| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Note that, this change is still under review and might not be the final
version.
`SIGSTKSZ` is no longer constant in glibc > 2.33 but a function
returning a long. Cast before taking `max`.
See https://sourceware.org/git/?p=glibc.git;a=blob;f=NEWS;h=85e84fe53699fe9e392edffa993612ce08b2954a;hb=HEAD
Change-Id: I2010b698fab25b65e5652c763ed71aba696a8e22
Review-URL: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3261335
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit 735b1a398df409a98e84ed0eb1afb0bafdd9dff9)
(cherry picked from commit 2918e073086af29bd3e4176cd2403dffa789fdc0)
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Compilation of sandbox fails when using dynamic stack size in glibc
2.34 or newer. This is because the value is not a literal anymore but
obtained through sysconf.
To avoid this, use memset to put zeros in the buffer.
Pick-to: 87-based 90-based 94-based
Change-Id: Iff7ddca815378ab1de2f3ca2d200d8db75f42dd2
Review-URL: https://chromium-review.googlesource.com/c/chromium/src/+/3436947
Cr-Commit-Position: refs/heads/main@{#967943}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit b789116ca6111fa26c7a6d6ea22513b95c3573af)
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bypasses all existing protection mechanisms
Manual backport of patch originally committed at
https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e:
Patch for security issue CVE-2021-3541
This is relapted to parameter entities expansion and following
the line of the billion laugh attack. Somehow in that path the
counting of parameters was missed and the normal algorithm based
on entities "density" was useless.
Change-Id: I81d1ab274ae80a9e0e0890dada92d3f09584e4e7
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
xmlEncodeEntitiesInternal() in entities.c
Manual cherry-pick of patch originally committed as
https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2:
Validate UTF8 in xmlEncodeEntities
Code is currently assuming UTF-8 without validating. Truncated UTF-8
input can cause out-of-bounds array access.
Adds further checks to partial fix in 50f06b3e.
Fixes #178
Change-Id: Idc0134c16b449e7bd8d5e76ae16c9e92798b5f37
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
| |
Might not strictly be necessary, but does not hurt and it's better
to be safe than sorry.
Change-Id: I2e860cc4f22ffce138bfe187a473893905c0645d
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Partial cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2949089:
Fix URLLoader cleanup on CorsURLLoaderFactory destruction.
Destroying one URLLoader can result in other URLLoaders getting errors,
due to to cache interconnectedness. CorsURLLoaderFactory's destructor
was not taking that into account.
Also fix a bonus bug: HttpCache::Transaction::response_ wasn't being
cleared in HttpCache::Transaction::DoHeadersPhaseCannotProceed(), which
could result in DCHECKs when calling GetResponseInfo() when a
transaction that was waiting on a cached response from another
transaction ended up failing.
[M86] Used older API in cors_url_loader_factory_unittest.cc
Added AddDefaultHandlers to EmbeddedTestServer
(cherry picked from commit 2f49a3c69a2184c95f43a395e4f33a3959cb8dbc)
(cherry picked from commit baf23e3c5b1394982cff718a0e055d4f239245ad)
Bug: 1209769
Change-Id: I2c18caa488767a29011aca1e1b0bace24c1ba8fc
Reviewed-by: Maksim Orlovich <morlovich@chromium.org>
Commit-Queue: Matt Menke <mmenke@chromium.org>
Cr-Original-Original-Commit-Position: refs/heads/master@{#887522}
Auto-Submit: Matt Menke <mmenke@chromium.org>
Cr-Original-Commit-Position: refs/branch-heads/4472@{#1433}
Cr-Original-Branched-From: 3d60439cfb36485e76a1c5bb7f513d3721b20da1-refs/heads/master@{#870763}
Reviewed-by: Matt Menke <mmenke@chromium.org>
Reviewed-by: Artem Sumaneev <asumaneev@google.com>
Owners-Override: Victor-Gabriel Savu <vsavu@google.com>
Commit-Queue: Victor-Gabriel Savu <vsavu@google.com>
Cr-Commit-Position: refs/branch-heads/4240@{#1662}
Cr-Branched-From: f297677702651916bbf65e59c0d4bbd4ce57d1ee-refs/heads/master@{#800218}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport (subdirectory update) of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2803936:
Roll xdg-mime to 722325fba8968a26eb243642cbe89a044d6dfd6c.
