Crash in the hit testing code via HTMLPlugInElement::isReplacementObscured()
[WebKit-https.git] / Source / WebCore / ChangeLog
index 287168d..06bd2d0 100644 (file)
@@ -1,3 +1,233 @@
+2019-02-15  Ryosuke Niwa  <rniwa@webkit.org>
+
+        Crash in the hit testing code via HTMLPlugInElement::isReplacementObscured()
+        https://bugs.webkit.org/show_bug.cgi?id=194691
+
+        Reviewed by Simon Fraser.
+
+        The crash was caused by HTMLPlugInElement::isReplacementObscured updating the document
+        without updating the layout of ancestor documents (i.e. documents in which frame owner
+        elements appear) even though it hit-tests against the top-level document's RenderView.
+
+        Fixed the bug by updating the layout of the top-level document as needed.
+
+        Test: plugins/unsupported-plugin-with-replacement-in-iframe-crash.html
+
+        * html/HTMLPlugInElement.cpp:
+        (WebCore::HTMLPlugInElement::isReplacementObscured):
+
+2019-02-15  Ross Kirsling  <ross.kirsling@sony.com>
+
+        [WTF] Add environment variable helpers
+        https://bugs.webkit.org/show_bug.cgi?id=192405
+
+        Reviewed by Michael Catanzaro.
+
+        * platform/NotImplemented.h:
+        * platform/cocoa/SystemVersion.mm:
+        (WebCore::createSystemMarketingVersion):
+        * platform/graphics/gstreamer/GStreamerCommon.cpp:
+        (WebCore::initializeGStreamer):
+        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
+        (WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin):
+        * platform/graphics/nicosia/NicosiaPaintingEngine.cpp:
+        (Nicosia::PaintingEngine::create):
+        * platform/graphics/texmap/TextureMapperFPSCounter.cpp:
+        (WebCore::TextureMapperFPSCounter::TextureMapperFPSCounter):
+        * platform/graphics/x11/PlatformDisplayX11.cpp:
+        (WebCore::PlatformDisplayX11::create):
+        * platform/gtk/RenderThemeWidget.cpp:
+        (WebCore::RenderThemeScrollbar::RenderThemeScrollbar):
+        * platform/gtk/ScrollbarThemeGtk.cpp:
+        (WebCore::ScrollbarThemeGtk::ScrollbarThemeGtk):
+        * platform/network/curl/CurlContext.cpp:
+        (WebCore::CurlContext::CurlContext):
+        (WebCore::EnvironmentVariableReader::read): Deleted.
+        (WebCore::EnvironmentVariableReader::defined): Deleted.
+        (WebCore::EnvironmentVariableReader::readAs): Deleted.
+        (WebCore::EnvironmentVariableReader::sscanTemplate): Deleted.
+        (WebCore::EnvironmentVariableReader::sscanTemplate<signed>): Deleted.
+        (WebCore::EnvironmentVariableReader::sscanTemplate<unsigned>): Deleted.
+        * platform/network/curl/NetworkStorageSessionCurl.cpp:
+        (WebCore::defaultCookieJarPath):
+        * platform/network/playstation/CurlSSLHandlePlayStation.cpp:
+        (WebCore::getCACertPathEnv):
+        * platform/network/win/CurlSSLHandleWin.cpp:
+        (WebCore::getCACertPathEnv):
+        * platform/text/hyphen/HyphenationLibHyphen.cpp:
+        (WebCore::topLevelPath):
+        (WebCore::webkitBuildDirectory):
+        * platform/unix/LoggingUnix.cpp:
+        (WebCore::logLevelString):
+        * platform/win/LoggingWin.cpp:
+        (WebCore::logLevelString):
+        Utilize WTF::Environment where possible.
+
+2019-02-15  Antoine Quint  <graouts@apple.com>
+
+        Add a method to dispatch a PointerEvent based on a PlatformTouchEvent
+        https://bugs.webkit.org/show_bug.cgi?id=194702
+        <rdar://problem/48109355>
+
+        Reviewed by Dean Jackson.
+
+        * page/EventHandler.cpp:
+        (WebCore::EventHandler::dispatchPointerEventForTouchAtIndex):
+        * page/EventHandler.h:
+
+2019-02-15  Per Arne Vollan  <pvollan@apple.com>
+
+        [WebVTT] Inline WebVTT styles should start with '::cue'
+        https://bugs.webkit.org/show_bug.cgi?id=194227
+
+        Reviewed by Eric Carlson.
+
+        The original fix in r241203 is not sufficient, since it only checks if the CSS string starts
+        with '::cue'. Before accepting a CSS string from a WebVTT file, it should be checked that
+        all selectors starts with '::cue'.
+
+        Test: media/track/track-cue-css.html
+
+        * html/track/WebVTTParser.cpp:
+        (WebCore::WebVTTParser::checkAndStoreStyleSheet):
+
+2019-02-15  Youenn Fablet  <youenn@apple.com>
+
+        Add binding tests for ContextAllowsMediaDevices and ContextHasServiceWorkerScheme
+        https://bugs.webkit.org/show_bug.cgi?id=194713
+
+        Reviewed by Eric Carlson.
+
+        Binding tests covering mediaDevices and serviceWorker attributes.
