Branch: refs/heads/webkitglib/2.48
Home: https://github.com/WebKit/WebKit
Commit: faa0083a2794967d67fff230501fc5be169c4dcb
https://github.com/WebKit/WebKit/commit/faa0083a2794967d67fff230501fc5be169c4dcb
Author: Jer Noble <[email protected]>
Date: 2025-09-15 (Mon, 15 Sep 2025)
Changed paths:
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Tools/TestWebKitAPI/Tests/WebKit/GetUserMedia.mm
M Tools/TestWebKitAPI/Tests/WebKitCocoa/media-session-capture.html
Log Message:
-----------
Cherry-pick 297297.104@safari-7622-branch (e36cad1573d4).
https://bugs.webkit.org/show_bug.cgi?id=296153
gUM() for video does not issue permission request after muting and
requesting gUM() for audio
rdar://150695123
https://bugs.webkit.org/show_bug.cgi?id=296153
Reviewed by Andy Estes.
Apply the adjusted media capture state to WebPageProxy's internal capture
state, which
forces each capture type to require a permission prompt to unmute.
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::setMuted):
* Tools/TestWebKitAPI/Tests/WebKit/GetUserMedia.mm:
(TestWebKitAPI::(WebKit2, GetUserMediaAfterMuting)):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/media-session-capture.html:
Canonical link: https://commits.webkit.org/297297.104@safari-7622-branch
Canonical link: https://commits.webkit.org/290945.373@webkitglib/2.48
Commit: 8dd01d54122374cf087cbf6e19364f52510aaf2d
https://github.com/WebKit/WebKit/commit/8dd01d54122374cf087cbf6e19364f52510aaf2d
Author: Yijia Huang <[email protected]>
Date: 2025-09-15 (Mon, 15 Sep 2025)
Changed paths:
M
Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp
Log Message:
-----------
Cherry-pick 297297.140@safari-7622-branch (881d4e9ef8e5).
https://bugs.webkit.org/show_bug.cgi?id=296226
[JSC] Fix instanceof metadata fields in
LLIntPrototypeLoadAdaptiveStructureWatchpoint
https://bugs.webkit.org/show_bug.cgi?id=296226
rdar://156196469
Reviewed by Mark Lam and Yusuke Suzuki.
OpInstanceof::getHasInstance should clear m_hasInstanceModeMetadata.
OpInstanceof::getPrototype should clear m_prototypeModeMetadata.
Canonical link: https://commits.webkit.org/297297.140@safari-7622-branch
Canonical link: https://commits.webkit.org/290945.374@webkitglib/2.48
Commit: 4682763729ed288acdb7e7bd4442bc3ed119b0af
https://github.com/WebKit/WebKit/commit/4682763729ed288acdb7e7bd4442bc3ed119b0af
Author: Adrian Perez de Castro <[email protected]>
Date: 2025-09-15 (Mon, 15 Sep 2025)
Changed paths:
A JSTests/stress/instanceof-osr-exit-hasInstance-getter.js
A JSTests/stress/instanceof-osr-exit-prototype-getter.js
M Source/JavaScriptCore/bytecode/BytecodeList.rb
M Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp
M Source/JavaScriptCore/llint/LLIntOpcode.h
M Source/JavaScriptCore/llint/LLIntSlowPaths.cpp
M Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
Log Message:
-----------
Cherry-pick 297297.141@safari-7622-branch (ed4e91038f2b).
https://bugs.webkit.org/show_bug.cgi?id=296042
ASSERTION FAILED: constructor.isObject() when OSR from an inlined function
https://bugs.webkit.org/show_bug.cgi?id=296042
rdar://155947925
Reviewed by Keith Miller.
The checkpoint OSR exit handler for op_instanceof was incorrectly trying to
re-execute the instanceof logic instead of processing the result of the
already-completed inlined call.
The fix simplifies the OpInstanceof::getPrototype case to directly use the
inlined call result and proceed with JSObject::defaultHasInstance(), which
is the correct behavior for OSR exit handlers.
In addition, both OpInstanceof::getHasInstance and OpInstanceof::instanceof
should never be reached in
llint_slow_path_checkpoint_osr_exit_from_inlined_call
since:
1. OpInstanceof::instanceof has no inlined calls.
2. OpInstanceof::getHasInstance as the first checkpoint, the inlined call
exit
would directly exit to the OSR exit site in the callee and finish the
callee,
then resume the caller from baseline/LLInt.