$ git log 2cdd8d36d..722325fba --date=short --no-merges --format='%ad %ae %s'
2021-03-18 kdudka@redhat.com Fix fd leak in error path
2021-01-06 hadess@hadess.net ci: Add CI
2020-11-21 emmanuel.fleury@u-bordeaux.fr Fix signedness warnings in src/xdgmimecache.c
2020-11-21 emmanuel.fleury@u-bordeaux.fr Fix signedness warnings in src/xdgmimecache.c:__gio_xdg_cache_list_mime_parents()
2020-11-21 emmanuel.fleury@u-bordeaux.fr Fix signedness warning in src/xdgmimecache.c:__gio_xdg_cache_mime_type_subclass()
2020-11-21 emmanuel.fleury@u-bordeaux.fr Fix signedness warning in src/xdgmimecache.c:cache_glob_node_lookup_suffix()
2020-11-21 emmanuel.fleury@u-bordeaux.fr Fix signedness warning in rc/xdgmimecache.c:cache_glob_lookup_fnmatch()
2020-11-21 emmanuel.fleury@u-bordeaux.fr Fix signedness warning in src/xdgmimecache.c:cache_magic_compare_to_data()
2020-11-21 emmanuel.fleury@u-bordeaux.fr Fix signedness warning in src/xdgmimecache.c:cache_magic_matchlet_compare()
2020-11-21 emmanuel.fleury@u-bordeaux.fr Fix signedness warnings in src/xdgmimecache.c:cache_magic_matchlet_compare_to_data()
2020-11-21 emmanuel.fleury@u-bordeaux.fr Fix signedness warnings in src/xdgmimemagic.c:_xdg_mime_magic_matchlet_compare_to_data()
2020-11-21 emmanuel.fleury@u-bordeaux.fr Fix signedness warnings in src/xdgmimemagic.c:_xdg_mime_magic_parse_magic_line()
2020-11-21 emmanuel.fleury@u-bordeaux.fr Fix signedness warning in src/xdgmimeint.c
2020-12-27 faure@kde.org Fix fallback after multiple matching globs
2020-12-27 faure@kde.org Fix usage information for print-mime-data
2019-06-03 withnall@endlessm.com xdgmime: Don’t set an out argument if it’s NULL
2018-11-19 ville.skytta@iki.fi Comment grammar fix
2018-07-16 mcatanzaro@igalia.com Fix buffer underflow in __gio_xdg_cache_mime_type_subclass()
2018-07-16 mcatanzaro@igalia.com Fix special case for mime_type_subclass
2018-07-16 mcatanzaro@igalia.com Handle EINTR in open()
2018-07-16 mcatanzaro@igalia.com Don't forget to free resources on an early return
2018-07-16 mcatanzaro@igalia.com Fix void pointer arithmetic in cache_magic_matchlet_compare_to_data()
2018-07-16 mcatanzaro@igalia.com Fix use after free in xdg_mime_get_mime_type_for_file
2018-07-16 mcatanzaro@igalia.com Add space before paren in _xdg_mime_cache_get_mime_type_for_file
2018-06-30 mcatanzaro@igalia.com build: Add a .gitignore
2018-06-17 ville.skytta@iki.fi Spelling fixes
2017-09-05 hadess@hadess.net Check further into the file whether it is text or binary
2013-01-07 hadess@hadess.net tests: Fix current test-mime failures
2013-01-07 hadess@hadess.net tests: Make test-mime failures fatal
2013-01-07 hadess@hadess.net tests: Mime-types are not case-sensitive
2012-09-27 hadess@hadess.net Ignore non-regular files in print-mime-data
2012-09-25 hadess@hadess.net Add print-mime-data program
Fixed: 1184294
Change-Id: I74717bb13d49088b18bd88404c7cf7b8032a7d99
Reviewed-by: Adrian Taylor <adetaylor@chromium.org>
Reviewed-by: Thomas Anderson <thomasanderson@chromium.org>
Commit-Queue: Daniel Cheng <dcheng@chromium.org>
Cr-Commit-Position: refs/heads/master@{#871055}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual partial backport (amalgamation and build files only) of patch originally
reviewed on https://chromium-review.googlesource.com/c/chromium/src/+/3055412:
[M90-LTS] Roll src/third_party/sqlite/src/ 144e06fa..09b4d6e90 (5 commits):
https://chromium.googlesource.com/chromium/deps/sqlite.git/+log/144e06fad937..09b4d6e90623
$ git log 144e06fa..09b4d6e90 --date=short --no-merges --format='%ad %ae %s'
2021-06-15 huangdarwin@chromium.org Avoid a buffer overread in fts3 that could occur when handling corrupt data structures.
2021-06-15 huangdarwin@chromium.org When constructing the synthensized SELECT statement that is used to choose the rows in an UPDATE FROM, make sure the first table is really the table being updated, and not some common-table expression that happens to have the same name. [forum:/forumpost/a274248080|forum post a274248080]. More changes associated with CTE name resolution are pending.
