Submitted By: Ken Moffat Date: 2021-05-04 Initial Package Version: 20210401-git Upstream Status: Applied Origin: The 5.15 branch of qtwebengine as at 20210503 Description: Consolidated fixes, with various security issues including fixes for: CVE-2021-21233: Heap buffer overflow in ANGLE CVE-2021-21231: Insufficient data validation in V8 CVE-2021-21230: Type Confusion in V8 CVE-2021-21227: Insufficient data validation in V8 CVE-2021-21225: Out of bounds memory access in V8 CVE-2021-21224: Type Confusion in V8 CVE-2021-21223: Integer overflow in Mojo CVE-2021-21222: Heap buffer overflow in V8 CVE-2021-21221: Insufficient validation of untrusted input in Mojo CVE-2021-21220: Insufficient validation of untrusted input in V8 for x86_64 CVE-2021-21219: Uninitialized Use in PDFium CVE-2021-21218: Uninitialized Use in PDFium CVE-2021-21217: Uninitialized Use in PDFium CVE-2021-21214: Use after free in Network API CVE-2021-21213: Use after free in WebMIDI CVE-2021-21209: Inappropriate implementation in storage CVE-2021-21207: Use after free in IndexedDB CVE-2021-21206: Use after free in Blink CVE-2021-21204: Use after free in Blink. CVE-2021-21203: Use after free in Blink CVE-2021-21202: Use after free in extensions. CVE-2021-21201: Use after free in permissions diff -Naur a/examples/webengine/quicknanobrowser/BrowserWindow.qml b/examples/webengine/quicknanobrowser/BrowserWindow.qml --- a/examples/webengine/quicknanobrowser/BrowserWindow.qml 2021-04-01 15:33:27.000000000 +0100 +++ b/examples/webengine/quicknanobrowser/BrowserWindow.qml 2021-04-30 21:32:18.571697411 +0100 @@ -624,6 +624,18 @@ tabs.currentIndex = tabs.count - 1; request.openIn(tab.item); } + + Timer { + id: hideTimer + interval: 0 + running: false + repeat: false + onTriggered: devToolsEnabled.checked = false + } + onWindowCloseRequested: function(request) { + // Delay hiding for keep the inspectedView set to receive the ACK message of close. + hideTimer.running = true; + } } MessageDialog { id: sslDialog diff -Naur a/examples/webenginewidgets/printme/printhandler.cpp b/examples/webenginewidgets/printme/printhandler.cpp --- a/examples/webenginewidgets/printme/printhandler.cpp 2021-04-01 15:33:27.000000000 +0100 +++ b/examples/webenginewidgets/printme/printhandler.cpp 2021-04-30 21:34:49.539660859 +0100 @@ -107,6 +107,7 @@ return; m_inPrintPreview = true; QPrinter printer; + printer.setResolution(300); QPrintPreviewDialog preview(&printer, m_page->view()); connect(&preview, &QPrintPreviewDialog::paintRequested, this, &PrintHandler::printDocument); diff -Naur a/GIT-VERSIONS b/GIT-VERSIONS --- a/GIT-VERSIONS 2021-04-03 00:30:45.000000000 +0100 +++ b/GIT-VERSIONS 2021-05-04 21:35:42.246620082 +0100 @@ -1,47 +1,31 @@ -This is the 5.15 branch of qtwebengine as at 2021-04-01 +This is the 5.15 branch of qtwebengine as at 2021-05-03 Specifically, the main qt code is at -commit e0b4b9436033e9bc376597ed90dd1fca9cdc90ff (HEAD -> 5.15, origin/5.15) -Author: Michael Brüning -Date: Thu Apr 1 13:32:58 2021 +0200 - - Update Chromium - - Submodule update src/3rdparty 8d49f9a2..d13920f2: - - > [Backport] Security bug 1185482 - > [Backport] Security bug 1161847 - > [Backport] Security bug 1161379 - > [Backport] CVE-2021-21198: Out of bounds read in IPC - > [Backport] CVE-2021-21195: Use after free in V8 - - Task-number: QTBUG-92080 - Change-Id: I638a0fa0285d46736cfbf5406874702bd3600580 - Reviewed-by: Jüri Valdmann +commit a7d3b4cb07dd41ae020bdfa2973096332b9d4396 (HEAD -> 5.15, origin/5.15) +Author: Allan Sandfeld Jensen +Date: Thu Apr 22 10:56:02 2021 +0200 + + Allow leaving OCSP off + + This form of OCSP is not good, so try to at least allow it to be + disabled, until we remove it. + + Fixes: QTBUG-91467 + Change-Id: Ied9e8c4960e6ea1503dea39ebbced2ad1af08d5d + Reviewed-by: Qt CI Bot + Reviewed-by: Peter Varga and the src/3rdparty code is from the 87-based branch at -commit d13920f28c2f3922e0cf793996ea33d02b81a0a4 (HEAD -> 87-based, origin/87-based) -Author: Scott Violet -Date: Tue Mar 23 18:47:22 2021 +0000 +commit 6c7b4ffb3fe19e7c6a2db60ce2d05c3b50c16ffc (HEAD -> 87-based, origin/87-based) +Author: Allan Sandfeld Jensen +Date: Tue Apr 27 15:52:43 2021 +0200 - [Backport] Security bug 1185482 - - Cherry-pick of patch originally reviewed on - https://chromium-review.googlesource.com/c/chromium/src/+/2779886: - x11/ozone: fix two edge cases - - WindowTreeHost::OnHostMovedInPixels() may trigger a nested message - loop (tab dragging), which when the stack unravels means this may - be deleted. This adds an early out if this happens. - - X11WholeScreenMoveLoop has a similar issue, in so far as notifying - the delegate may delete this. - - BUG=1185482 - TEST=WindowTreeHostPlatform.DeleteHostFromOnHostMovedInPixels + FIXUP: Avoid crashing on new window in cross-origin isolated content - (cherry picked from commit 5e3a738b1204941aab9f15c0eb3d06e20fefd96e) + Wasn't adapted to 87-based. + Change-Id: I2e07bbcf902be226b76e01c44964293574569f16 + Reviewed-by: Michael Brüning diff -Naur a/src/3rdparty/chromium/chrome/common/BUILD.gn b/src/3rdparty/chromium/chrome/common/BUILD.gn --- a/src/3rdparty/chromium/chrome/common/BUILD.gn 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/chrome/common/BUILD.gn 2021-04-30 20:09:19.944733968 +0100 @@ -330,16 +330,19 @@ } if (is_mac) { - assert(enable_extensions) sources += [ - "extensions/image_writer/image_writer_util_mac.cc", - "extensions/image_writer/image_writer_util_mac.h", "mac/launchd.h", "mac/launchd.mm", "mac/service_management.h", "mac/service_management.mm", "multi_process_lock_mac.cc", ] + if (enable_extensions) { + sources += [ + "extensions/image_writer/image_writer_util_mac.cc", + "extensions/image_writer/image_writer_util_mac.h", + ] + } public_deps += [ ":app_mode_app_support" ] } diff -Naur a/src/3rdparty/chromium/components/permissions/permission_manager.cc b/src/3rdparty/chromium/components/permissions/permission_manager.cc --- a/src/3rdparty/chromium/components/permissions/permission_manager.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/components/permissions/permission_manager.cc 2021-04-30 20:11:17.392753946 +0100 @@ -536,14 +536,14 @@ origin->GetURL()); } -int PermissionManager::SubscribePermissionStatusChange( +PermissionManager::SubscriptionId PermissionManager::SubscribePermissionStatusChange( PermissionType permission, content::RenderFrameHost* render_frame_host, const GURL& requesting_origin, base::RepeatingCallback callback) { DCHECK_CURRENTLY_ON(content::BrowserThread::UI); if (is_shutting_down_) - return 0; + return SubscriptionId(); if (subscriptions_.IsEmpty()) PermissionsClient::Get() @@ -580,16 +580,20 @@ subscription->callback = base::BindRepeating(&SubscriptionCallbackWrapper, std::move(callback)); - return subscriptions_.Add(std::move(subscription)); + auto id = subscription_id_generator_.GenerateNextId(); + subscriptions_.AddWithID(std::move(subscription), id); + return id; } -void PermissionManager::UnsubscribePermissionStatusChange(int subscription_id) { +void PermissionManager::UnsubscribePermissionStatusChange( + SubscriptionId subscription_id) { DCHECK_CURRENTLY_ON(content::BrowserThread::UI); if (is_shutting_down_) return; - // Whether |subscription_id| is known will be checked by the Remove() call. - subscriptions_.Remove(subscription_id); + if (subscriptions_.Lookup(subscription_id)) { + subscriptions_.Remove(subscription_id); + } if (subscriptions_.IsEmpty()) { PermissionsClient::Get() diff -Naur a/src/3rdparty/chromium/components/permissions/permission_manager.h b/src/3rdparty/chromium/components/permissions/permission_manager.h --- a/src/3rdparty/chromium/components/permissions/permission_manager.h 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/components/permissions/permission_manager.h 2021-04-30 20:11:17.392753946 +0100 @@ -114,13 +114,13 @@ bool IsPermissionOverridableByDevTools( content::PermissionType permission, const base::Optional& origin) override; - int SubscribePermissionStatusChange( + SubscriptionId SubscribePermissionStatusChange( content::PermissionType permission, content::RenderFrameHost* render_frame_host, const GURL& requesting_origin, base::RepeatingCallback callback) override; - void UnsubscribePermissionStatusChange(int subscription_id) override; + void UnsubscribePermissionStatusChange(SubscriptionId subscription_id) override; // TODO(raymes): Rather than exposing this, use the denial reason from // GetPermissionStatus in callers to determine whether a permission is @@ -153,7 +153,8 @@ class PermissionResponseCallback; struct Subscription; - using SubscriptionsMap = base::IDMap>; + using SubscriptionsMap = + base::IDMap, SubscriptionId>; PermissionContextBase* GetPermissionContext(ContentSettingsType type); @@ -186,6 +187,7 @@ content::BrowserContext* browser_context_; PendingRequestsMap pending_requests_; SubscriptionsMap subscriptions_; + SubscriptionId::Generator subscription_id_generator_; PermissionContextMap permission_contexts_; using ContentSettingsTypeOverrides = diff -Naur a/src/3rdparty/chromium/content/browser/appcache/appcache_backfillers.cc b/src/3rdparty/chromium/content/browser/appcache/appcache_backfillers.cc --- a/src/3rdparty/chromium/content/browser/appcache/appcache_backfillers.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/content/browser/appcache/appcache_backfillers.cc 2021-04-30 21:19:25.173851255 +0100 @@ -7,7 +7,7 @@ #include "content/browser/appcache/appcache_update_job.h" #include "net/http/http_request_headers.h" #include "sql/statement.h" -#include "storage/browser/quota/padding_key.h" +#include "storage/common/quota/padding_key.h" #include "url/gurl.h" namespace content { @@ -18,9 +18,7 @@ std::string manifest_url) { if (GURL(response_url).GetOrigin() == GURL(manifest_url).GetOrigin()) return 0; - return storage::ComputeResponsePadding( - response_url, storage::GetDefaultPaddingKey(), /*has_metadata=*/false, - /*loaded_with_credentials=*/false, net::HttpRequestHeaders::kGetMethod); + return storage::ComputeRandomResponsePadding(); } // Iterates over each Cache record; execute |callable| on each iteration. diff -Naur a/src/3rdparty/chromium/content/browser/appcache/appcache_database.cc b/src/3rdparty/chromium/content/browser/appcache/appcache_database.cc --- a/src/3rdparty/chromium/content/browser/appcache/appcache_database.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/content/browser/appcache/appcache_database.cc 2021-04-30 21:19:25.173851255 +0100 @@ -19,7 +19,6 @@ #include "sql/meta_table.h" #include "sql/statement.h" #include "sql/transaction.h" -#include "storage/browser/quota/padding_key.h" #include "third_party/blink/public/common/features.h" namespace content { diff -Naur a/src/3rdparty/chromium/content/browser/appcache/appcache_update_job.cc b/src/3rdparty/chromium/content/browser/appcache/appcache_update_job.cc --- a/src/3rdparty/chromium/content/browser/appcache/appcache_update_job.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/content/browser/appcache/appcache_update_job.cc 2021-04-30 21:19:25.173851255 +0100 @@ -26,7 +26,7 @@ #include "net/base/net_errors.h" #include "net/base/request_priority.h" #include "net/http/http_request_headers.h" -#include "storage/browser/quota/padding_key.h" +#include "storage/common/quota/padding_key.h" #include "third_party/blink/public/common/features.h" #include "third_party/blink/public/mojom/appcache/appcache.mojom.h" #include "third_party/blink/public/mojom/devtools/console_message.mojom.h" @@ -207,10 +207,7 @@ if (response_url.GetOrigin() == manifest_url.GetOrigin()) return 0; - return storage::ComputeResponsePadding( - response_url.spec(), storage::GetDefaultPaddingKey(), - /*has_metadata=*/false, /*loaded_with_credentials=*/false, - net::HttpRequestHeaders::kGetMethod); + return storage::ComputeRandomResponsePadding(); } } // namespace diff -Naur a/src/3rdparty/chromium/content/browser/cache_storage/cache_storage_histogram_utils.h b/src/3rdparty/chromium/content/browser/cache_storage/cache_storage_histogram_utils.h --- a/src/3rdparty/chromium/content/browser/cache_storage/cache_storage_histogram_utils.h 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/content/browser/cache_storage/cache_storage_histogram_utils.h 2021-04-30 21:19:25.174852986 +0100 @@ -37,7 +37,8 @@ kCreateBackendDidCreateFailed = 22, kStorageGetAllMatchedEntriesBackendClosed = 23, kStorageHandleNull = 24, - kMaxValue = kStorageHandleNull, + kWriteSideDataDidWriteMetadataWrongBytes = 25, + kMaxValue = kWriteSideDataDidWriteMetadataWrongBytes, }; blink::mojom::CacheStorageError MakeErrorStorage(ErrorStorageType type); diff -Naur a/src/3rdparty/chromium/content/browser/cache_storage/cache_storage_index.cc b/src/3rdparty/chromium/content/browser/cache_storage/cache_storage_index.cc --- a/src/3rdparty/chromium/content/browser/cache_storage/cache_storage_index.