Canonical link: https://commits.webkit.org/297297.141@safari-7622-branch
Canonical link: https://commits.webkit.org/290945.375@webkitglib/2.48
Commit: 5a82b06e1bfbc2fa83e3afb31079bbc6a8018804
https://github.com/WebKit/WebKit/commit/5a82b06e1bfbc2fa83e3afb31079bbc6a8018804
Author: Youenn Fablet <[email protected]>
Date: 2025-09-15 (Mon, 15 Sep 2025)
Changed paths:
M LayoutTests/fast/url/urlpattern-invalid-pattern.html
M Source/WebCore/Modules/url-pattern/URLPatternTokenizer.cpp
Log Message:
-----------
Cherry-pick 296301@main (fa85413077ac).
https://bugs.webkit.org/show_bug.cgi?id=294550
Validate escape character in URLPattern
https://bugs.webkit.org/show_bug.cgi?id=294550
rdar://153275502
Reviewed by Anne van Kesteren and Per Arne Vollan.
URLPatternTokenizer needs to check for the position where we will read the
next token to return the proper exception.
* LayoutTests/fast/url/urlpattern-invalid-pattern.html:
* Source/WebCore/Modules/url-pattern/URLPatternTokenizer.cpp:
(WebCore::URLPatternUtilities::Tokenizer::tokenize):
Canonical link: https://commits.webkit.org/296301@main
Canonical link: https://commits.webkit.org/290945.376@webkitglib/2.48
Commit: 5131e836c4015ab38daf0720baa68a3b1828b3e1
https://github.com/WebKit/WebKit/commit/5131e836c4015ab38daf0720baa68a3b1828b3e1
Author: Yusuke Suzuki <[email protected]>
Date: 2025-09-16 (Tue, 16 Sep 2025)
Changed paths:
A JSTests/stress/regexp-matches-array-should-respect-have-a-bad-time.js
M Source/JavaScriptCore/runtime/JSGlobalObjectInlines.h
Log Message:
-----------
Cherry-pick 289651.443@safari-7621-branch (e4c46a52540e).
https://bugs.webkit.org/show_bug.cgi?id=291745
[JSC]ASSERTION FAILED: !needsSlowPutIndexing() at ensureArrayStorageSlow
https://bugs.webkit.org/show_bug.cgi?id=291745
rdar://149546458
Reviewed by Keith Miller.
We should not create Contiguous array when have-a-bad-time happened for
RegExp match results.
* JSTests/stress/regexp-matches-array-should-respect-have-a-bad-time.js:
Added.
(F0.C4):
(F0.f5):
(F0):
(set get for):
* Source/JavaScriptCore/runtime/JSGlobalObjectInlines.h:
(JSC::tryCreateContiguousArrayWithPattern):
Canonical link: https://commits.webkit.org/289651.443@safari-7621-branch
Canonical link: https://commits.webkit.org/297297.193@safari-7622-branch
Canonical link: https://commits.webkit.org/290945.377@webkitglib/2.48
Commit: 0508a4200b8f973f602af0f83e4e438a3444d6cb
https://github.com/WebKit/WebKit/commit/0508a4200b8f973f602af0f83e4e438a3444d6cb
Author: Daniel Liu <[email protected]>
Date: 2025-09-16 (Tue, 16 Sep 2025)
Changed paths:
A JSTests/wasm/stress/omg-osr-stack-slot-positioning.js
M Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp
Log Message:
-----------
Cherry-pick 297297.196@safari-7622-branch (c4c5c5e57ff5).
https://bugs.webkit.org/show_bug.cgi?id=296490
OMG stack slots should be positioned at the beginning of the OSR buffer
when IPInt OSR layout is used
https://bugs.webkit.org/show_bug.cgi?id=296490
rdar://155783944
Reviewed by Yusuke Suzuki.
IPInt uses rethrow slots in the OSR buffer, which are positioned at the
beginning of the buffer. During OSR stackmap generation, OMG should not
put in any locals or stack values until all slots are accounted for and
incremented past.
* JSTests/wasm/stress/omg-osr-stack-slot-positioning.js: Added.
(instantiate):
(async let):
* Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp:
(JSC::Wasm::OMGIRGenerator::addLoop):
Canonical link: https://commits.webkit.org/297297.196@safari-7622-branch
Canonical link: https://commits.webkit.org/290945.378@webkitglib/2.48
Commit: 6d9919c7ee49d241ca0e65366f8aa05a24ee349e
https://github.com/WebKit/WebKit/commit/6d9919c7ee49d241ca0e65366f8aa05a24ee349e
Author: Chris Dumez <[email protected]>
Date: 2025-09-16 (Tue, 16 Sep 2025)
Changed paths:
M Source/WebKit/Platform/IPC/Connection.cpp
M Source/WebKit/Platform/IPC/Connection.h
Log Message:
-----------
Cherry-pick 297696@main (674611789255).
https://bugs.webkit.org/show_bug.cgi?id=296276
Crash under
WTF::Detail::CallableWrapper<IPC::Connection::dispatchDidCloseAndInvalidate()::$_0,
void>::call
https://bugs.webkit.org/show_bug.cgi?id=296276
rdar://156192754
Reviewed by Darin Adler.