2021-06-08 huangdarwin@chromium.org Fix the UNION ALL flattener optimization so that it works better with recursive CTEs. dbsqlfuzz 88ed5c66789fced139d148aed823cba7c0926dd7
2021-05-19 huangdarwin@chromium.org sqlite: Fix an undefined-integer-overflow problem in fts3.c.
2021-05-10 huangdarwin@chromium.org sqlite: Improved detection of oversized cells in balance_nonroot(), especially in index b-trees when a cell is being moved from a child page into the parent page in order to become a new divider cell.
Created with:
roll-dep src/third_party/sqlite/src
(cherry picked from commit 009cada961a9a313aa208ffb9e2666457b275637)
Bug: 1209517, 1218707, 1216885, 1204066, 1198216
Change-Id: Id564411566baa26d327fe78b6b89571cb353891b
Auto-Submit: Darwin Huang <huangdarwin@chromium.org>
Commit-Queue: Darwin Huang <huangdarwin@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#894011}
Reviewed-by: Jana Grill <janagrill@google.com>
Commit-Queue: Roger Felipe Zanoni da Silva <rzanoni@google.com>
Cr-Commit-Position: refs/branch-heads/4430@{#1547}
Cr-Branched-From: e5ce7dc4f7518237b3d9bb93cccca35d25216cbe-refs/heads/master@{#857950}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/3042731:
Fix use-after-free with XSLT strip-space
(cherry picked from commit 79fc7bcbc940a66f4edfd2c49a5e63106074836a)
Fixed: 1219209
Change-Id: I3baab9d1b419407d964a80f10c6ca05e0294554f
Commit-Queue: Joey Arhar <jarhar@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#892861}
Reviewed-by: Jana Grill <janagrill@google.com>
Owners-Override: Jana Grill <janagrill@google.com>
Commit-Queue: Roger Felipe Zanoni da Silva <rzanoni@google.com>
Cr-Commit-Position: refs/branch-heads/4430@{#1545}
Cr-Branched-From: e5ce7dc4f7518237b3d9bb93cccca35d25216cbe-refs/heads/master@{#857950}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/3251075:
[M90-LTS][mojo] Validate INTRODUCE source node
INTRODUCE NodeChannel messages should only be acknowledged when coming
from the broker process.
(cherry picked from commit 6e74f7b5cb2f48b17403f0431f3e4f3a2e716265)
Fixed: 1252858
Change-Id: I2dff6d5cab102ce744ad2ad66a9f24b4202cbea8
Commit-Queue: Ken Rockot <rockot@google.com>
Cr-Original-Commit-Position: refs/heads/main@{#926430}
Reviewed-by: Artem Sumaneev <asumaneev@google.com>
Owners-Override: Artem Sumaneev <asumaneev@google.com>
Commit-Queue: Roger Felipe Zanoni da Silva <rzanoni@google.com>
Cr-Commit-Position: refs/branch-heads/4430@{#1655}
Cr-Branched-From: e5ce7dc4f7518237b3d9bb93cccca35d25216cbe-refs/heads/master@{#857950}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/3160208:
[M90-LTS] compositor: fix bug in sending damage regions
Specifically if a layer is added when sending damaged regions the
iterator would be invalidated. This converts to iterating over the
size.
BUG=1242257
TEST=CompositorTestWithMessageLoop.AddLayerDuringUpdateVisualState
(cherry picked from commit 7c0b0577c3ac1060945b7d05ad69f0dec33479b4)
Change-Id: I09f2bd34afce5d3c9402ef470f14923bbc76b8ae
Commit-Queue: Scott Violet <sky@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#917886}
Reviewed-by: Scott Violet <sky@chromium.org>
Reviewed-by: Jana Grill <janagrill@google.com>
Commit-Queue: Zakhar Voit <voit@google.com>
Cr-Commit-Position: refs/branch-heads/4430@{#1607}
Cr-Branched-From: e5ce7dc4f7518237b3d9bb93cccca35d25216cbe-refs/heads/master@{#857950}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/3160014:
[M90-LTS] [layout] Remove limit from LayoutInline::SplitInlines.
After 200 elements the code "gave up" causing the layout tree to be
"strange".
This caused a To<LayoutInline> to fail in the OOF code. Relaxing this
To<> to a DynamicTo<> caused additional CHECKs / DCHECKs all over the
place (not just in NG but in Legacy as well).
This patch removes the limit at which we "give up". This may cause
additional render hangs.
However we currently have a project "block-in-inline" which will (for
most cases) stop inline-splitting for occuring (except in legacy
fallback).