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/content/browser/cache_storage/cache_storage_index.cc 2021-04-30 21:19:46.382508156 +0100 @@ -11,8 +11,7 @@ CacheStorageIndex::CacheStorageIndex() : doomed_cache_metadata_("", CacheStorage::kSizeUnknown, - CacheStorage::kSizeUnknown, - "") { + CacheStorage::kSizeUnknown) { ClearDoomedCache(); } diff -Naur a/src/3rdparty/chromium/content/browser/cache_storage/cache_storage_index.h b/src/3rdparty/chromium/content/browser/cache_storage/cache_storage_index.h --- a/src/3rdparty/chromium/content/browser/cache_storage/cache_storage_index.h 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/content/browser/cache_storage/cache_storage_index.h 2021-04-30 21:19:46.382508156 +0100 @@ -21,11 +21,8 @@ class CONTENT_EXPORT CacheStorageIndex { public: struct CacheMetadata { - CacheMetadata(const std::string& name, - int64_t size, - int64_t padding, - const std::string& padding_key) - : name(name), size(size), padding(padding), padding_key(padding_key) {} + CacheMetadata(const std::string& name, int64_t size, int64_t padding) + : name(name), size(size), padding(padding) {} std::string name; // The size (in bytes) of the cache. Set to CacheStorage::kSizeUnknown if // size not known. @@ -35,9 +32,6 @@ // if padding not known. int64_t padding; - // The raw key used to calculate padding for some cache entries. - std::string padding_key; - // The algorithm version used to calculate this padding. int32_t padding_version; }; diff -Naur a/src/3rdparty/chromium/content/browser/cache_storage/cache_storage.proto b/src/3rdparty/chromium/content/browser/cache_storage/cache_storage.proto --- a/src/3rdparty/chromium/content/browser/cache_storage/cache_storage.proto 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/content/browser/cache_storage/cache_storage.proto 2021-04-30 21:20:05.693885817 +0100 @@ -13,7 +13,7 @@ required string name = 1; optional string cache_dir = 2; optional int64 size = 3; - optional string padding_key = 4; + optional string padding_key = 4 [deprecated = true]; optional int64 padding = 5; optional int32 padding_version = 6; } @@ -49,13 +49,15 @@ optional int64 response_time = 6; repeated string cors_exposed_header_names = 7; repeated string url_list = 8; - optional bool loaded_with_credentials = 9; + optional bool loaded_with_credentials = 9 [deprecated = true]; // Mapped to net::HttpResponseInfo::ConnectionInfo via static casting. optional int32 connection_info = 10; optional string alpn_negotiated_protocol = 11; optional bool was_fetched_via_spdy = 12; optional string mime_type = 13; optional string request_method = 14; + optional int64 padding = 15; + optional int64 side_data_padding = 16; } message CacheMetadata { diff -Naur a/src/3rdparty/chromium/content/browser/cache_storage/legacy/legacy_cache_storage_cache.cc b/src/3rdparty/chromium/content/browser/cache_storage/legacy/legacy_cache_storage_cache.cc --- a/src/3rdparty/chromium/content/browser/cache_storage/legacy/legacy_cache_storage_cache.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/content/browser/cache_storage/legacy/legacy_cache_storage_cache.cc 2021-04-30 21:20:05.693885817 +0100 @@ -53,8 +53,8 @@ #include "net/http/http_status_code.h" #include "services/network/public/mojom/fetch_api.mojom.h" #include "storage/browser/blob/blob_storage_context.h" -#include "storage/browser/quota/padding_key.h" #include "storage/browser/quota/quota_manager_proxy.h" +#include "storage/common/quota/padding_key.h" #include "third_party/blink/public/common/cache_storage/cache_storage_utils.h" #include "third_party/blink/public/common/fetch/fetch_api_request_headers_map.h" #include "third_party/blink/public/mojom/loader/referrer.mojom.h" @@ -79,7 +79,8 @@ // // 1: Uniform random 400K. // 2: Uniform random 14,431K. -const int32_t kCachePaddingAlgorithmVersion = 2; +// 3: FetchAPIResponse.padding and separate side data padding. +const int32_t kCachePaddingAlgorithmVersion = 3; // Maximum number of recursive QueryCacheOpenNextEntry() calls we permit // before forcing an asynchronous task. @@ -374,6 +375,14 @@ std::move(callback).Run(std::move(metadata)); } +bool ShouldPadResourceSize(const content::proto::CacheResponse* response) { + return storage::ShouldPadResponseType( + ProtoResponseTypeToFetchResponseType(response->response_type())); +} +bool ShouldPadResourceSize(const blink::mojom::FetchAPIResponse& response) { + return storage::ShouldPadResponseType(response.response_type); +} + blink::mojom::FetchAPIRequestPtr CreateRequest( const proto::CacheMetadata& metadata, const GURL& request_url) { @@ -394,6 +403,7 @@ } blink::mojom::FetchAPIResponsePtr CreateResponse( + const url::Origin& origin, const proto::CacheMetadata& metadata, const std::string& cache_name) { // We no longer support Responses with only a single URL entry. This field @@ -427,6 +437,15 @@ if (metadata.response().has_request_method()) request_method = metadata.response().request_method(); + auto response_time = + base::Time::FromInternalValue(metadata.response().response_time()); + int64_t padding = 0; + if (metadata.response().has_padding()) { + padding = metadata.response().padding(); + } else if (ShouldPadResourceSize(&metadata.response())) { + padding = storage::ComputeRandomResponsePadding(); + } + // Note that |has_range_requested| can be safely set to false since it only // affects HTTP 206 (Partial) responses, which are blocked from cache storage. // See https://fetch.spec.whatwg.org/#main-fetch for usage of @@ -435,10 +454,9 @@ url_list, metadata.response().status_code(), metadata.response().status_text(), ProtoResponseTypeToFetchResponseType(metadata.response().response_type()), - network::mojom::FetchResponseSource::kCacheStorage, headers, mime_type, - request_method, nullptr /* blob */, - blink::mojom::ServiceWorkerResponseError::kUnknown, - base::Time::FromInternalValue(metadata.response().response_time()), + padding, network::mojom::FetchResponseSource::kCacheStorage, headers, + mime_type, request_method, /*blob=*/nullptr, + blink::mojom::ServiceWorkerResponseError::kUnknown, response_time, cache_name, std::vector( metadata.response().cors_exposed_header_names().begin(), @@ -448,55 +466,28 @@ // Default proto value of 0 maps to CONNECTION_INFO_UNKNOWN. static_cast( metadata.response().connection_info()), - alpn_negotiated_protocol, metadata.response().loaded_with_credentials(), - metadata.response().was_fetched_via_spdy(), - /* has_range_requested */ false); -} - -// The size of opaque (non-cors) resource responses are padded in order -// to obfuscate their actual size. -bool ShouldPadResponseType(network::mojom::FetchResponseType response_type, - bool has_urls) { - switch (response_type) { - case network::mojom::FetchResponseType::kBasic: - case network::mojom::FetchResponseType::kCors: - case network::mojom::FetchResponseType::kDefault: - case network::mojom::FetchResponseType::kError: - return false; - case network::mojom::FetchResponseType::kOpaque: - case network::mojom::FetchResponseType::kOpaqueRedirect: - return has_urls; - } - NOTREACHED(); - return false; -} - -bool ShouldPadResourceSize(const content::proto::CacheResponse* response) { - return ShouldPadResponseType( - ProtoResponseTypeToFetchResponseType(response->response_type()), - response->url_list_size()); -} - -bool ShouldPadResourceSize(const blink::mojom::FetchAPIResponse& response) { - return ShouldPadResponseType(response.response_type, - !response.url_list.empty()); + alpn_negotiated_protocol, metadata.response().was_fetched_via_spdy(), + /*has_range_requested=*/false); } - -int64_t CalculateResponsePaddingInternal( +int64_t CalculateSideDataPadding( + const url::Origin& origin, const ::content::proto::CacheResponse* response, - const crypto::SymmetricKey* padding_key, int side_data_size) { DCHECK(ShouldPadResourceSize(response)); DCHECK_GE(side_data_size, 0); + + if (!side_data_size) + return 0; + // Fallback to random padding if this is for an older entry without + // a url list or request method. + if (response->url_list_size() == 0 || !response->has_request_method()) + return storage::ComputeRandomResponsePadding(); + const std::string& url = response->url_list(response->url_list_size() - 1); - bool loaded_with_credentials = response->has_loaded_with_credentials() && - response->loaded_with_credentials(); - const std::string& request_method = response->has_request_method() - ? response->request_method() - : net::HttpRequestHeaders::kGetMethod; - return storage::ComputeResponsePadding(url, padding_key, side_data_size > 0, - loaded_with_credentials, - request_method); + const base::Time response_time = + base::Time::FromInternalValue(response->response_time()); + return storage::ComputeStableResponsePadding( + origin, url, response_time, response->request_method(), side_data_size); } net::RequestPriority GetDiskCachePriority( @@ -508,12 +499,19 @@ } // namespace struct LegacyCacheStorageCache::QueryCacheResult { - explicit QueryCacheResult(base::Time entry_time) : entry_time(entry_time) {} + QueryCacheResult(base::Time entry_time, + int64_t padding, + int64_t side_data_padding) + : entry_time(entry_time), + padding(padding), + side_data_padding(side_data_padding) {} blink::mojom::FetchAPIRequestPtr request; blink::mojom::FetchAPIResponsePtr response; disk_cache::ScopedEntryPtr entry; base::Time entry_time; + int64_t padding = 0; + int64_t side_data_padding = 0; }; struct LegacyCacheStorageCache::QueryCacheContext { @@ -555,13 +553,12 @@ LegacyCacheStorage* cache_storage, scoped_refptr scheduler_task_runner, scoped_refptr quota_manager_proxy, - scoped_refptr blob_storage_context, - std::unique_ptr cache_padding_key) { + scoped_refptr blob_storage_context) { LegacyCacheStorageCache* cache = new LegacyCacheStorageCache( origin, owner, cache_name, base::FilePath(), cache_storage, std::move(scheduler_task_runner), std::move(quota_manager_proxy), - std::move(blob_storage_context), 0 /* cache_size */, - 0 /* cache_padding */, std::move(cache_padding_key)); + std::move(blob_storage_context), /*cache_size=*/0, + /*cache_padding=*/0); cache->SetObserver(cache_storage); cache->InitBackend(); return base::WrapUnique(cache); @@ -579,13 +576,11 @@ scoped_refptr quota_manager_proxy, scoped_refptr blob_storage_context, int64_t cache_size, - int64_t cache_padding, - std::unique_ptr cache_padding_key) { + int64_t cache_padding) { LegacyCacheStorageCache* cache = new LegacyCacheStorageCache( origin, owner, cache_name, path, cache_storage, std::move(scheduler_task_runner), std::move(quota_manager_proxy), - std::move(blob_storage_context), cache_size, cache_padding, - std::move(cache_padding_key)); + std::move(blob_storage_context), cache_size, cache_padding); cache->SetObserver(cache_storage); cache->InitBackend(); return base::WrapUnique(cache); @@ -1031,8 +1026,7 @@ scoped_refptr quota_manager_proxy, scoped_refptr blob_storage_context, int64_t cache_size, - int64_t cache_padding, - std::unique_ptr cache_padding_key) + int64_t