dmurph@chromium.org>
Commit-Queue: Chris Mumford <cmumford@google.com>
Cr-Original-Commit-Position: refs/heads/master@{#838120}
Reviewed-by: Achuith Bhandarkar <achuith@chromium.org>
Commit-Queue: Victor-Gabriel Savu <vsavu@google.com>
Cr-Commit-Position: refs/branch-heads/4240@{#1564}
Cr-Branched-From: f297677702651916bbf65e59c0d4bbd4ce57d1ee-refs/heads/master@{#800218}
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2599426:
Avoid using the isolate in CallRecordWriteStub
Port: 6b3994e8507b32dfb956329395dbe33a2a8fee14
Bug: chromium:1146813
Change-Id: I552f49193188d91d64a1d75307cd3390138c9e7a
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#71874}
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2593333:
Avoid using the isolate in CallRecordWriteStub
CallRecordWriteStub is used in a background compile thread for
JS-to-Wasm wrapper compilation, so it should avoid accessing the
isolate.
Call the builtin using CallBuiltin which does not require a Handle<Code>
object and instead gets the call target directly from the embedded data.
R=clemensb@chromium.org
Bug: chromium:1146813
Change-Id: I4ee59084e4184f2e9039208e4e6db43482cefde6
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71785}
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2718543:
Introduce AudioBuffers for user access in ScriptProcessorNode
This CL adds new AudioBuffers for the access from the user code.
Bug: 1177465
Test: The local ASAN build doesn't reproduce on given POCs.
Change-Id: Id9a3505ddb9ab61b4442385d0b830ef56f65f797
Auto-Submit: Hongchan Choi <hongchan@chromium.org>
Reviewed-by: Raymond Toy <rtoy@chromium.org>
Commit-Queue: Hongchan Choi <hongchan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#857817}
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
|