(cherry picked from commit bbd315efb49a4ae257509dd0f0d85c6b5906e0e4)
Bug: 1245786
Change-Id: I5f1c4d6a4b81a8345974de40c0c50a27a839b7b4
Commit-Queue: Ian Kilpatrick <ikilpatrick@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#917771}
Reviewed-by: Jana Grill <janagrill@google.com>
Owners-Override: Jana Grill <janagrill@google.com>
Commit-Queue: Zakhar Voit <voit@google.com>
Cr-Commit-Position: refs/branch-heads/4430@{#1606}
Cr-Branched-From: e5ce7dc4f7518237b3d9bb93cccca35d25216cbe-refs/heads/master@{#857950}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual partial cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/3128603:
Forbid embedding DevTools discovery page as an iframe
Also, mark the discovery page as deprecated and recommend
using chrome://inspect instead.
(cherry picked from commit 8e23347b3e089cd00c9d3741b394b92c21f70f88)
Bug: 1232509, 1232279
Change-Id: I41f8e9f4914d53b72b82ed8343612ad5bb794ce5
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Andrey Kosyakov <caseq@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#905584}
Commit-Queue: Srinivas Sista <srinivassista@chromium.org>
Owners-Override: Srinivas Sista <srinivassista@chromium.org>
Auto-Submit: Srinivas Sista <srinivassista@chromium.org>
Reviewed-by: Andrey Kosyakov <caseq@chromium.org>
Cr-Commit-Position: refs/branch-heads/4515@{#2098}
Cr-Branched-From: 488fc70865ddaa05324ac00a54a6eb783b4bc41c-refs/heads/master@{#885287}
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit a0f1a26add613a2b0d2ef65100fd307d3b906ec3)
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/3068260:
Protect HRTF database loader thread from access by different threads
This patch add a new mutex locker around the HRTF database loader
thread to ensure the safe exclusive access of the loader thread
and the HRTF database.
Bug: 1233564
Change-Id: Ie12b99ffe520d3747e34af387a37637a10aab38a
Auto-Submit: Hongchan Choi <hongchan@chromium.org>
Commit-Queue: Kentaro Hara <haraken@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Cr-Commit-Position: refs/heads/master@{#908269}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Partial backport of patch originally reviedwed on
https://chromium-review.googlesource.com/c/chromium/src/+/2911135:
sensors: Add locking when passing sensor updates to the client
This change updates the Win32 and WinRT sensor backends to acquire the
lock when calling back into the client. This is important because the
client_ variable is set to nullptr when the sensor reader is destroyed
and so synchronization is needed to prevent a null pointer dereference
or use after free.
(cherry picked from commit 6d6e9b5443d3cafce07b8cfc64a52f4ee59cb8ad)
Bug: 1023503
Change-Id: Ie677c7a7376e1b01bacaad66264439c5f5af6a0e
Commit-Queue: Reilly Grant <reillyg@chromium.org>
Auto-Submit: Reilly Grant <reillyg@chromium.org>
Reviewed-by: Chris Mumford <cmumford@google.com>
Cr-Original-Commit-Position: refs/heads/master@{#885336}
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/branch-heads/4515@{#47}
Cr-Branched-From: 488fc70865ddaa05324ac00a54a6eb783b4bc41c-refs/heads/master@{#885287}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/angle/angle/+/2961070:
D3D11: Fix OOB write in Blit11.
This could happen for specific values of the 'dest' target.
Bug: chromium:1219082
Change-Id: Ic19a5dc4a95531f9513403ad9c97a4b4c5dc5a6f
Reviewed-by: Jamie Madill <jmadill@chromium.org>
Reviewed-by: Geoff Lang <geofflang@chromium.org>
Commit-Queue: Jamie Madill <jmadill@chromium.org>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/angle/angle/+/2911032:
D3D11: Fix respecifying 3D textures.
The missing check for the "Depth" dimension could lead to a bug
where we would not recreate a texture when the dimension changed.
Bug: chromium:1210414
Change-Id: Id59097ad14ae77ff80d27081f61786dad17a77ea
Reviewed-by: Geoff Lang <geofflang@chromium.org>
Commit-Queue: Jamie Madill <jmadill@chromium.org>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2940882:
M86-LTS: [debugger] Return ServerError if debugger agent is disabled
This returns a server error on setting breakpoints if the
agent is disabled.
(cherry picked from commit 5aa2de8128f885c44df79d38fb4aa5c6a5d94306)
Also-by: bmeurer@chromium.org
Fixed: chromium:1202534
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Change-Id: I87c80a4bd785fa5c59a8dd0d5ac5f4b31b015ed8
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Kim-Anh Tran <kimanh@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#74399}
Reviewed-by: Achuith Bhandarkar <achuith@chromium.org>
Commit-Queue: Artem Sumaneev <asumaneev@google.com>
Cr-Commit-Position: refs/branch-heads/8.6@{#105}
Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1}
Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2874771:
Add AudioHandler to orphan handlers when context is suspended.