cache_padding) : origin_(origin), owner_(owner), cache_name_(cache_name), @@ -1044,7 +1038,6 @@ scheduler_task_runner_)), cache_size_(cache_size), cache_padding_(cache_padding), - cache_padding_key_(std::move(cache_padding_key)), max_query_size_bytes_(kMaxQueryCacheResultBytes), cache_observer_(nullptr), cache_entry_handler_( @@ -1054,7 +1047,6 @@ memory_only_(path.empty()) { DCHECK(!origin_.opaque()); DCHECK(quota_manager_proxy_.get()); - DCHECK(cache_padding_key_.get()); if (cache_size_ != CacheStorage::kSizeUnknown && cache_padding_ != CacheStorage::kSizeUnknown) { @@ -1248,17 +1240,40 @@ return; } + // Check for older cache entries that need to be padded, but don't + // have any padding stored in the entry. Upgrade these entries + // as we encounter them. This method will be re-entered once the + // new paddings are written back to disk. + if (ShouldPadResourceSize(&metadata->response()) && + !metadata->response().has_padding()) { + QueryCacheUpgradePadding(std::move(query_cache_context), std::move(entry), + std::move(metadata)); + return; + } + // If the entry was created before we started adding entry times, then // default to using the Response object's time for sorting purposes. int64_t entry_time = metadata->has_entry_time() ? metadata->entry_time() : metadata->response().response_time(); - query_cache_context->matches->push_back( - QueryCacheResult(base::Time::FromInternalValue(entry_time))); + // Note, older entries that don't require padding may still not have + // a padding value since we don't pay the cost to upgrade these entries. + // Treat these as a zero padding. + int64_t padding = + metadata->response().has_padding() ? metadata->response().padding() : 0; + int64_t side_data_padding = metadata->response().has_side_data_padding() + ? metadata->response().side_data_padding() + : 0; + + DCHECK(!ShouldPadResourceSize(&metadata->response()) || + (padding + side_data_padding)); + + query_cache_context->matches->push_back(QueryCacheResult( + base::Time::FromInternalValue(entry_time), padding, side_data_padding)); QueryCacheResult* match = &query_cache_context->matches->back(); match->request = CreateRequest(*metadata, GURL(entry->GetKey())); - match->response = CreateResponse(*metadata, cache_name_); + match->response = CreateResponse(origin_, *metadata, cache_name_); if (!match->response) { entry->Doom(); @@ -1320,6 +1335,49 @@ QueryCacheOpenNextEntry(std::move(query_cache_context)); } +void LegacyCacheStorageCache::QueryCacheUpgradePadding( + std::unique_ptr query_cache_context, + disk_cache::ScopedEntryPtr entry, + std::unique_ptr metadata) { + DCHECK(ShouldPadResourceSize(&metadata->response())); + // This should only be called while initializing because the padding + // version change should trigger an immediate query of all resources + // to recompute padding. + DCHECK(initializing_); + auto* response = metadata->mutable_response(); + response->set_padding(storage::ComputeRandomResponsePadding()); + response->set_side_data_padding(CalculateSideDataPadding( + origin_, response, entry->GetDataSize(INDEX_SIDE_DATA))); + // Get a temporary copy of the entry and metadata pointers before moving them + // into base::BindOnce. + disk_cache::Entry* temp_entry_ptr = entry.get(); + auto* temp_metadata_ptr = metadata.get(); + WriteMetadata( + temp_entry_ptr, *temp_metadata_ptr, + base::BindOnce( + [](base::WeakPtr self, + std::unique_ptr query_cache_context, + disk_cache::ScopedEntryPtr entry, + std::unique_ptr metadata, int expected_bytes, + int rv) { + if (!self) + return; + if (expected_bytes != rv) { + entry->Doom(); + self->QueryCacheOpenNextEntry(std::move(query_cache_context)); + return; + } + // We must have a padding here in order to avoid infinite + // recursion. + DCHECK(metadata->response().has_padding()); + self->QueryCacheDidReadMetadata(std::move(query_cache_context), + std::move(entry), + std::move(metadata)); + }, + weak_ptr_factory_.GetWeakPtr(), std::move(query_cache_context), + std::move(entry), std::move(metadata))); +} + // static bool LegacyCacheStorageCache::QueryCacheResultCompare( const QueryCacheResult& lhs, @@ -1346,26 +1404,6 @@ } // static -int64_t LegacyCacheStorageCache::CalculateResponsePadding( - const blink::mojom::FetchAPIResponse& response, - const crypto::SymmetricKey* padding_key, - int side_data_size) { - DCHECK_GE(side_data_size, 0); - if (!ShouldPadResourceSize(response)) - return 0; - // Going forward we should always have a request method here since its - // impossible to create a no-cors Response via the constructor. We must - // handle a missing method, however, since we may get a Response loaded - // from an old cache_storage instance without the data. - std::string request_method = response.request_method.has_value() - ? response.request_method.value() - : net::HttpRequestHeaders::kGetMethod; - return storage::ComputeResponsePadding( - response.url_list.back().spec(), padding_key, side_data_size > 0, - response.loaded_with_credentials, request_method); -} - -// static int32_t LegacyCacheStorageCache::GetResponsePaddingVersion() { return kCachePaddingAlgorithmVersion; } @@ -1458,6 +1496,38 @@ std::move(out_responses)); } +void LegacyCacheStorageCache::WriteMetadata( + disk_cache::Entry* entry, + const proto::CacheMetadata& metadata, + WriteMetadataCallback callback) { + std::unique_ptr serialized = std::make_unique(); + if (!metadata.SerializeToString(serialized.get())) { + std::move(callback).Run(0, -1); + return; + } + + scoped_refptr buffer = + base::MakeRefCounted(std::move(serialized)); + + auto callback_with_expected_bytes = base::BindOnce( + [](WriteMetadataCallback callback, int expected_bytes, int rv) { + std::move(callback).Run(expected_bytes, rv); + }, + std::move(callback), buffer->size()); + + // Create a callback that is copyable, even though it can only be called once. + net::CompletionRepeatingCallback adapted_callback = + base::AdaptCallbackForRepeating(std::move(callback_with_expected_bytes)); + + DCHECK(scheduler_->IsRunningExclusiveOperation()); + int rv = + entry->WriteData(INDEX_HEADERS, /*offset=*/0, buffer.get(), + buffer->size(), adapted_callback, /*truncate=*/true); + + if (rv != net::ERR_IO_PENDING) + std::move(adapted_callback).Run(rv); +} + void LegacyCacheStorageCache::WriteSideDataDidGetQuota( ErrorCallback callback, const GURL& url, @@ -1576,19 +1646,13 @@ if (!headers || headers->response().response_time() != expected_response_time.ToInternalValue()) { WriteSideDataComplete(std::move(callback), std::move(entry), + /*padding=*/0, /*side_data_padding=*/0, CacheStorageError::kErrorNotFound); return; } // Get a temporary copy of the entry pointer before passing it in base::Bind. disk_cache::Entry* temp_entry_ptr = entry.get(); - std::unique_ptr response( - headers->release_response()); - - int side_data_size_before_write = 0; - if (ShouldPadResourceSize(response.get())) - side_data_size_before_write = entry->GetDataSize(INDEX_SIDE_DATA); - // Create a callback that is copyable, even though it can only be called once. // BindRepeating() cannot be used directly because |callback|, |entry| and // |response| are not copyable. @@ -1596,7 +1660,7 @@ base::AdaptCallbackForRepeating(base::BindOnce( &LegacyCacheStorageCache::WriteSideDataDidWrite, weak_ptr_factory_.GetWeakPtr(), std::move(callback), std::move(entry), - buf_len, std::move(response), side_data_size_before_write, trace_id)); + buf_len, std::move(headers), trace_id)); DCHECK(scheduler_->IsRunningExclusiveOperation()); int rv = temp_entry_ptr->WriteData( @@ -1611,8 +1675,7 @@ ErrorCallback callback, ScopedWritableEntry entry, int expected_bytes, - std::unique_ptr<::content::proto::CacheResponse> response, - int side_data_size_before_write, + std::unique_ptr<::content::proto::CacheMetadata> metadata, int64_t trace_id, int rv) { TRACE_EVENT_WITH_FLOW0("CacheStorage", @@ -1620,31 +1683,67 @@ TRACE_ID_GLOBAL(trace_id), TRACE_EVENT_FLAG_FLOW_IN); if (rv != expected_bytes) { WriteSideDataComplete(std::move(callback), std::move(entry), + /*padding=*/0, /*side_data_padding=*/0, CacheStorageError::kErrorStorage); return; } - if (ShouldPadResourceSize(response.get())) { - cache_padding_ -= CalculateResponsePaddingInternal( - response.get(), cache_padding_key_.get(), side_data_size_before_write); + auto* response = metadata->mutable_response(); - cache_padding_ += CalculateResponsePaddingInternal( - response.get(), cache_padding_key_.get(), rv); + if (ShouldPadResourceSize(response)) { + cache_padding_ -= response->side_data_padding(); + + response->set_side_data_padding( + CalculateSideDataPadding(origin_, response, rv)); + cache_padding_ += response->side_data_padding(); + + // Get a temporary copy of the entry pointer before passing it in + // base::Bind. + disk_cache::Entry* temp_entry_ptr = entry.get(); + + WriteMetadata( + temp_entry_ptr, *metadata, + base::BindOnce(&LegacyCacheStorageCache::WriteSideDataDidWriteMetadata, + weak_ptr_factory_.GetWeakPtr(), std::move(callback), + std::move(entry), response->padding(), + response->side_data_padding())); + return; } WriteSideDataComplete(std::move(callback), std::move(entry), + response->padding(), response->side_data_padding(), CacheStorageError::kSuccess); } +void LegacyCacheStorageCache::WriteSideDataDidWriteMetadata( + ErrorCallback callback, + ScopedWritableEntry entry, + int64_t padding, + int64_t side_data_padding, + int expected_bytes, + int rv) { + auto result = blink::mojom::CacheStorageError::kSuccess; + if (rv != expected_bytes) { + result = MakeErrorStorage( + ErrorStorageType::kWriteSideDataDidWriteMetadataWrongBytes); + } + WriteSideDataComplete(std::move(callback), std::move(entry), padding, + side_data_padding, result); +} + void LegacyCacheStorageCache::WriteSideDataComplete( ErrorCallback callback, ScopedWritableEntry entry, + int64_t padding, + int64_t side_data_padding, blink::mojom::CacheStorageError error) { if (error != CacheStorageError::kSuccess) { // If we found the entry, then we possibly wrote something and now we're // dooming the entry, causing a change in size, so update the size before // returning. if (error != CacheStorageError::kErrorNotFound) { + entry.reset(); + cache_padding_ -= (padding + side_data_padding); UpdateCacheSize(base::BindOnce(std::move(callback), error)); return; } @@ -1810,8 +1909,6 @@ put_context->response->response_type)); for (const auto& url : put_context->response->url_list) response_metadata->add_url_list(url.spec()); - response_metadata->set_loaded_with_credentials( - put_context->response->loaded_with_credentials); response_metadata->set_connection_info( put_context->response->connection_info); response_metadata->set_alpn_negotiated_protocol( @@ -1838,40 +1935,33 @@ for (const auto& header : put_context->response->cors_exposed_header_names) response_metadata->add_cors_exposed_header_names(header); - std::unique_ptr serialized(new std::string()); - if (!metadata.SerializeToString(serialized.get())) { - PutComplete( - std::move(put_context), - MakeErrorStorage(ErrorStorageType::kMetadataSerializationFailed)); - return; + DCHECK(!ShouldPadResourceSize(*put_context->response) || + put_context->response->padding); + response_metadata->set_padding(put_context->response->padding); + + int64_t side_data_padding = 0; + if (ShouldPadResourceSize(*put_context->response) && + put_context->side_data_blob) { + side_data_padding = CalculateSideDataPadding( + origin_, response_metadata, put_context->side_data_blob_size); } - - scoped_refptr buffer = - base::MakeRefCounted(std::move(serialized)); + response_metadata->set_side_data_padding(side_data_padding); // Get a temporary copy of the entry pointer before passing it in base::Bind. disk_cache::Entry* temp_entry_ptr = put_context->cache_entry.get(); - // Create a callback that is copyable, even though it can only be called once. - // BindRepeating() cannot be used directly because |put_context| is not - // copyable. - net::CompletionRepeatingCallback