We were holding a CheckedPtr to the IPC::Connection::Client on the stack
when
calling `didClose()`. However, calling `didClose()` can cause the Client
object
to get destroyed. To address the issue, hold a RefPtr to the Client object
instead.
* Source/WebKit/Platform/IPC/Connection.cpp:
(IPC::Connection::dispatchSyncMessage):
(IPC::Connection::dispatchDidReceiveInvalidMessage):
(IPC::Connection::dispatchDidCloseAndInvalidate):
(IPC::Connection::enqueueIncomingMessage):
(IPC::Connection::dispatchMessage):
* Source/WebKit/Platform/IPC/Connection.h:
(IPC::Connection::protectedClient const):
(IPC::Connection::waitForAndDispatchImmediately):
(IPC::Connection::checkedClient const): Deleted.
Canonical link: https://commits.webkit.org/297696@main
Canonical link: https://commits.webkit.org/290945.379@webkitglib/2.48
Commit: ba246b21a60310e3189827a1f9424a9e4ef4df71
https://github.com/WebKit/WebKit/commit/ba246b21a60310e3189827a1f9424a9e4ef4df71
Author: Philippe Normand <[email protected]>
Date: 2025-09-17 (Wed, 17 Sep 2025)
Changed paths:
M Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.cpp
M Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.h
M Source/WebCore/platform/graphics/gstreamer/VideoFrameMetadataGStreamer.cpp
M
Source/WebCore/platform/mediastream/gstreamer/GStreamerCaptureDeviceManager.h
M Source/WebCore/platform/mediastream/gstreamer/GStreamerCapturer.cpp
M Source/WebCore/platform/mediastream/gstreamer/GStreamerCapturer.h
M
Source/WebCore/platform/mediastream/gstreamer/GStreamerIncomingTrackProcessor.cpp
M Source/WebCore/platform/mediastream/gstreamer/GStreamerVideoCapturer.cpp
M Source/WebCore/platform/mediastream/gstreamer/GStreamerVideoCapturer.h
Log Message:
-----------
Cherry-pick 299959@main (77738c8819ec).
https://bugs.webkit.org/show_bug.cgi?id=298834
[GStreamer] Fix various mediastream and pad probe buffer leaks reported by
the GStreamer leak tracer
https://bugs.webkit.org/show_bug.cgi?id=298834
Reviewed by Xabier Rodriguez-Calvar.
The most important leaks were in the buffer pad probes that modify buffers,
the previous ones were
not un-reffed. The other leaks were about the pipewire device manager and
several other GStreamer
objects not cleared before gst_deinit() was called.
Driving-by in the video capturer modify existing caps instead of doing
copies.
* Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.cpp:
(gst_pad_probe_info_set_buffer):
* Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.h:
*
Source/WebCore/platform/graphics/gstreamer/VideoFrameMetadataGStreamer.cpp:
(videoFrameMetadataGetInfo):
(webkitGstTraceProcessingTimeForElement):
*
Source/WebCore/platform/mediastream/gstreamer/GStreamerCaptureDeviceManager.h:
* Source/WebCore/platform/mediastream/gstreamer/GStreamerCapturer.cpp:
(WebCore::GStreamerCapturer::~GStreamerCapturer):
(WebCore::GStreamerCapturer::tearDown):
(WebCore::GStreamerCapturer::createSource):
* Source/WebCore/platform/mediastream/gstreamer/GStreamerCapturer.h:
*
Source/WebCore/platform/mediastream/gstreamer/GStreamerIncomingTrackProcessor.cpp:
(WebCore::GStreamerIncomingTrackProcessor::installRtpBufferPadProbe):
* Source/WebCore/platform/mediastream/gstreamer/GStreamerVideoCapturer.cpp:
(WebCore::GStreamerVideoCapturer::tearDown):
(WebCore::GStreamerVideoCapturer::setSize):
(WebCore::GStreamerVideoCapturer::setFrameRate):
* Source/WebCore/platform/mediastream/gstreamer/GStreamerVideoCapturer.h:
Canonical link: https://commits.webkit.org/299959@main
Canonical link: https://commits.webkit.org/290945.380@webkitglib/2.48
Compare: https://github.com/WebKit/WebKit/compare/c3a0a28362b0...ba246b21a603
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