If the context is suspended, pulling of the audio graph is stopped.
But we still need to add the handler in this case so that when the
context is resumed, the handler is still alive until it can be safely
removed. Hence, we must still add the handler if the context is
suspended.
Test cases from issue 1176218 manually tested with no failures. Also
this doesn't cause any regressions in issue 1003807 and issue 1017961.
(Manually tested the test cases from those issues.)
Bug: 1176218
Change-Id: Icd927c488505dfee9ff716866f98286e286d546a
Reviewed-by: Hongchan Choi <hongchan@chromium.org>
Commit-Queue: Raymond Toy <rtoy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#881533}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
| |
This reverts commit bc38ef79d8c2e9ff87fac1937c31b0e5b7d740a2.
Change-Id: I492e1c163ddda95f23cfba2b7aecc489d3ca5d75
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
| |
This reverts commits 7ea027a7d8e05d14e02d93b91a7bf70a23d90b23 and
0532d46d8991dd853421c2f270f8fb45e4d3e6e0.
Change-Id: I64f337bcb3ddd18660c059ba266f502751f54ed3
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
| |
This reverts commit bda00397362bf03ff7b8d88fa54625524f604c7e.
Change-Id: Ic97b0aa8e97b4117aab09ed63fa05711b3164a35
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
| |
Method and enum name differed in Chromium 69.
Change-Id: I72b34348f78aca1d9a1bef77808ab0d5b8536dbb
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
| |
ChangeOp used to be a static method in NodeProperties.
Change-Id: I9c4e0fa49fb9aac9eb4fbf0ba696f8d2ac4745e9
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally submitted as
https://gitlab.freedesktop.org/freetype/freetype/-/merge_requests/23/commits?commit_id=fb1beb00342d6905af5727b924ce6d8d80dcecaa:
Prevent glyph program state from persisting
FDEF instructions are specified as allowed only in 'prep' or 'fpgm'.
FreeType has attempted to prevent their use in the glyph program, but
they were still allowed in glyph program if defined in a function
defined in 'prep' or 'fpgm' and called from the glyph program.
Similarly, IDEF instructions are specified not to be able to modify any
existing instruction. FreeType has attempted to prevent their use in the
glyph program, but they can still be used like FDEF.
This change stores the initial bytecode range type and disallows the use
of FDEF and IDEF while running the glyph program.
Most other state is copied from the TT_Size into the execution context.
However, it is possible for a glyph program to use WS to write to the
storage area or WCVTP, WCVTF, and DELTAC1-3 to write to the control
value table.
Allowing any change to the global state from the glyph program is
problematic as the outlines of any given glyph may change based on the
order the glyphs are loaded or even how many times they are loaded.
There exist fonts which write to the storage area or the control value
table in the glyph program, so their use should not be an error.
Possible solutions to using these in the glyph program are
* ignore the writes.
* value level copy on write, discard modified values when finished.
* array level copy on write, discard the copy when finished.
* array level copy up front.
Ignoring the writes may break otherwise good uses. A full copy up front
was implemented, but was quite heavy as even well behaved fonts required
a full copy and the memory management that goes along with it. Value
level copy on write could use less memory but requires a great deal more
record keeping and complexity. This change implements array level copy
on write. If any attempt is made to write to the control value table or
the storage area when the initial bytecode range was in a glyph program
then the relevant array will be copied to a designated storage area and
the copy used for the rest of the glyph program's execution.
Change-Id: I65887f866c37321744e59f2e64b80f2b056a11a7
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2856118:
Replace std::vector with base::ObserverList to support container modification while iterating
TaskTracker saves list of viewers in vector, that needs to be notified
when distillation is completed. At the time of notifying the viewers,
we are indirectly erasing viewers from vector while iterating.
This is causing container-overflow in asan build when vector has more
than one viewer while notifying.
This change is to replace vector with ObserverList that can be modified
during iteration without invalidating the iterator.
Bug: 1203590
Change-Id: I7c7b8237584c48c9ebc2639b9268a6a78c2db4b2
Reviewed-by: Matt Jones <mdjones@chromium.org>
Commit-Queue: Akhila Veerapuraju <dhveerap@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#877492}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2840452:
[compiler] Fix more truncation bugs in SimplifiedLowering
Bug: chromium:1200490
Change-Id: I3555b6d99bdb4b4e7c302a43a82c17e8bff84ebe
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74097}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2883604:
FileAPI: Terminate FileReaderLoader before dispatching onabort event.
Otherwise FileReader could end up in an inconsistent state where a load
is still in progress while the state was set to done.