write_headers_callback = - base::AdaptCallbackForRepeating( - base::BindOnce(&LegacyCacheStorageCache::PutDidWriteHeaders, - weak_ptr_factory_.GetWeakPtr(), std::move(put_context), - buffer->size())); - - DCHECK(scheduler_->IsRunningExclusiveOperation()); - rv = temp_entry_ptr->WriteData(INDEX_HEADERS, 0 /* offset */, buffer.get(), - buffer->size(), write_headers_callback, - true /* truncate */); - - if (rv != net::ERR_IO_PENDING) - std::move(write_headers_callback).Run(rv); + WriteMetadata( + temp_entry_ptr, metadata, + base::BindOnce(&LegacyCacheStorageCache::PutDidWriteHeaders, + weak_ptr_factory_.GetWeakPtr(), std::move(put_context), + response_metadata->padding(), + response_metadata->side_data_padding())); } void LegacyCacheStorageCache::PutDidWriteHeaders( std::unique_ptr put_context, + int64_t padding, + int64_t side_data_padding, int expected_bytes, int rv) { TRACE_EVENT_WITH_FLOW0("CacheStorage", @@ -1887,11 +1977,9 @@ return; } - if (ShouldPadResourceSize(*put_context->response)) { - cache_padding_ += CalculateResponsePadding(*put_context->response, - cache_padding_key_.get(), - 0 /* side_data_size */); - } + DCHECK(!ShouldPadResourceSize(*put_context->response) || + (padding + side_data_padding)); + cache_padding_ += padding + side_data_padding; PutWriteBlobToCache(std::move(put_context), INDEX_RESPONSE_BODY); } @@ -2075,12 +2163,9 @@ int64_t cache_padding = 0; if (error == CacheStorageError::kSuccess) { for (const auto& result : *query_cache_results) { - if (ShouldPadResourceSize(*result.response)) { - int32_t side_data_size = - result.entry ? result.entry->GetDataSize(INDEX_SIDE_DATA) : 0; - cache_padding += CalculateResponsePadding( - *result.response, cache_padding_key_.get(), side_data_size); - } + DCHECK(!ShouldPadResourceSize(*result.response) || + (result.padding + result.side_data_padding)); + cache_padding += result.padding + result.side_data_padding; } } @@ -2281,9 +2366,9 @@ for (auto& result : *query_cache_results) { disk_cache::ScopedEntryPtr entry = std::move(result.entry); if (ShouldPadResourceSize(*result.response)) { - cache_padding_ -= - CalculateResponsePadding(*result.response, cache_padding_key_.get(), - entry->GetDataSize(INDEX_SIDE_DATA)); + DCHECK(!ShouldPadResourceSize(*result.response) || + (result.padding + result.side_data_padding)); + cache_padding_ -= (result.padding + result.side_data_padding); } entry->Doom(); } diff -Naur a/src/3rdparty/chromium/content/browser/cache_storage/legacy/legacy_cache_storage_cache.h b/src/3rdparty/chromium/content/browser/cache_storage/legacy/legacy_cache_storage_cache.h --- a/src/3rdparty/chromium/content/browser/cache_storage/legacy/legacy_cache_storage_cache.h 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/content/browser/cache_storage/legacy/legacy_cache_storage_cache.h 2021-04-30 21:19:46.383509887 +0100 @@ -28,10 +28,6 @@ #include "third_party/blink/public/mojom/quota/quota_types.mojom.h" #include "url/origin.h" -namespace crypto { -class SymmetricKey; -} - namespace storage { class QuotaManagerProxy; } // namespace storage @@ -47,7 +43,6 @@ namespace proto { class CacheMetadata; -class CacheResponse; } // namespace proto namespace cache_storage_cache_unittest { @@ -69,8 +64,7 @@ LegacyCacheStorage* cache_storage, scoped_refptr scheduler_task_runner, scoped_refptr quota_manager_proxy, - scoped_refptr blob_storage_context, - std::unique_ptr cache_padding_key); + scoped_refptr blob_storage_context); static std::unique_ptr CreatePersistentCache( const url::Origin& origin, CacheStorageOwner owner, @@ -81,12 +75,7 @@ scoped_refptr quota_manager_proxy, scoped_refptr blob_storage_context, int64_t cache_size, - int64_t cache_padding, - std::unique_ptr cache_padding_key); - static int64_t CalculateResponsePadding( - const blink::mojom::FetchAPIResponse& response, - const crypto::SymmetricKey* padding_key, - int side_data_size); + int64_t cache_padding); static int32_t GetResponsePaddingVersion(); void Match(blink::mojom::FetchAPIRequestPtr request, @@ -147,11 +136,15 @@ // will exit early. Close should only be called once per CacheStorageCache. void Close(base::OnceClosure callback); - // The size of the cache's contents. + // The size of the cache's contents. The callback reports the padded + // size. If you want the unpadded size you may call the cache_size() + // getter method on the cache object when the callback is invoked; the + // getter will have an up-to-date value at that point. void Size(SizeCallback callback); // Gets the cache's size, closes the backend, and then runs |callback| with - // the cache's size. + // the cache's size. As per the comment for Size(), this also returns the + // padded size. void GetSizeThenClose(SizeCallback callback); void Put(blink::mojom::FetchAPIRequestPtr request, @@ -177,10 +170,6 @@ int64_t cache_padding() const { return cache_padding_; } - const crypto::SymmetricKey* cache_padding_key() const { - return cache_padding_key_.get(); - } - // Return the total cache size (actual size + padding). If either is unknown // then CacheStorage::kSizeUnknown is returned. int64_t PaddedCacheSize() const; @@ -252,8 +241,7 @@ scoped_refptr quota_manager_proxy, scoped_refptr blob_storage_context, int64_t cache_size, - int64_t cache_padding, - std::unique_ptr cache_padding_key); + int64_t cache_padding); // Runs |callback| with matching requests/response data. The data provided // in the QueryCacheResults depends on the |query_type|. If |query_type| is @@ -278,6 +266,10 @@ std::unique_ptr query_cache_context, disk_cache::ScopedEntryPtr entry, std::unique_ptr metadata); + void QueryCacheUpgradePadding( + std::unique_ptr query_cache_context, + disk_cache::ScopedEntryPtr entry, + std::unique_ptr metadata); static bool QueryCacheResultCompare(const QueryCacheResult& lhs, const QueryCacheResult& rhs); static size_t EstimatedResponseSizeWithoutBlob( @@ -306,6 +298,13 @@ blink::mojom::CacheStorageError error, std::unique_ptr query_cache_results); + // Utility method to write metadata headers to an entry. + using WriteMetadataCallback = + base::OnceCallback; + void WriteMetadata(disk_cache::Entry* entry, + const proto::CacheMetadata& metadata, + WriteMetadataCallback callback); + // WriteSideData callbacks void WriteSideDataDidGetQuota(ErrorCallback callback, const GURL& url, @@ -351,12 +350,19 @@ ErrorCallback callback, ScopedWritableEntry entry, int expected_bytes, - std::unique_ptr response, - int side_data_size_before_write, + std::unique_ptr metadata, int64_t trace_id, int rv); + void WriteSideDataDidWriteMetadata(ErrorCallback callback, + ScopedWritableEntry entry, + int64_t padding, + int64_t side_data_padding, + int expected_bytes, + int rv); void WriteSideDataComplete(ErrorCallback callback, ScopedWritableEntry entry, + int64_t padding, + int64_t side_data_padding, blink::mojom::CacheStorageError error); // Puts the request and response object in the cache. The response body (if @@ -375,6 +381,8 @@ void PutDidCreateEntry(std::unique_ptr put_context, disk_cache::EntryResult result); void PutDidWriteHeaders(std::unique_ptr put_context, + int64_t padding, + int64_t side_data_padding, int expected_bytes, int rv); void PutWriteBlobToCache(std::unique_ptr put_context, @@ -529,7 +537,6 @@ // The actual cache size (not including padding). int64_t cache_size_; int64_t cache_padding_ = 0; - std::unique_ptr cache_padding_key_; int64_t last_reported_size_ = 0; size_t max_query_size_bytes_; size_t handle_ref_count_ = 0; diff -Naur a/src/3rdparty/chromium/content/browser/cache_storage/legacy/legacy_cache_storage.cc b/src/3rdparty/chromium/content/browser/cache_storage/legacy/legacy_cache_storage.cc --- a/src/3rdparty/chromium/content/browser/cache_storage/legacy/legacy_cache_storage.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/content/browser/cache_storage/legacy/legacy_cache_storage.cc 2021-04-30 21:19:46.382508156 +0100 @@ -46,7 +46,6 @@ #include "net/base/directory_lister.h" #include "net/base/net_errors.h" #include "storage/browser/blob/blob_storage_context.h" -#include "storage/browser/quota/padding_key.h" #include "storage/browser/quota/quota_manager_proxy.h" #include "third_party/blink/public/mojom/quota/quota_types.mojom.h" @@ -117,8 +116,7 @@ virtual std::unique_ptr CreateCache( const std::string& cache_name, int64_t cache_size, - int64_t cache_padding, - std::unique_ptr cache_padding_key) = 0; + int64_t cache_padding) = 0; // Deletes any pre-existing cache of the same name and then loads it. virtual void PrepareNewCacheDestination(const std::string& cache_name, @@ -186,19 +184,16 @@ std::unique_ptr CreateCache( const std::string& cache_name, int64_t cache_size, - int64_t cache_padding, - std::unique_ptr cache_padding_key) override { + int64_t cache_padding) override { return LegacyCacheStorageCache::CreateMemoryCache( origin_, owner_, cache_name, cache_storage_, scheduler_task_runner_, - quota_manager_proxy_, blob_storage_context_, - storage::CopyDefaultPaddingKey()); + quota_manager_proxy_, blob_storage_context_); } void PrepareNewCacheDestination(const std::string& cache_name, CacheAndErrorCallback callback) override { std::unique_ptr cache = - CreateCache(cache_name, 0 /*cache_size*/, 0 /* cache_padding */, - storage::CopyDefaultPaddingKey()); + CreateCache(cache_name, /*cache_size=*/0, /*cache_padding=*/0); std::move(callback).Run(std::move(cache), CacheStorageError::kSuccess); } @@ -259,8 +254,7 @@ std::unique_ptr CreateCache( const std::string& cache_name, int64_t cache_size, - int64_t cache_padding, - std::unique_ptr cache_padding_key) override { + int64_t cache_padding) override { DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); DCHECK(base::Contains(cache_name_to_cache_dir_, cache_name)); @@ -269,7 +263,7 @@ return LegacyCacheStorageCache::CreatePersistentCache( origin_, owner_, cache_name, cache_storage_, cache_path, scheduler_task_runner_, quota_manager_proxy_, blob_storage_context_, - cache_size, cache_padding, std::move(cache_padding_key)); + cache_size, cache_padding); } void PrepareNewCacheDestination(const std::string& cache_name, @@ -324,8 +318,7 @@ cache_name_to_cache_dir_[cache_name] = cache_dir; std::move(callback).Run( CreateCache(cache_name, LegacyCacheStorage::kSizeUnknown, - LegacyCacheStorage::kSizeUnknown, - storage::CopyDefaultPaddingKey()), + LegacyCacheStorage::kSizeUnknown), CacheStorageError::kSuccess); } @@ -371,7 +364,6 @@ index_cache->clear_size(); else index_cache->set_size(cache_metadata.size); - index_cache->set_padding_key(cache_metadata.padding_key); index_cache->set_padding(cache_metadata.padding); index_cache->set_padding_version( LegacyCacheStorageCache::GetResponsePaddingVersion()); @@ -449,13 +441,8 @@ cache_padding = LegacyCacheStorage::kSizeUnknown; } - std::string cache_padding_key = - cache.has_padding_key() ? cache.padding_key() - : storage::SerializeDefaultPaddingKey(); - - index->Insert(CacheStorageIndex::CacheMetadata( - cache.name(), cache_size, cache_padding, - std::move(cache_padding_key))); + index->Insert(CacheStorageIndex::CacheMetadata(cache.name(), cache_size, + cache_padding)); cache_name_to_cache_dir_[cache.name()] = cache.cache_dir(); cache_dirs->insert(cache.cache_dir()); } @@ -1058,8 +1045,7 @@ cache_map_.insert(std::make_pair(cache_name, std::move(cache))); cache_index_->Insert(CacheStorageIndex::CacheMetadata( - cache_name, cache_ptr->cache_size(), cache_ptr->cache_padding(), - cache_ptr->cache_padding_key()->key())); + cache_name, cache_ptr->cache_size(), cache_ptr->cache_padding())); CacheStorageCacheHandle handle = cache_ptr->CreateHandle(); index_write_task_.Cancel(); @@ -1363,8 +1349,7 @@ DCHECK(metadata); std::unique_ptr new_cache = cache_loader_->CreateCache( - cache_name, metadata->size, metadata->padding, - storage::DeserializePaddingKey(metadata->padding_key)); + cache_name, metadata->size, metadata->padding); CacheStorageCache* cache_ptr = new_cache.get(); map_iter->second = std::move(new_cache); @@ -1380,9 +1365,11 @@ int64_t* accumulator, int64_t size) { auto* impl = LegacyCacheStorageCache::From(cache_handle); - if (doomed_caches_.find(impl) == doomed_caches_.end()) - cache_index_->SetCacheSize(impl->cache_name(), size); - *accumulator += size; + if (doomed_caches_.find(impl) == doomed_caches_.end()) { + cache_index_->SetCacheSize(impl->cache_name(), impl->cache_size()); + cache_index_->SetCachePadding(impl->cache_name(), impl->cache_padding()); + } + *accumulator += (impl->cache_size() + impl->cache_padding()); std::move(closure).Run(); } @@ -1435,8 +1422,9 @@ std::move(callback))); for (const auto& cache_metadata : cache_index_->ordered_cache_metadata()) { - if (cache_metadata.size != LegacyCacheStorage::kSizeUnknown) { - *accumulator_ptr += cache_metadata.size; + if (cache_metadata.size != LegacyCacheStorage::kSizeUnknown && + cache_metadata.padding != LegacyCacheStorage::kSizeUnknown) { + *accumulator_ptr += (cache_metadata.size + cache_metadata.padding); barrier_closure.Run(); continue; } diff -Naur a/src/3rdparty/chromium/content/browser/code_cache/generated_code_cache.cc b/src/3rdparty/chromium/content/browser/code_cache/generated_code_cache.cc --- a/src/3rdparty/chromium/content/browser/code_cache/generated_code_cache.