+
+        * bindings/scripts/test/JS/JSTestObj.cpp:
+        (WebCore::JSTestObjPrototype::finishCreation):
+        (WebCore::jsTestObjMediaDevices1Getter):
+        (WebCore::jsTestObjMediaDevices1):
+        (WebCore::jsTestObjMediaDevices2Getter):
+        (WebCore::jsTestObjMediaDevices2):
+        (WebCore::jsTestObjServiceWorkers1Getter):
+        (WebCore::jsTestObjServiceWorkers1):
+        (WebCore::jsTestObjServiceWorkers2Getter):
+        (WebCore::jsTestObjServiceWorkers2):
+        * bindings/scripts/test/TestObj.idl:
+
+2019-02-15  Beth Dakin  <bdakin@apple.com>
+
+        Build fix.
+
+        * rendering/RenderThemeIOS.mm:
+        (WebCore::iconForAttachment):
+
+2019-02-15  Youenn Fablet  <youenn@apple.com>
+
+        Make ServiceWorkerClientFetch closer to WebResourceLoader
+        https://bugs.webkit.org/show_bug.cgi?id=194651
+
+        Reviewed by Alex Christensen.
+
+        Check for redirection response and if so call a specific client API.
+        Ensure ServiceWorkerFetch::Client gets called in the service worker thread proxy
+        so that its m_connection is only accessed on that thread.
+
+        Covered by existing tests.
+
+        * platform/network/FormData.h:
+        * platform/network/ResourceErrorBase.h:
+        * workers/service/context/ServiceWorkerFetch.cpp:
+        (WebCore::ServiceWorkerFetch::processResponse):
+        * workers/service/context/ServiceWorkerFetch.h:
+        * workers/service/context/ServiceWorkerThreadProxy.cpp:
+        (WebCore::ServiceWorkerThreadProxy::cancelFetch):
+        (WebCore::ServiceWorkerThreadProxy::continueDidReceiveFetchResponse):
+        * workers/service/context/ServiceWorkerThreadProxy.h:
+
+2019-02-15  Youenn Fablet  <youenn@apple.com>
+
+        Make navigator.mediaDevices SecureContext
+        https://bugs.webkit.org/show_bug.cgi?id=194666
+
+        Reviewed by Eric Carlson.
+
+        Make navigator.mediaDevices SecureContext.
+        This can still be enabled for unsecure context using the existing page settings.
+        To cover that case, introduce ContextHasMediaDevices custom IDL keyword.
+
+        Covered by API test.
+
+        * Modules/mediastream/NavigatorMediaDevices.idl:
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (GenerateRuntimeEnableConditionalString):
+        * bindings/scripts/IDLAttributes.json:
+        * dom/ScriptExecutionContext.cpp:
+        (WebCore::ScriptExecutionContext::hasMediaDevices const):
+        (WebCore::ScriptExecutionContext::hasServiceWorkerScheme const):
+        * dom/ScriptExecutionContext.h:
+
+2019-02-15  Youenn Fablet  <youenn@apple.com>
+
+        WebSocket should not fire events after being stopped
+        https://bugs.webkit.org/show_bug.cgi?id=194690
+
+        Reviewed by Geoffrey Garen.
+
+        dispatchOrQueueErrorEvent is scheduled using RunLoop::main().dispatch or dispatch_async.
+        This makes it possible to dispatch an event while WebSocket is already stopped.
+        Instead, use Document::postTask so that the task is only executed if WebSocket is not stopped.
+
+        As a refactoring, make use of PendingActivity to keep track of setPendingActivity/unsetPendingActivity more easily.
+
+        * Modules/websockets/WebSocket.cpp:
+        (WebCore::WebSocket::stop):
+        (WebCore::WebSocket::connect):
+        * Modules/websockets/WebSocket.h:
+
+2019-02-15  Youenn Fablet  <youenn@apple.com>
+
+        Performance should not fire events when its context is stopped
+        https://bugs.webkit.org/show_bug.cgi?id=194689
+
+        Reviewed by Alex Christensen.
+
+        Stop the timer when its context is destroyed.
+        Add an assertion to ensure the timer does not fire after context is destroyed.
+
+        * page/Performance.cpp:
+        (WebCore::Performance::stop):
+
+2019-02-15  Alex Christensen  <achristensen@webkit.org>
+
+        REGRESSION: ( r240978-r240985 ) [ iOS Release ] Layout Test imported/w3c/web-platform-tests/xhr/send-redirect-post-upload.htm is crashing
+        https://bugs.webkit.org/show_bug.cgi?id=194523
+
+        Reviewed by Geoffrey Garen.
+
+        The scope of the FormCreationContext was limited to the scope of createHTTPBodyCFReadStream,
+        so when it was used in formCreate it was lucky to get the same context if the stack hadn't been overwritten
+        and if the FormData hadn't been freed.  Instead, keep it alive with new/delete like we do the FormStreamFields.
+        A younger me should've noticed this when reviewing r218517.
+
+        * platform/network/cf/FormDataStreamCFNet.cpp:
+        (WebCore::formCreate):
+        (WebCore::createHTTPBodyCFReadStream):
+
+2019-02-15  Commit Queue  <commit-queue@webkit.org>
+
+        Unreviewed, rolling out r241559 and r241566.
+        https://bugs.webkit.org/show_bug.cgi?id=194710
+
+        Causes layout test crashes under GuardMalloc (Requested by
+        ryanhaddad on #webkit).
+
+        Reverted changesets:
+
+        "[WTF] Add environment variable helpers"
+        https://bugs.webkit.org/show_bug.cgi?id=192405
+        https://trac.webkit.org/changeset/241559
+
+        "Unreviewed build fix for WinCairo Debug after r241559."
+        https://trac.webkit.org/changeset/241566
+
 2019-02-15  Youenn Fablet  <youenn@apple.com>
 
         Stop the endpoint synchronously in RTCPeerConnection::close