Bug: 1201073
Change-Id: Ib2c833537e1badc57d125568d5d35f53f12582a8
Reviewed-by: Austin Sullivan <asully@chromium.org>
Commit-Queue: Marijn Kruisselbrink <mek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#877579}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2681148
Set mode for top-level module worker scripts to kSameOrigin
Bug: 1175503
Change-Id: I9a744da07beea87564b9563656c8ba81325d9a13
Commit-Queue: Hiroshige Hayashizaki <hiroshige@chromium.org>
Reviewed-by: Dominic Farolino <dom@chromium.org>
Reviewed-by: Kouhei Ueno <kouhei@chromium.org>
Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org>
Cr-Commit-Position: refs/heads/master@{#851900}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2833911:
Merged: [turbofan] Harden ArrayPrototypePop and ArrayPrototypeShift
Revision: d4aafa4022b718596b3deadcc3cdcb9209896154
TBR=glazunov@chromium.org
BUG=chromium:1198696
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
Change-Id: I1840ffabbed3a3caab75b0abea1d37d9ed446d3f
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/branch-heads/9.0@{#39}
Cr-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1}
Cr-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport and adaptation to BindingSet of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2778871:
Never fail in ReceiverSet::Add
Because of how UniqueReceiverSet is implemented and used, it is
dangerous to allow Add() to fail: callers reasonably assume that added
objects are still alive immediately after the Add() call.
This changes ReceiverId to a uint64 and simply CHECK-fails on
insert collision.
This fundamentally increases binary size of 32-bit builds, because
a widely used 32-bit data type is expanding to 64 bits for the sake
of security and stability. It is effectively unavoidable for now, and
also just barely above the tolerable threshold.
A follow-up (but less backwards-mergeable) change should be able to
reduce binary size beyond this increase by consolidating shared
code among ReceiverSet template instantiations.
Fixed: 1185732
Change-Id: I9acf6aaaa36e10fdce5aa49a890173caddc13c52
Binary-Size: Unavoidable (see above)
Commit-Queue: Ken Rockot <rockot@google.com>
Auto-Submit: Ken Rockot <rockot@google.com>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#865815}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2835705:
Fix off-by-one error in kAdditiveSafeInteger
Bug: chromium:1198705
Change-Id: I6b3ad82754e1ca72701ce57f16c4f085f8c87f77
Auto-Submit: Georg Neis <neis@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74033}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2839559:
Merged: [compiler] Fix a bug in VisitSpeculativeIntegerAdditiveOp
Revision: 9313c4ce3f32ad81df1c65becccec7e129181ce3
BUG=chromium:1199345
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=nicohartmann@chromium.org
Change-Id: I0ee9f13815b1a7d248d4caa506c6930697e1866c
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/branch-heads/9.0@{#41}
Cr-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1}
Cr-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2826321:
[views] Handle window deletion during HandleDisplayChange.
In principle there is no reason why the HWNDMessageHandler shouldn't be
deleted by a HandleDisplayChange() call out to the delegate, e.g. if the
change results in a change in window layout.
(cherry picked from commit 299155e5e37a77670b7969771e09e9a16b1f5612)
Bug: 1192552
Change-Id: I9fca35ff32e7037c6492f4cee7069e272059b920
Auto-Submit: Wez <wez@chromium.org>
Commit-Queue: Scott Violet <sky@chromium.org>
Reviewed-by: Scott Violet <sky@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#869603}
Cr-Commit-Position: refs/branch-heads/4430@{#1291}
Cr-Branched-From: e5ce7dc4f7518237b3d9bb93cccca35d25216cbe-refs/heads/master@{#857950}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2837712:
M86-LTS: Mojo: Properly validate broadcast events
This corrects broadcast event deserialization by adding a missing
validation step when decoding the outer message header.
(cherry picked from commit 6740adb28374ddeee13febfd5e5d20cb8a365979)
Fixed: 1195308
Change-Id: Ia67a20e48614e7ef00b1b32f7f4e5f20235be310
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Ken Rockot <rockot@google.com>
Cr-Original-Commit-Position: refs/heads/master@{#870238}
Owners-Override: Achuith Bhandarkar <achuith@chromium.org>
Auto-Submit: Achuith Bhandarkar <achuith@chromium.org>
Reviewed-by: Artem Sumaneev <asumaneev@google.com>
Commit-Queue: Achuith Bhandarkar <achuith@chromium.org>
Cr-Commit-Position: refs/branch-heads/4240@{#1614}
Cr-Branched-From: f297677702651916bbf65e59c0d4bbd4ce57d1ee-refs/heads/master@{#800218}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/deps/sqlite/+/2730249:
Fix a couple of memory-sanitizer complaints that could be triggered by a corrupt database.