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/content/browser/code_cache/generated_code_cache.cc 2021-04-30 21:20:24.046606537 +0100 @@ -384,9 +384,18 @@ // [stream1] // [stream0 (checksum key entry)] // [stream1 (checksum key entry)] data + + // Make a copy of the data before hashing. A compromised renderer could + // change shared memory before we can compute the hash and write the data. + // TODO(1135729) Eliminate this copy when the shared memory can't be written + // by the sender. + mojo_base::BigBuffer copy({data.data(), data.size()}); + if (copy.size() != data.size()) + return; + data = mojo_base::BigBuffer(); // Release the old buffer. uint8_t result[crypto::kSHA256Length]; crypto::SHA256HashString( - base::StringPiece(reinterpret_cast(data.data()), data.size()), + base::StringPiece(reinterpret_cast(copy.data()), copy.size()), result, base::size(result)); std::string checksum_key = base::HexEncode(result, base::size(result)); small_buffer = base::MakeRefCounted( @@ -401,7 +410,7 @@ // Issue another write operation for the code, with the checksum as the key // and nothing in the header. auto small_buffer2 = base::MakeRefCounted(0); - auto large_buffer2 = base::MakeRefCounted(std::move(data)); + auto large_buffer2 = base::MakeRefCounted(std::move(copy)); auto op2 = std::make_unique(Operation::kWriteWithSHAKey, checksum_key, small_buffer2, large_buffer2); diff -Naur a/src/3rdparty/chromium/content/browser/devtools/protocol/page_handler.cc b/src/3rdparty/chromium/content/browser/devtools/protocol/page_handler.cc --- a/src/3rdparty/chromium/content/browser/devtools/protocol/page_handler.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/content/browser/devtools/protocol/page_handler.cc 2021-04-30 20:11:47.273405467 +0100 @@ -501,8 +501,12 @@ params.referrer = Referrer(GURL(referrer.fromMaybe("")), policy); params.transition_type = type; params.frame_tree_node_id = frame_tree_node->frame_tree_node_id(); + // Handler may be destroyed while navigating if the session + // gets disconnected as a result of access checks. + base::WeakPtr weak_self = weak_factory_.GetWeakPtr(); frame_tree_node->navigator().GetController()->LoadURLWithParams(params); - + if (!weak_self) + return; base::UnguessableToken frame_token = frame_tree_node->devtools_frame_token(); auto navigate_callback = navigate_callbacks_.find(frame_token); if (navigate_callback != navigate_callbacks_.end()) { diff -Naur a/src/3rdparty/chromium/content/browser/devtools/render_frame_devtools_agent_host.cc b/src/3rdparty/chromium/content/browser/devtools/render_frame_devtools_agent_host.cc --- a/src/3rdparty/chromium/content/browser/devtools/render_frame_devtools_agent_host.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/content/browser/devtools/render_frame_devtools_agent_host.cc 2021-04-30 20:11:47.273405467 +0100 @@ -474,8 +474,11 @@ if (!ShouldAllowSession(session)) restricted_sessions.push_back(session); } - if (!restricted_sessions.empty()) + scoped_refptr protect; + if (!restricted_sessions.empty()) { + protect = this; ForceDetachRestrictedSessions(restricted_sessions); + } UpdateFrameAlive(); } diff -Naur a/src/3rdparty/chromium/content/browser/permissions/permission_controller_impl.cc b/src/3rdparty/chromium/content/browser/permissions/permission_controller_impl.cc --- a/src/3rdparty/chromium/content/browser/permissions/permission_controller_impl.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/content/browser/permissions/permission_controller_impl.cc 2021-04-30 20:11:17.392753946 +0100 @@ -133,7 +133,8 @@ int render_frame_id = -1; int render_process_id = -1; base::RepeatingCallback callback; - int delegate_subscription_id; + // This is default-initialized to an invalid ID. + PermissionControllerDelegate::SubscriptionId delegate_subscription_id; }; PermissionControllerImpl::~PermissionControllerImpl() { @@ -389,7 +390,8 @@ subscription->callback.Run(status); } -int PermissionControllerImpl::SubscribePermissionStatusChange( +PermissionControllerImpl::SubscriptionId +PermissionControllerImpl::SubscribePermissionStatusChange( PermissionType permission, RenderFrameHost* render_frame_host, const GURL& requesting_origin, @@ -423,22 +425,22 @@ base::BindRepeating( &PermissionControllerImpl::OnDelegatePermissionStatusChange, base::Unretained(this), subscription.get())); - } else { - subscription->delegate_subscription_id = kNoPendingOperation; } - return subscriptions_.Add(std::move(subscription)); + + auto id = subscription_id_generator_.GenerateNextId(); + subscriptions_.AddWithID(std::move(subscription), id); + return id; } void PermissionControllerImpl::UnsubscribePermissionStatusChange( - int subscription_id) { + SubscriptionId subscription_id) { Subscription* subscription = subscriptions_.Lookup(subscription_id); if (!subscription) return; PermissionControllerDelegate* delegate = browser_context_->GetPermissionControllerDelegate(); - if (delegate && - subscription->delegate_subscription_id != kNoPendingOperation) { - delegate->UnsubscribePermissionStatusChange( + if (delegate) { + delegate->UnsubscribePermissionStatusChange( subscription->delegate_subscription_id); } subscriptions_.Remove(subscription_id); diff -Naur a/src/3rdparty/chromium/content/browser/permissions/permission_controller_impl.h b/src/3rdparty/chromium/content/browser/permissions/permission_controller_impl.h --- a/src/3rdparty/chromium/content/browser/permissions/permission_controller_impl.h 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/content/browser/permissions/permission_controller_impl.h 2021-04-30 20:11:17.392753946 +0100 @@ -72,18 +72,19 @@ const GURL& requesting_origin, const GURL& embedding_origin); - int SubscribePermissionStatusChange( + SubscriptionId SubscribePermissionStatusChange( PermissionType permission, RenderFrameHost* render_frame_host, const GURL& requesting_origin, const base::RepeatingCallback& callback); - void UnsubscribePermissionStatusChange(int subscription_id); + void UnsubscribePermissionStatusChange(SubscriptionId subscription_id); private: struct Subscription; - using SubscriptionsMap = base::IDMap>; + using SubscriptionsMap = + base::IDMap, SubscriptionId>; using SubscriptionsStatusMap = base::flat_map; @@ -98,7 +99,13 @@ const base::Optional& origin); DevToolsPermissionOverrides devtools_permission_overrides_; + + // Note that SubscriptionId is distinct from + // PermissionControllerDelegate::SubscriptionId, and the concrete ID values + // may be different as well. SubscriptionsMap subscriptions_; + SubscriptionId::Generator subscription_id_generator_; + BrowserContext* browser_context_; DISALLOW_COPY_AND_ASSIGN(PermissionControllerImpl); diff -Naur a/src/3rdparty/chromium/content/browser/permissions/permission_service_context.cc b/src/3rdparty/chromium/content/browser/permissions/permission_service_context.cc --- a/src/3rdparty/chromium/content/browser/permissions/permission_service_context.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/content/browser/permissions/permission_service_context.cc 2021-04-30 20:11:17.393755677 +0100 @@ -32,7 +32,7 @@ PermissionSubscription& operator=(const PermissionSubscription&) = delete; ~PermissionSubscription() { - DCHECK_NE(id_, 0); + DCHECK(id_); BrowserContext* browser_context = context_->GetBrowserContext(); if (browser_context) { PermissionControllerImpl::FromBrowserContext(browser_context) @@ -41,7 +41,7 @@ } void OnConnectionError() { - DCHECK_NE(id_, 0); + DCHECK(id_); context_->ObserverHadConnectionError(id_); } @@ -49,12 +49,12 @@ observer_->OnPermissionStatusChange(status); } - void set_id(int id) { id_ = id; } + void set_id(PermissionController::SubscriptionId id) { id_ = id; } private: PermissionServiceContext* const context_; mojo::Remote observer_; - int id_ = 0; + PermissionController::SubscriptionId id_; }; PermissionServiceContext::PermissionServiceContext( @@ -108,7 +108,7 @@ } GURL requesting_origin(origin.Serialize()); - int subscription_id = + auto subscription_id = PermissionControllerImpl::FromBrowserContext(browser_context) ->SubscribePermissionStatusChange( permission_type, render_frame_host_, requesting_origin, @@ -119,7 +119,8 @@ subscriptions_[subscription_id] = std::move(subscription); } -void PermissionServiceContext::ObserverHadConnectionError(int subscription_id) { +void PermissionServiceContext::ObserverHadConnectionError( + PermissionController::SubscriptionId subscription_id) { size_t erased = subscriptions_.erase(subscription_id); DCHECK_EQ(1u, erased); } diff -Naur a/src/3rdparty/chromium/content/browser/permissions/permission_service_context.h b/src/3rdparty/chromium/content/browser/permissions/permission_service_context.h --- a/src/3rdparty/chromium/content/browser/permissions/permission_service_context.h 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/content/browser/permissions/permission_service_context.h 2021-04-30 20:11:17.393755677 +0100 @@ -9,6 +9,7 @@ #include #include "content/common/content_export.h" +#include "content/public/browser/permission_controller.h" #include "content/public/browser/permission_type.h" #include "content/public/browser/web_contents_observer.h" #include "mojo/public/cpp/bindings/pending_receiver.h" @@ -52,7 +53,8 @@ mojo::PendingRemote observer); // Called when the connection to a PermissionObserver has an error. - void ObserverHadConnectionError(int subscription_id); + void ObserverHadConnectionError( + PermissionController::SubscriptionId subscription_id); // May return nullptr during teardown, or when showing an interstitial. BrowserContext* GetBrowserContext() const; @@ -78,7 +80,8 @@ RenderFrameHost* const render_frame_host_; RenderProcessHost* const render_process_host_; mojo::UniqueReceiverSet services_; - std::unordered_map> + std::unordered_map> subscriptions_; }; diff -Naur a/src/3rdparty/chromium/content/browser/renderer_host/media/media_stream_manager.cc b/src/3rdparty/chromium/content/browser/renderer_host/media/media_stream_manager.cc --- a/src/3rdparty/chromium/content/browser/renderer_host/media/media_stream_manager.