Safari Crashing in Version 12.0.1 (14606.2.104.1.1) WebCore::GraphicsLayerCA::updateB...
[WebKit-https.git] / Source / WebCore / ChangeLog
index fd7b18e..e6bdff6 100644 (file)
@@ -1,3 +1,106 @@
+2019-01-09  Dean Jackson  <dino@apple.com>
+
+        Safari Crashing in Version 12.0.1 (14606.2.104.1.1) WebCore::GraphicsLayerCA::updateBackdropFilters
+        https://bugs.webkit.org/show_bug.cgi?id=193309
+        <rdar://problem/45279224>
+
+        Reviewed by Antoine Quint.
+
+        A speculative fix for a CheckedArithmetic crash triggered in updateBackdropFilters.
+
+        The crash log indicates we crash in a Checked<> class that is not recording
+        overflow i.e. it is crashing due to an overflow. The only place in this function
+        where that could happen is when we convert the FloatRect for the backdrop
+        region into a Checked<unsigned> for width and height. This suggests that either
+        the width or height are negative, or the float values are too large for integers,
+        or the product of the two overflows.
+
+        Avoid this by using RecordOverflow, but also changing the code a little to
+        bail if the rectangle is incorrect.
+
+        * platform/graphics/ca/GraphicsLayerCA.cpp:
+        (WebCore::GraphicsLayerCA::updateBackdropFilters):
+
+2019-01-10  Oriol Brufau  <obrufau@igalia.com>
+
+        [css-grid] Let abspos items reference implicit grid lines
+        https://bugs.webkit.org/show_bug.cgi?id=193313
+
+        Reviewed by Manuel Rego Casasnovas.
+
+        While they can't create new implicit grid lines, abspos items
+        can reference existing ones as clarified in
+        https://github.com/w3c/csswg-drafts/commit/511bb63
+
+        This patch makes WebKit match Blink, Firefox and Edge.
+
+        Tests: web-platform-tests/css/css-grid/abspos/grid-positioned-items-padding-001.html
+               web-platform-tests/css/css-grid/abspos/grid-positioned-items-unknown-named-grid-line-001.html
+
+        * rendering/RenderGrid.cpp:
+        (WebCore::RenderGrid::populateExplicitGridAndOrderIterator const):
+        Remove argument from spanSizeForAutoPlacedItem call.
+        (WebCore::RenderGrid::createEmptyGridAreaAtSpecifiedPositionsOutsideGrid const):
+        Remove argument from spanSizeForAutoPlacedItem call.
+        (WebCore::RenderGrid::placeSpecifiedMajorAxisItemsOnGrid const):
+        Remove argument from spanSizeForAutoPlacedItem call.
+        (WebCore::RenderGrid::placeAutoMajorAxisItemOnGrid const):
+        Remove argument from spanSizeForAutoPlacedItem call.
+        (WebCore::RenderGrid::gridAreaBreadthForOutOfFlowChild):
+        Don't treat implicit grid lines as 'auto'.
+        * rendering/RenderGrid.h:
+        Remove unused gridPositionIsAutoForOutOfFlow.
+        * rendering/style/GridPositionsResolver.cpp:
+        (WebCore::adjustGridPositionsFromStyle):
+        Don't treat implicit grid lines as 'auto'.
+        Remove unused gridContainerStyle parameter.
+        (WebCore::GridPositionsResolver::spanSizeForAutoPlacedItem):
+        Remove argument from adjustGridPositionsFromStyle call.
+        Remove unused gridContainerStyle parameter.
+        (WebCore::resolveGridPositionFromStyle):
+        Remove unnecessary assert that uses isValidNamedLineOrArea.
+        (WebCore::GridPositionsResolver::resolveGridPositionsFromStyle):
+        Remove argument from adjustGridPositionsFromStyle call.
+        * rendering/style/GridPositionsResolver.h:
+        Remove unused isValidNamedLineOrArea.
+        Remove unused parameter from spanSizeForAutoPlacedItem.
+
+2019-01-09  Matt Rajca  <mrajca@apple.com>
+
+        Put per-document autoplay behavior behind runtime website policies quirk instead of a compile time flag
+        https://bugs.webkit.org/show_bug.cgi?id=193301
+
+        Reviewed by Jer Noble.
+
+        Instead of unconditionally enabling this with a compile-time flag, let clients
+        enable the quirk on a per-load basis.
+
+        Tests: added API tests in favor of the current layout test as this behavior is no
+               longer on by default unless a client opts in.
+
+        * html/MediaElementSession.cpp:
+        (WebCore::needsPerDocumentAutoplayBehaviorQuirk):
+        (WebCore::MediaElementSession::playbackPermitted const):
+        * loader/DocumentLoader.h:
+
+2019-01-10  Zalan Bujtas  <zalan@apple.com>
+
+        [LFC][BFC][MarginCollapsing] Take collapsed through siblings into account when computing vertical position
+        https://bugs.webkit.org/show_bug.cgi?id=193310
+
+        Reviewed by Antti Koivisto.
+
+        If the block inflow element has previous siblings with collapsed through vertical margins,
+        then this box's before margin could _indirectly_ collapse with the parent. Use the previous siblings
+        to check for margin collapsing.
+
+        Test: fast/block/block-only/collapsed-through-siblings.html
+
+        * layout/blockformatting/BlockFormattingContext.cpp:
+        (WebCore::Layout::BlockFormattingContext::adjustedVerticalPositionAfterMarginCollapsing const):
+        * page/FrameViewLayoutContext.cpp:
+        (WebCore::layoutUsingFormattingContext):
+
 2019-01-10  Alicia Boya GarcĂ­a  <aboya@igalia.com>
 
         [MSE][GStreamer] Use GRefPtr in AppendPipeline::pushNewBuffer()