Branch: refs/heads/webkitglib/2.52
Home: https://github.com/WebKit/WebKit
Commit: b4354677fb9f98871580f75bf4da2f54a2799c15
https://github.com/WebKit/WebKit/commit/b4354677fb9f98871580f75bf4da2f54a2799c15
Author: Ruthvik Konda <[email protected]>
Date: 2026-03-12 (Thu, 12 Mar 2026)
Changed paths:
M Source/ThirdParty/ANGLE/src/common/angleutils.cpp
M Source/ThirdParty/ANGLE/src/common/angleutils_unittest.cpp
Log Message:
-----------
Cherry-pick 309080@main (3df36642bc36).
https://bugs.webkit.org/show_bug.cgi?id=309609
ANGLE: Add mutex to MakeStaticString to fix data race crash
https://bugs.webkit.org/show_bug.cgi?id=309609
rdar://171048125
Reviewed by Kimmo Kinnunen.
MakeStaticString() in angleutils.cpp uses a function-local static
std::set<std::string> without synchronization. When multiple
SharedWorker threads simultaneously initialize WebGL contexts via
OffscreenCanvas, concurrent find() and insert() operations corrupt
the red-black tree, causing NULL pointer dereference crashes in
__tree_balance_after_insert.
Add angle::SimpleMutex to protect the static set, following the
same heap-allocated mutex pattern used by debug.cpp's g_debugMutex.
* Source/ThirdParty/ANGLE/src/common/angleutils.cpp:
(MakeStaticString):
* Source/ThirdParty/ANGLE/src/common/angleutils_unittest.cpp:
(MakeStaticString_ThreadSafety_Test::TestBody):
Canonical link: https://commits.webkit.org/309080@main
Canonical link: https://commits.webkit.org/305877.190@webkitglib/2.52
Commit: 8a70705eb6426ab97c4cf307fc8a056ae77e633e
https://github.com/WebKit/WebKit/commit/8a70705eb6426ab97c4cf307fc8a056ae77e633e
Author: Nipun Shukla <[email protected]>
Date: 2026-03-12 (Thu, 12 Mar 2026)
Changed paths:
A PerformanceTests/Layout/nested-column-flexboxes-branching.html
M Source/WebCore/rendering/RenderFlexibleBox.cpp
M Source/WebCore/rendering/RenderFlexibleBox.h
Log Message:
-----------
Cherry-pick 309068@main (fc6f33a5416a).
https://bugs.webkit.org/show_bug.cgi?id=289072
flexbox container leads to complete freeze of WebKit
https://bugs.webkit.org/show_bug.cgi?id=289072
rdar://146141220
Reviewed by Sammy Gill.
In maybeCacheFlexItemMainIntrinsicSize, skip calling
updateBlockChildDirtyBitsBeforeLayout when we already
have a cached intrinsic size and the child doesn't need
layout for non-percentage reasons. This prevents
updateBlockChildDirtyBitsBeforeLayout from marking items
dirty solely due to percentage heights, which previously
caused each nested flex container to redundantly
re-layout all its descendants. Also skip setting
forceFlexItemRelayout to true unless the main axis size
has changed and we have already completed a layout pass
at the same container height.
A performance test is included to verify progression in
a pathological case with deep nesting. That microbenchmark
progresses from ~1.1 runs/s across 20 iterations to
~58 runs/s with this patch.
No functionality change should occur with this patch.
* PerformanceTests/Layout/nested-column-flexboxes-branching.html: Added.
* Source/WebCore/rendering/RenderFlexibleBox.cpp:
(WebCore::RenderFlexibleBox::performFlexLayout):
(WebCore::RenderFlexibleBox::maybeCacheFlexItemMainIntrinsicSize):
(WebCore::RenderFlexibleBox::layoutAndPlaceFlexItems):
* Source/WebCore/rendering/RenderFlexibleBox.h:
Canonical link: https://commits.webkit.org/309068@main
Canonical link: https://commits.webkit.org/305877.191@webkitglib/2.52
Compare: https://github.com/WebKit/WebKit/compare/2a7345540f6d...8a70705eb642
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