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/content/browser/renderer_host/media/media_stream_manager.cc 2021-04-30 20:11:17.393755677 +0100 @@ -668,9 +668,9 @@ std::string tab_capture_device_id; - int audio_subscription_id = PermissionControllerImpl::kNoPendingOperation; + PermissionController::SubscriptionId audio_subscription_id; - int video_subscription_id = PermissionControllerImpl::kNoPendingOperation; + PermissionController::SubscriptionId video_subscription_id; private: std::vector state_; @@ -2686,8 +2686,8 @@ if (!controller) return; - int audio_subscription_id = PermissionControllerImpl::kNoPendingOperation; - int video_subscription_id = PermissionControllerImpl::kNoPendingOperation; + PermissionController::SubscriptionId audio_subscription_id; + PermissionController::SubscriptionId video_subscription_id; if (is_audio_request) { // It is safe to bind base::Unretained(this) because MediaStreamManager is @@ -2729,8 +2729,8 @@ const std::string& label, int requesting_process_id, int requesting_frame_id, - int audio_subscription_id, - int video_subscription_id) { + PermissionController::SubscriptionId audio_subscription_id, + PermissionController::SubscriptionId video_subscription_id) { DCHECK_CURRENTLY_ON(BrowserThread::IO); DeviceRequest* const request = FindRequest(label); @@ -2757,8 +2757,8 @@ void MediaStreamManager::UnsubscribeFromPermissionControllerOnUIThread( int requesting_process_id, int requesting_frame_id, - int audio_subscription_id, - int video_subscription_id) { + PermissionController::SubscriptionId audio_subscription_id, + PermissionController::SubscriptionId video_subscription_id) { DCHECK_CURRENTLY_ON(BrowserThread::UI); PermissionControllerImpl* controller = diff -Naur a/src/3rdparty/chromium/content/browser/renderer_host/media/media_stream_manager.h b/src/3rdparty/chromium/content/browser/renderer_host/media/media_stream_manager.h --- a/src/3rdparty/chromium/content/browser/renderer_host/media/media_stream_manager.h 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/content/browser/renderer_host/media/media_stream_manager.h 2021-04-30 20:11:17.393755677 +0100 @@ -50,6 +50,7 @@ #include "content/public/browser/desktop_media_id.h" #include "content/public/browser/media_request_state.h" #include "content/public/browser/media_stream_request.h" +#include "content/public/browser/permission_controller.h" #include "media/base/video_facing.h" #include "third_party/blink/public/common/mediastream/media_devices.h" #include "third_party/blink/public/common/mediastream/media_stream_controls.h" @@ -557,19 +558,20 @@ // Store the subscription ids on a DeviceRequest in order to allow // unsubscribing when the request is deleted. - void SetPermissionSubscriptionIDs(const std::string& label, - int requesting_process_id, - int requesting_frame_id, - int audio_subscription_id, - int video_subscription_id); + void SetPermissionSubscriptionIDs( + const std::string& label, + int requesting_process_id, + int requesting_frame_id, + PermissionController::SubscriptionId audio_subscription_id, + PermissionController::SubscriptionId video_subscription_id); // Unsubscribe from following permission updates for the two specified // subscription IDs. Called when a request is deleted. static void UnsubscribeFromPermissionControllerOnUIThread( int requesting_process_id, int requesting_frame_id, - int audio_subscription_id, - int video_subscription_id); + PermissionController::SubscriptionId audio_subscription_id, + PermissionController::SubscriptionId video_subscription_id); // Callback that the PermissionController calls when a permission is updated. void PermissionChangedCallback(int requesting_process_id, diff -Naur a/src/3rdparty/chromium/content/browser/renderer_host/render_frame_host_manager.cc b/src/3rdparty/chromium/content/browser/renderer_host/render_frame_host_manager.cc --- a/src/3rdparty/chromium/content/browser/renderer_host/render_frame_host_manager.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/content/browser/renderer_host/render_frame_host_manager.cc 2021-04-30 21:26:51.989166339 +0100 @@ -159,10 +159,13 @@ const GURL& url, bool is_coop_coep_cross_origin_isolated, bool is_speculative) { + SiteInstanceImpl* site_instance_impl = + static_cast(site_instance); // We do not want cross-origin-isolated have any impact on SiteInstances until // we get an actual COOP value in a redirect or a final response. if (is_speculative) - return true; + return site_instance_impl->IsCoopCoepCrossOriginIsolated() == + is_coop_coep_cross_origin_isolated; // Note: The about blank case is to accommodate web tests that use COOP. They // expect an about:blank page to stay in process, and hang otherwise. In @@ -172,9 +175,6 @@ if (url.IsAboutBlank()) return true; - SiteInstanceImpl* site_instance_impl = - static_cast(site_instance); - if (is_main_frame) { if (site_instance_impl->IsCoopCoepCrossOriginIsolated() != is_coop_coep_cross_origin_isolated) { diff -Naur a/src/3rdparty/chromium/content/browser/renderer_host/render_widget_host_input_event_router.cc b/src/3rdparty/chromium/content/browser/renderer_host/render_widget_host_input_event_router.cc --- a/src/3rdparty/chromium/content/browser/renderer_host/render_widget_host_input_event_router.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/content/browser/renderer_host/render_widget_host_input_event_router.cc 2021-04-30 21:23:41.798402297 +0100 @@ -345,7 +345,7 @@ // Remove this view from the owner_map. for (auto entry : owner_map_) { - if (entry.second == view) { + if (entry.second.get() == view) { owner_map_.erase(entry.first); // There will only be one instance of a particular view in the map. break; @@ -368,7 +368,7 @@ // replace it with nullptr so that we maintain the 1:1 correspondence between // map entries and the touch sequences that underly them. for (auto it : touchscreen_gesture_target_map_) { - if (it.second == view) + if (it.second.get() == view) it.second = nullptr; } @@ -417,8 +417,10 @@ void RenderWidgetHostInputEventRouter::ClearAllObserverRegistrations() { // Since we're shutting down, it's safe to call RenderWidgetHostViewBase:: // RemoveObserver() directly here. - for (auto entry : owner_map_) - entry.second->RemoveObserver(this); + for (auto entry : owner_map_) { + if (entry.second) + entry.second->RemoveObserver(this); + } owner_map_.clear(); viz::HostFrameSinkManager* manager = GetHostFrameSinkManager(); if (manager) @@ -840,7 +842,7 @@ touch_event.unique_touch_event_id) == touchscreen_gesture_target_map_.end()); touchscreen_gesture_target_map_[touch_event.unique_touch_event_id] = - touch_target_; + touch_target_->GetWeakPtr(); } else if (touch_event.GetType() == blink::WebInputEvent::Type::kTouchStart) { active_touches_ += CountChangedTouchPoints(touch_event); } @@ -1352,7 +1354,7 @@ // We want to be notified if the owner is destroyed so we can remove it from // our map. owner->AddObserver(this); - owner_map_.insert(std::make_pair(id, owner)); + owner_map_.insert(std::make_pair(id, owner->GetWeakPtr())); } void RenderWidgetHostInputEventRouter::RemoveFrameSinkIdOwner( @@ -1364,7 +1366,8 @@ // stale values if the view destructs and isn't an observer anymore. // Note: the view the iterator points at will be deleted in the following // call, and shouldn't be used after this point. - OnRenderWidgetHostViewBaseDestroyed(it_to_remove->second); + if (it_to_remove->second) + OnRenderWidgetHostViewBaseDestroyed(it_to_remove->second.get()); } } @@ -1415,7 +1418,7 @@ bool RenderWidgetHostInputEventRouter::IsViewInMap( const RenderWidgetHostViewBase* view) const { DCHECK(!is_registered(view->GetFrameSinkId()) || - owner_map_.find(view->GetFrameSinkId())->second == view); + owner_map_.find(view->GetFrameSinkId())->second.get() == view); return is_registered(view->GetFrameSinkId()); } @@ -1522,6 +1525,10 @@ base::Optional fallback_target_location; + // Adding crash logs to track the reason of stale pointer value of |target|. + LogTouchscreenGestureTargetCrashKeys( + "RWHIER::DispatchTouchscreenGestureEvent target set from caller"); + if (gesture_event.unique_touch_event_id == 0) { // On Android it is possible for touchscreen gesture events to arrive that // are not associated with touch events, because non-synthetic events can be @@ -1550,9 +1557,19 @@ // don't worry about the fact we're ignoring |result.should_query_view|, as // this is the best we can do until we fix https://crbug.com/595422. target = result.view; + + // Adding crash logs to track the reason of stale pointer value of |target|. + LogTouchscreenGestureTargetCrashKeys( + "RWHIER::DispatchTouchscreenGestureEvent target from " + "FindViewAtLocation"); fallback_target_location = transformed_point; } else if (is_gesture_start) { - target = gesture_target_it->second; + target = gesture_target_it->second.get(); + + // Adding crash logs to track the reason of stale pointer value of |target|. + LogTouchscreenGestureTargetCrashKeys( + "RWHIER::DispatchTouchscreenGestureEvent target from " + "touchscreen_gesture_target_map_"); touchscreen_gesture_target_map_.erase(gesture_target_it); // Abort any scroll bubbling in progress to avoid double entry. @@ -1738,7 +1755,7 @@ // If the point hit a Surface whose namspace is no longer in the map, then // it likely means the RenderWidgetHostView has been destroyed but its // parent frame has not sent a new compositor frame since that happened. - return iter == owner_map_.end() ? nullptr : iter->second; + return iter == owner_map_.end() ? nullptr : iter->second.get(); } bool RenderWidgetHostInputEventRouter::ShouldContinueHitTesting( @@ -1758,8 +1775,10 @@ std::vector RenderWidgetHostInputEventRouter::GetRenderWidgetHostViewsForTests() const { std::vector hosts; - for (auto entry : owner_map_) - hosts.push_back(entry.second); + for (auto entry : owner_map_) { + DCHECK(entry.second); + hosts.push_back(entry.second.get()); + } return hosts; } @@ -1928,8 +1947,10 @@ last_device_scale_factor_ = last_mouse_move_root_view_->current_device_scale_factor(); if (auto* cursor_manager = last_mouse_move_root_view_->GetCursorManager()) { - for (auto it : owner_map_) - cursor_manager->UpdateCursor(it.second, cursor); + for (auto it : owner_map_) { + if (it.second) + cursor_manager->UpdateCursor(it.second.get(), cursor); + } } } @@ -1949,7 +1970,7 @@ const std::vector& hit_test_data) { for (auto& region : hit_test_data) { auto iter = owner_map_.find(region.frame_sink_id); - if (iter != owner_map_.end()) + if (iter != owner_map_.end() && iter->second) iter->second->NotifyHitTestRegionUpdated(region); } } @@ -1981,4 +2002,11 @@ event_targeter_->SetIsAutoScrollInProgress(is_autoscroll_in_progress); } +void RenderWidgetHostInputEventRouter::LogTouchscreenGestureTargetCrashKeys( + const std::string& log_message) { + static auto* target_crash_key = base::debug::AllocateCrashKeyString( + "target_crash_key", base::debug::CrashKeySize::Size256); + base::debug::SetCrashKeyString(target_crash_key, log_message); +} + } // namespace content diff -Naur a/src/3rdparty/chromium/content/browser/renderer_host/render_widget_host_input_event_router.h b/src/3rdparty/chromium/content/browser/renderer_host/render_widget_host_input_event_router.h --- a/src/3rdparty/chromium/content/browser/renderer_host/render_widget_host_input_event_router.h 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/content/browser/renderer_host/render_widget_host_input_event_router.h 2021-04-30 21:23:18.134498927 +0100 @@ -195,10 +195,11 @@ FRIEND_TEST_ALL_PREFIXES(BrowserSideFlingBrowserTest, InertialGSUBubblingStopsWhenParentCannotScroll); - using FrameSinkIdOwnerMap = std::unordered_map; - using TargetMap = std::map; + using FrameSinkIdOwnerMap = + std::unordered_map, + viz::FrameSinkIdHash>; + using TargetMap = std::map>; void ClearAllObserverRegistrations(); RenderWidgetTargetResult FindViewAtLocation( @@ -332,6 +333,9 @@ void SetTouchscreenGestureTarget(RenderWidgetHostViewBase* target, bool moved_recently = false); + // TODO(crbug.com/1155297): Remove when bug investigation is complete. + void LogTouchscreenGestureTargetCrashKeys(const std::string& log_message); + FrameSinkIdOwnerMap owner_map_; TargetMap touchscreen_gesture_target_map_; RenderWidgetHostViewBase* touch_target_ = nullptr; diff -Naur a/src/3rdparty/chromium/content/common/background_fetch/background_fetch_types.cc b/src/3rdparty/chromium/content/common/background_fetch/background_fetch_types.cc --- a/src/3rdparty/chromium/content/common/background_fetch/background_fetch_types.