Cherry-picking from https://www.sqlite.org/src/info/39c8686cabe6c437
FossilOrigin-Name:
9c8686cabe6c437ba4860aade49a701c4f5772b97d9fbe6cb9a394e85b9c092
Bug: 1181276, 1175522
Change-Id: Icc7e115ec54789fab59c03071dccf97987d5ac7f
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of commit originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2792423:
Don't erase InterpolationTypes used by other documents
A registered custom property in one document caused the entry for the
same custom property (unregistered) used in another document to be
deleted, which caused a use-after-free.
Only store the CSSDefaultInterpolationType for unregistered custom
properties and never store registered properties in the map. They may
have different types in different documents when registered.
Bug: 1192054
Change-Id: I1af03d0a298795db99acc9c62f0d0fff8a5e801d
Commit-Queue: Rune Lillesveen <futhark@chromium.org>
Reviewed-by: Robert Flack <flackr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#867692}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2799973:
Fix Mac crash due to use after free of BlinkScrollbarPartAnimation
What is happening is that the BlinkScrollbarPartAnimation instance
passed to BlinkScrollbarPartAnimationTimer is released while
the BlinkScrollbarPartAnimationTimer::TimerFired method runs as
part of BlinkScrollbarPartAnimation::setCurrentProgress call,
during the execution of ScrollbarPainter::setKnobAlpha which ends
up calling BlinkScrollbarPainterDelegate::setUpAlphaAnimation
through a chain of observers.
BlinkScrollbarPainterDelegate::setUpAlphaAnimation releases the
BlinkScrollbarPartAnimation instance which gets deallocated.
BlinkScrollbarPartAnimation::setCurrentProgress continues execution
after ScrollbarPainter::setKnobAlpha returns, but the _scrollbar
pointer is overwritten with garbage and when SetNeedsPaintInvalidation
is called the crash happens.
We retain self in BlinkScrollbarPartAnimation::setCurrentProgress
while it runs and release self before exit. By retaining self
Objective C runtime won't free BlinkScrollbarPartAnimation
while BlinkScrollbarPartAnimationTimer is running and the crash
should be avoided.
(cherry picked from commit 19207bea6bd8472aa4203db328fc7f51826956d4)
Bug: 1183276, 1189926, 1193025
Change-Id: Ibd5092a1dbae53bc21940c43883536624d1b03f3
Commit-Queue: Robert Flack <flackr@chromium.org>
Reviewed-by: Robert Flack <flackr@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#867587}
Commit-Queue: Liviu Tinta <liviutinta@chromium.org>
Cr-Commit-Position: refs/branch-heads/4430@{#979}
Cr-Branched-From: e5ce7dc4f7518237b3d9bb93cccca35d25216cbe-refs/heads/master@{#857950}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2787756:
DevTools: expect PageHandler may be destroyed during Page.navigate
Bug: 1188889
Change-Id: I5c2fcca84834d66c46d77a70683212c2330177a5
Commit-Queue: Andrey Kosyakov <caseq@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Reviewed-by: Karan Bhatia <karandeepb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#867507}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2727306:
Fix removal of observers in NetworkStateNotifier
The NetworkStateNotifier has a per-thread list of observer pointers. If
one is deleted mid-iteration, what we do is replace the pointer in the
list with a 0, and add the index to the zeroed list of observers to
remove after iteration completes. Well, the removal step was broken
for cases where there were multiple elements to remove. It didn't adjust
for the fact that the indexes shifted after each removal.
Bug: 1170148
Change-Id: I446acaae5f8a805a58142848634a0ee8c5f90882
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Josh Karlin <jkarlin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#858853}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2808893:
Mojo: Remove some inappropriate DCHECKs
There are a few places where we DCHECK conditions that cannot be
reliably asserted since they depend on untrusted inputs. These are
replaced with logic to conditionally terminate the connection to the
offending peer process.
Fixed: 1195333
Change-Id: I0c6873bf55d6b0b1d0cbb3c2e5b256e1a57ff696
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Ken Rockot <rockot@google.com>
Cr-Commit-Position: refs/heads/master@{#870007}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2821879:
Forbid script execution while updating the paint lifecycle.
(cherry picked from commit 5425d3b100fab533ea9ddc2ed8fbfc4870db0587)
Bug: 1196781
Change-Id: Idc8d24792d5c413691977b09ca821de4e13887ad
Commit-Queue: Adrian Taylor <adetaylor@chromium.org>
Commit-Queue: Robert Flack <flackr@chromium.org>
Reviewed-by: Xianzhu Wang <wangxianzhu@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#870275}
Reviewed-by: Robert Flack <flackr@chromium.org>
Reviewed-by: Achuith Bhandarkar <achuith@chromium.org>
Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
Commit-Queue: Jana Grill <janagrill@chromium.org>
Cr-Commit-Position: refs/branch-heads/4240@{#1601}
Cr-Branched-From: f297677702651916bbf65e59c0d4bbd4ce57d1ee-refs/heads/master@{#800218}
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
for x86_64
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2820971:
[compiler][x64] Fix bug in InstructionSelector::ChangeInt32ToInt64
Bug: chromium:1196683
Change-Id: Ib4ea738b47b64edc81450583be4c80a41698c3d1
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73903}
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
| |
Added include for SSE instructions.