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/content/common/background_fetch/background_fetch_types.cc 2021-04-30 21:20:05.693885817 +0100 @@ -31,16 +31,16 @@ return nullptr; return blink::mojom::FetchAPIResponse::New( response->url_list, response->status_code, response->status_text, - response->response_type, response->response_source, response->headers, - response->mime_type, response->request_method, + response->response_type, response->padding, response->response_source, + response->headers, response->mime_type, response->request_method, CloneSerializedBlob(response->blob), response->error, response->response_time, response->cache_storage_cache_name, response->cors_exposed_header_names, CloneSerializedBlob(response->side_data_blob), CloneSerializedBlob(response->side_data_blob_for_cache_put), mojo::Clone(response->parsed_headers), response->connection_info, - response->alpn_negotiated_protocol, response->loaded_with_credentials, - response->was_fetched_via_spdy, response->has_range_requested); + response->alpn_negotiated_protocol, response->was_fetched_via_spdy, + response->has_range_requested); } // static diff -Naur a/src/3rdparty/chromium/content/common/service_worker/service_worker_loader_helpers.cc b/src/3rdparty/chromium/content/common/service_worker/service_worker_loader_helpers.cc --- a/src/3rdparty/chromium/content/common/service_worker/service_worker_loader_helpers.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/content/common/service_worker/service_worker_loader_helpers.cc 2021-04-30 21:19:25.174852986 +0100 @@ -97,6 +97,7 @@ out_head->was_fallback_required_by_service_worker = false; out_head->url_list_via_service_worker = response.url_list; out_head->response_type = response.response_type; + out_head->padding = response.padding; if (response.mime_type.has_value()) { std::string charset; bool had_charset = false; diff -Naur a/src/3rdparty/chromium/content/public/browser/permission_controller_delegate.h b/src/3rdparty/chromium/content/public/browser/permission_controller_delegate.h --- a/src/3rdparty/chromium/content/public/browser/permission_controller_delegate.h 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/content/public/browser/permission_controller_delegate.h 2021-04-30 20:11:17.393755677 +0100 @@ -5,6 +5,7 @@ #ifndef CONTENT_PUBLIC_BROWSER_PERMISSION_CONTROLLER_DELEGATE_H_ #define CONTENT_PUBLIC_BROWSER_PERMISSION_CONTROLLER_DELEGATE_H_ +#include "base/util/type_safety/id_type.h" #include "content/common/content_export.h" #include "content/public/browser/devtools_permission_overrides.h" #include "third_party/blink/public/mojom/permissions/permission_status.mojom.h" @@ -18,6 +19,10 @@ class CONTENT_EXPORT PermissionControllerDelegate { public: using PermissionOverrides = DevToolsPermissionOverrides::PermissionOverrides; + + // Identifier for an active subscription. + using SubscriptionId = util::IdType64; + virtual ~PermissionControllerDelegate() = default; // Requests a permission on behalf of a frame identified by @@ -80,21 +85,21 @@ // Runs the given |callback| whenever the |permission| associated with the // given RenderFrameHost changes. A nullptr should be passed if the request - // is from a worker. Returns the subscription_id to be used to unsubscribe. - // Can be kNoPendingOperation if the subscribe was not successful. - virtual int SubscribePermissionStatusChange( + // is from a worker. Returns the ID to be used to unsubscribe, which can be + // `is_null()` if the subscribe was not successful. + virtual SubscriptionId SubscribePermissionStatusChange( content::PermissionType permission, content::RenderFrameHost* render_frame_host, const GURL& requesting_origin, base::RepeatingCallback callback) = 0; - // Unregisters from permission status change notifications. - // The |subscription_id| must match the value returned by the - // SubscribePermissionStatusChange call. Unsubscribing - // an already unsubscribed |subscription_id| or providing the - // |subscription_id| kNoPendingOperation is a no-op. - virtual void UnsubscribePermissionStatusChange(int subscription_id) = 0; + // Unregisters from permission status change notifications. The + // |subscription_id| must match the value returned by the + // SubscribePermissionStatusChange call. Unsubscribing an already + // unsubscribed |subscription_id| or an `is_null()` ID is a no-op. + virtual void UnsubscribePermissionStatusChange( + SubscriptionId subscription_id) = 0; // Manually overrides default permission settings of delegate, if overrides // are tracked by the delegate. This method should only be called by the @@ -116,4 +121,17 @@ } // namespace content +namespace std { + +template <> +struct hash { + std::size_t operator()( + const content::PermissionControllerDelegate::SubscriptionId& v) const { + content::PermissionControllerDelegate::SubscriptionId::Hasher hasher; + return hasher(v); + } +}; + +} // namespace std + #endif // CONTENT_PUBLIC_BROWSER_PERMISSION_CONTROLLER_DELEGATE_H_ diff -Naur a/src/3rdparty/chromium/content/public/browser/permission_controller.h b/src/3rdparty/chromium/content/public/browser/permission_controller.h --- a/src/3rdparty/chromium/content/public/browser/permission_controller.h 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/content/public/browser/permission_controller.h 2021-04-30 20:11:17.393755677 +0100 @@ -6,6 +6,7 @@ #define CONTENT_PUBLIC_BROWSER_PERMISSION_CONTROLLER_H_ #include "base/supports_user_data.h" +#include "base/util/type_safety/id_type.h" #include "content/common/content_export.h" #include "content/public/browser/permission_type.h" #include "third_party/blink/public/mojom/permissions/permission_status.mojom.h" @@ -20,8 +21,13 @@ class CONTENT_EXPORT PermissionController : public base::SupportsUserData::Data { public: - // Constant retured when registering and subscribing if - // cancelling/unsubscribing at a later stage would have no effect. + // Identifier for an active subscription. This is intentionally a distinct + // type from PermissionControllerDelegate::SubscriptionId as the concrete + // identifier values may be different. + using SubscriptionId = util::IdType64; + + // Constant returned when requesting a permission if cancelling at a later + // stage would have no effect. static const int kNoPendingOperation = -1; ~PermissionController() override {} @@ -48,4 +54,17 @@ } // namespace content +namespace std { + +template <> +struct hash { + std::size_t operator()( + const content::PermissionController::SubscriptionId& v) const { + content::PermissionController::SubscriptionId::Hasher hasher; + return hasher(v); + } +}; + +} // namespace std + #endif // CONTENT_PUBLIC_BROWSER_PERMISSION_CONTROLLER_H_ diff -Naur a/src/3rdparty/chromium/content/renderer/loader/web_url_loader_impl.cc b/src/3rdparty/chromium/content/renderer/loader/web_url_loader_impl.cc --- a/src/3rdparty/chromium/content/renderer/loader/web_url_loader_impl.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/content/renderer/loader/web_url_loader_impl.cc 2021-04-30 21:19:25.174852986 +0100 @@ -929,6 +929,7 @@ response->SetWasFallbackRequiredByServiceWorker( head.was_fallback_required_by_service_worker); response->SetType(head.response_type); + response->SetPadding(head.padding); response->SetUrlListViaServiceWorker(head.url_list_via_service_worker); response->SetCacheStorageCacheName( head.service_worker_response_source == diff -Naur a/src/3rdparty/chromium/content/renderer/render_frame_impl.cc b/src/3rdparty/chromium/content/renderer/render_frame_impl.cc --- a/src/3rdparty/chromium/content/renderer/render_frame_impl.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/content/renderer/render_frame_impl.cc 2021-04-30 20:10:44.929638395 +0100 @@ -3222,6 +3222,10 @@ return; } + if (commit_params->origin_to_commit) { + commit_params->origin_to_commit->SetFullURL(GetOriginalRequestURL(frame_->GetDocumentLoader())); + } + SetOldPageLifecycleStateFromNewPageCommitIfNeeded( commit_params->old_page_info.get()); diff -Naur a/src/3rdparty/chromium/fuchsia/engine/browser/web_engine_permission_delegate.cc b/src/3rdparty/chromium/fuchsia/engine/browser/web_engine_permission_delegate.cc --- a/src/3rdparty/chromium/fuchsia/engine/browser/web_engine_permission_delegate.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/fuchsia/engine/browser/web_engine_permission_delegate.cc 2021-04-30 20:11:17.393755677 +0100 @@ -83,20 +83,21 @@ permission, url::Origin::Create(requesting_origin)); } -int WebEnginePermissionDelegate::SubscribePermissionStatusChange( +WebEnginePermissionDelegate::SubscriptionId +WebEnginePermissionDelegate::SubscribePermissionStatusChange( content::PermissionType permission, content::RenderFrameHost* render_frame_host, const GURL& requesting_origin, base::RepeatingCallback callback) { // TODO(crbug.com/1063094): Implement permission status subscription. It's // used in blink to emit PermissionStatus.onchange notifications. - NOTIMPLEMENTED() << ": " << static_cast(permission); - return content::PermissionController::kNoPendingOperation; + NOTIMPLEMENTED_LOG_ONCE() << ": " << static_cast(permission); + return SubscriptionId(); } void WebEnginePermissionDelegate::UnsubscribePermissionStatusChange( - int subscription_id) { + SubscriptionId subscription_id) { // TODO(crbug.com/1063094): Implement permission status subscription. It's // used in blink to emit PermissionStatus.onchange notifications. - NOTREACHED(); + NOTIMPLEMENTED_LOG_ONCE(); } diff -Naur a/src/3rdparty/chromium/fuchsia/engine/browser/web_engine_permission_delegate.h b/src/3rdparty/chromium/fuchsia/engine/browser/web_engine_permission_delegate.h --- a/src/3rdparty/chromium/fuchsia/engine/browser/web_engine_permission_delegate.h 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/fuchsia/engine/browser/web_engine_permission_delegate.h 2021-04-30 20:11:17.393755677 +0100 @@ -45,13 +45,14 @@ content::PermissionType permission, content::RenderFrameHost* render_frame_host, const GURL& requesting_origin) override; - int SubscribePermissionStatusChange( + SubscriptionId SubscribePermissionStatusChange( content::PermissionType permission, content::RenderFrameHost* render_frame_host, const GURL& requesting_origin, base::RepeatingCallback callback) override; - void UnsubscribePermissionStatusChange(int subscription_id) override; + void UnsubscribePermissionStatusChange( + SubscriptionId subscription_id) override; }; #endif // FUCHSIA_ENGINE_BROWSER_WEB_ENGINE_PERMISSION_DELEGATE_H_ diff -Naur a/src/3rdparty/chromium/headless/lib/browser/headless_permission_manager.cc b/src/3rdparty/chromium/headless/lib/browser/headless_permission_manager.cc --- a/src/3rdparty/chromium/headless/lib/browser/headless_permission_manager.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/headless/lib/browser/headless_permission_manager.cc 2021-04-30 20:11:17.393755677 +0100 @@ -71,15 +71,16 @@ return blink::mojom::PermissionStatus::ASK; } -int HeadlessPermissionManager::SubscribePermissionStatusChange( +HeadlessPermissionManager::SubscriptionId +HeadlessPermissionManager::SubscribePermissionStatusChange( content::PermissionType permission, content::RenderFrameHost* render_frame_host, const GURL& requesting_origin, base::RepeatingCallback callback) { - return content::PermissionController::kNoPendingOperation; + return SubscriptionId(); } void HeadlessPermissionManager::UnsubscribePermissionStatusChange( - int subscription_id) {} + SubscriptionId subscription_id) {} } // namespace headless diff -Naur a/src/3rdparty/chromium/headless/lib/browser/headless_permission_manager.h b/src/3rdparty/chromium/headless/lib/browser/headless_permission_manager.h --- a/src/3rdparty/chromium/headless/lib/browser/headless_permission_manager.h 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/headless/lib/browser/headless_permission_manager.h 2021-04-30 20:11:17.393755677 +0100 @@ -46,13 +46,14 @@ content::PermissionType permission, content::RenderFrameHost* render_frame_host, const GURL& requesting_origin) override; - int SubscribePermissionStatusChange( + SubscriptionId SubscribePermissionStatusChange( content::PermissionType permission, content::RenderFrameHost* render_frame_host, const GURL& requesting_origin, base::RepeatingCallback callback) override; - void UnsubscribePermissionStatusChange(int subscription_id) override; + void UnsubscribePermissionStatusChange( + SubscriptionId subscription_id) override; private: content::BrowserContext* browser_context_; diff -Naur a/src/3rdparty/chromium/mojo/core/node_channel.cc b/src/3rdparty/chromium/mojo/core/node_channel.cc --- a/src/3rdparty/chromium/mojo/core/node_channel.