Change-Id: I0deb6eac8fc2c1e05a88a6b39fb23ce34d8de63b
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
| |
Adjust source file to former subproject structure.
Change-Id: Iea1a9fcd5333a43f9184bf1f32fa181d4ae73123
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2691314:
Use a copy for transferring non detachable buffers
Currently, |DOMArrayBuffer::Transfer()| makes a copy, but still uses
the original buffer for transferring, thus making it possible to share a
regular ArrayBuffer (not SAB) with multiple threads.
Bug: 1177341
Change-Id: Idb48deb1698fe555f32531bc04b55dd3e1fb0a06
Reviewed-by: Srinivas Sista <srinivassista@chromium.org>
Cr-Commit-Position: refs/branch-heads/4145@{#6}
Cr-Branched-From: 247755238324ad7d4f4b4420523b887e49df2e48-refs/heads/master@{#768051}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2636213:
Test for persistent execution context during Animatable::animate.
Prior to the patch, the validity of the execution context was only
checked on entry to the method; however, the execution context can
be invalidated during the course of parsing keyframes or options.
The parsing of options is upstream of Animatable::animate and caught by
the existing check, but invalidation during keyframe parsing could fall
through triggering a crash.
Bug: 1161739
Change-Id: Ic0fc927d1d6ce902592bf92261fd4c506e96afac
Commit-Queue: Kevin Ellis <kevers@chromium.org>
Reviewed-by: Robert Flack <flackr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#844622}
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Partial cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2748077:
Merged: Squashed multiple commits.
Merged: [const-tracking] Mark const field as mutable when reconfiguring
Revision: 7535b91f7cb22274de734d5da7d0324d8653d626
Merged: [const-tracking] Fix incorrect DCHECK in MapUpdater
Revision: f95db8916a731e6e5ccc0282616bc907ce06012f
BUG=chromium:1161847,chromium:1185463,v8:9233
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=ishell@chromium.org
Change-Id: I4a34bafb3b072f2e788b47949947c76110f1b85c
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/branch-heads/9.0@{#18}
Cr-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1}
Cr-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001}
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Partial cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/2780300:
Merged: [deoptimizer] Fix bug in OptimizedFrame::Summarize
Revision: 3353a7d0b017146d543434be4036a81aaf7d25ae
BUG=chromium:1182647
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=bmeurer@chromium.org
Change-Id: I86abd6a3f34169be5f99aa9f54bb7bb3706fa85a
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/branch-heads/8.9@{#49}
Cr-Branched-From: 16b9bbbd581c25391981aa03180b76aa60463a3e-refs/heads/8.9.255@{#1}
Cr-Branched-From: d16a2a688498bd1c3e6a49edb25d8c4ca56232dc-refs/heads/master@{#72039}
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2779918:
Don't use BigBuffer for IPC::Message transport
M86 merge conflicts and resolution:
* ipc/ipc_message_pipe_reader.cc
Fixed extra include.
(cherry picked from commit 85bd7c88523545ab0e497d5e7b3e929793813358)
(cherry picked from commit fad3b9ffe7c7ff82909d911c573bd185aa3b3b50)
Fixed: 1184399
Change-Id: Iddd91ae8d7ae63022b61c96239f5e39261dfb735
Commit-Queue: Ken Rockot <rockot@google.com>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Cr-Original-Original-Commit-Position: refs/heads/master@{#860010}
Auto-Submit: Ken Rockot <rockot@google.com>
Reviewed-by: Adrian Taylor <adetaylor@chromium.org>
Reviewed-by: Alex Gough <ajgo@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Cr-Original-Commit-Position: refs/branch-heads/4389@{#1597}
Cr-Original-Branched-From: 9251c5db2b6d5a59fe4eac7aafa5fed37c139bb7-refs/heads/master@{#843830}
Reviewed-by: Victor-Gabriel Savu <vsavu@google.com>
Reviewed-by: Artem Sumaneev <asumaneev@google.com>
Reviewed-by: Ken Rockot <rockot@google.com>
Auto-Submit: Artem Sumaneev <asumaneev@google.com>
Commit-Queue: Artem Sumaneev <asumaneev@google.com>
Cr-Commit-Position: refs/branch-heads/4240@{#1587}
Cr-Branched-From: f297677702651916bbf65e59c0d4bbd4ce57d1ee-refs/heads/master@{#800218}
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|