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/mojo/core/node_channel.cc 2021-04-30 21:20:48.517902571 +0100 @@ -191,13 +191,16 @@ } // static -void NodeChannel::GetEventMessageData(Channel::Message* message, +bool NodeChannel::GetEventMessageData(Channel::Message& message, void** data, size_t* num_data_bytes) { - // NOTE: OnChannelMessage guarantees that we never accept a Channel::Message - // with a payload of fewer than |sizeof(Header)| bytes. - *data = reinterpret_cast(message->mutable_payload()) + 1; - *num_data_bytes = message->payload_size() - sizeof(Header); + // NOTE: Callers must guarantee that the payload in `message` must be at least + // large enough to hold a Header. + if (message.payload_size() < sizeof(Header)) + return false; + *data = reinterpret_cast(message.mutable_payload()) + 1; + *num_data_bytes = message.payload_size() - sizeof(Header); + return true; } void NodeChannel::Start() { diff -Naur a/src/3rdparty/chromium/mojo/core/node_channel.h b/src/3rdparty/chromium/mojo/core/node_channel.h --- a/src/3rdparty/chromium/mojo/core/node_channel.h 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/mojo/core/node_channel.h 2021-04-30 21:20:48.517902571 +0100 @@ -90,7 +90,9 @@ void** payload, size_t num_handles); - static void GetEventMessageData(Channel::Message* message, + // Retrieves address and size of an Event message's underlying message data. + // Returns `false` if the message is not a valid Event message. + static bool GetEventMessageData(Channel::Message& message, void** data, size_t* num_data_bytes); diff -Naur a/src/3rdparty/chromium/mojo/core/node_controller.cc b/src/3rdparty/chromium/mojo/core/node_controller.cc --- a/src/3rdparty/chromium/mojo/core/node_controller.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/mojo/core/node_controller.cc 2021-04-30 21:20:48.517902571 +0100 @@ -76,7 +76,9 @@ Channel::MessagePtr channel_message) { void* data; size_t size; - NodeChannel::GetEventMessageData(channel_message.get(), &data, &size); + bool valid = NodeChannel::GetEventMessageData(*channel_message, &data, &size); + if (!valid) + return nullptr; auto event = ports::Event::Deserialize(data, size); if (!event) return nullptr; @@ -943,7 +945,11 @@ void NodeController::OnAcceptBrokerClient(const ports::NodeName& from_node, const ports::NodeName& broker_name, PlatformHandle broker_channel) { - DCHECK(!GetConfiguration().is_broker_process); + if (GetConfiguration().is_broker_process) { + // The broker should never receive this message from anyone. + DropPeer(from_node, nullptr); + return; + } // This node should already have an inviter in bootstrap mode. ports::NodeName inviter_name; @@ -954,8 +960,13 @@ inviter = bootstrap_inviter_channel_; bootstrap_inviter_channel_ = nullptr; } - DCHECK(inviter_name == from_node); - DCHECK(inviter); + + if (inviter_name != from_node || !inviter || + broker_name == ports::kInvalidNodeName) { + // We are not expecting this message. Assume the source is hostile. + DropPeer(from_node, nullptr); + return; + } base::queue pending_broker_clients; std::unordered_map @@ -966,22 +977,22 @@ std::swap(pending_broker_clients, pending_broker_clients_); std::swap(pending_relay_messages, pending_relay_messages_); } - DCHECK(broker_name != ports::kInvalidNodeName); // It's now possible to add both the broker and the inviter as peers. // Note that the broker and inviter may be the same node. scoped_refptr broker; if (broker_name == inviter_name) { - DCHECK(!broker_channel.is_valid()); broker = inviter; - } else { - DCHECK(broker_channel.is_valid()); + } else if (broker_channel.is_valid()) { broker = NodeChannel::Create( this, ConnectionParams(PlatformChannelEndpoint(std::move(broker_channel))), Channel::HandlePolicy::kAcceptHandles, io_task_runner_, ProcessErrorCallback()); AddPeer(broker_name, broker, true /* start_channel */); + } else { + DropPeer(from_node, nullptr); + return; } AddPeer(inviter_name, inviter, false /* start_channel */); diff -Naur a/src/3rdparty/chromium/mojo/core/user_message_impl.cc b/src/3rdparty/chromium/mojo/core/user_message_impl.cc --- a/src/3rdparty/chromium/mojo/core/user_message_impl.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/mojo/core/user_message_impl.cc 2021-04-30 21:20:48.517902571 +0100 @@ -417,7 +417,14 @@ if (channel_message) { void* data; size_t size; - NodeChannel::GetEventMessageData(channel_message.get(), &data, &size); + // The `channel_message` must either be produced locally or must have + // already been validated by the caller, as is done for example by + // NodeController::DeserializeEventMessage before + // NodeController::OnBroadcast re-serializes each copy of the message it + // received. + bool result = + NodeChannel::GetEventMessageData(*channel_message, &data, &size); + DCHECK(result); message_event->Serialize(data); } diff -Naur a/src/3rdparty/chromium/mojo/public/cpp/bindings/receiver_set.h b/src/3rdparty/chromium/mojo/public/cpp/bindings/receiver_set.h --- a/src/3rdparty/chromium/mojo/public/cpp/bindings/receiver_set.h 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/mojo/public/cpp/bindings/receiver_set.h 2021-04-30 21:14:32.023171502 +0100 @@ -24,7 +24,7 @@ namespace mojo { -using ReceiverId = size_t; +using ReceiverId = uint64_t; template struct ReceiverSetTraits; @@ -361,11 +361,11 @@ Context context, scoped_refptr task_runner) { ReceiverId id = next_receiver_id_++; - DCHECK_GE(next_receiver_id_, 0u); auto entry = std::make_unique(std::move(impl), std::move(receiver), this, id, std::move(context), std::move(task_runner)); - receivers_.insert(std::make_pair(id, std::move(entry))); + auto result = receivers_.insert(std::make_pair(id, std::move(entry))); + CHECK(result.second) << "ReceiverId overflow with collision"; return id; } diff -Naur a/src/3rdparty/chromium/net/cookies/site_for_cookies.cc b/src/3rdparty/chromium/net/cookies/site_for_cookies.cc --- a/src/3rdparty/chromium/net/cookies/site_for_cookies.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/net/cookies/site_for_cookies.cc 2021-04-30 20:10:44.929638395 +0100 @@ -37,6 +37,7 @@ bool SiteForCookies::FromWire(const std::string& scheme, const std::string& registrable_domain, bool schemefully_same, + GURL first_party_url, SiteForCookies* out) { // Make sure scheme meets precondition of methods like // GURL::SchemeIsCryptographic. @@ -45,6 +46,8 @@ // registrable_domain_ should also be canonicalized. SiteForCookies candidate(scheme, registrable_domain); + candidate.first_party_url_ = first_party_url; + if (registrable_domain != candidate.registrable_domain_) return false; @@ -60,7 +63,12 @@ if (origin.opaque()) return SiteForCookies(); - return SiteForCookies(origin.scheme(), origin.host()); + SiteForCookies site_for_cookies = SiteForCookies(origin.scheme(), origin.host()); + if (!origin.GetFullURL().is_empty()) + site_for_cookies.first_party_url_ = origin.GetFullURL(); + else + site_for_cookies.first_party_url_ = origin.GetURL(); + return site_for_cookies; } // static @@ -191,4 +199,11 @@ return registrable_domain_ == other_registrable_domain; } +GURL SiteForCookies::first_party_url() const { + if (first_party_url_.is_empty()) + return RepresentativeUrl(); + + return first_party_url_; +} + } // namespace net diff -Naur a/src/3rdparty/chromium/net/cookies/site_for_cookies.h b/src/3rdparty/chromium/net/cookies/site_for_cookies.h --- a/src/3rdparty/chromium/net/cookies/site_for_cookies.h 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/net/cookies/site_for_cookies.h 2021-04-30 20:10:44.929638395 +0100 @@ -52,6 +52,7 @@ static bool FromWire(const std::string& scheme, const std::string& registrable_domain, bool schemefully_same, + GURL first_party_url, SiteForCookies* out); // If the origin is opaque, returns SiteForCookies that matches nothing. @@ -112,6 +113,8 @@ const std::string& registrable_domain() const { return registrable_domain_; } + GURL first_party_url() const; + // Used for serialization/deserialization. This value is irrelevant if // IsNull() is true. bool schemefully_same() const { return schemefully_same_; } @@ -162,6 +165,8 @@ // irrelevant (For tests this value can also be modified by // SetSchemefullySameForTesting()). bool schemefully_same_; + + GURL first_party_url_; }; } // namespace net diff -Naur a/src/3rdparty/chromium/pdf/pdfium/pdfium_engine.cc b/src/3rdparty/chromium/pdf/pdfium/pdfium_engine.cc --- a/src/3rdparty/chromium/pdf/pdfium/pdfium_engine.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/pdf/pdfium/pdfium_engine.cc 2021-04-30 21:15:54.646977959 +0100 @@ -1019,8 +1019,7 @@ FPDF_ANNOTATION last_focused_annot = nullptr; FPDF_BOOL ret = FORM_GetFocusedAnnot(form(), &last_focused_page_, &last_focused_annot); - DCHECK(ret); - if (PageIndexInBounds(last_focused_page_) && last_focused_annot) { + if (ret && PageIndexInBounds(last_focused_page_) && last_focused_annot) { last_focused_annot_index_ = FPDFPage_GetAnnotIndex( pages_[last_focused_page_]->GetPage(), last_focused_annot); } else { @@ -1041,8 +1040,8 @@ break; } case FocusElementType::kPage: { - int page_index; - FPDF_ANNOTATION focused_annot; + int page_index = -1; + FPDF_ANNOTATION focused_annot = nullptr; FPDF_BOOL ret = FORM_GetFocusedAnnot(form(), &page_index, &focused_annot); DCHECK(ret); @@ -3492,7 +3491,8 @@ const gfx::Point& device_point, double* page_x, double* page_y) { - *page_x = *page_y = 0; + *page_x = 0; + *page_y = 0; float device_x = device_point.x(); float device_y = device_point.y(); int temp_x = static_cast((device_x + position_.x()) / current_zoom_ - diff -Naur a/src/3rdparty/chromium/pdf/pdfium/pdfium_page.cc b/src/3rdparty/chromium/pdf/pdfium/pdfium_page.cc --- a/src/3rdparty/chromium/pdf/pdfium/pdfium_page.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/pdf/pdfium/pdfium_page.cc 2021-04-30 21:15:33.190893400 +0100 @@ -766,14 +766,15 @@ LinkTarget* target) { if (!available_) return NONSELECTABLE_AREA; + gfx::Point device_point = point - rect_.OffsetFromOrigin(); double new_x; double new_y; - FPDF_BOOL ret = - FPDF_DeviceToPage(GetPage(), 0, 0, rect_.width(), rect_.height(), - ToPDFiumRotation(orientation), device_point.x(), - device_point.y(), &new_x, &new_y); - DCHECK(ret); + if (!FPDF_DeviceToPage(GetPage(), 0, 0, rect_.width(), rect_.height(), + ToPDFiumRotation(orientation), device_point.x(), + device_point.y(), &new_x, &new_y)) { + return NONSELECTABLE_AREA; + } // hit detection tolerance, in points. constexpr double kTolerance = 20.0; @@ -1012,7 +1013,8 @@ double top; double right; double bottom; - FPDFLink_GetRect(links.get(), i, j, &left, &top, &right, &bottom); + if (!FPDFLink_GetRect(links.get(), i, j, &left, &top, &right, &bottom)) + continue; gfx::Rect rect = PageToScreen(gfx::Point(), 1.0, left, top, right, bottom, PageOrientation::kOriginal); if (rect.IsEmpty()) @@ -1095,9 +1097,9 @@ float top; float right; float bottom; - FPDF_BOOL ret = - FPDFPageObj_GetBounds(page_object, &left, &bottom, &right, &top); - DCHECK(ret); + if (!FPDFPageObj_GetBounds(page_object, &left, &bottom, &right, &top)) + continue; + Image image; image.bounding_rect = PageToScreen(gfx::Point(), 1.0, left, top, right, bottom, PageOrientation::kOriginal); diff -Naur a/src/3rdparty/chromium/services/network/public/cpp/net_ipc_param_traits.cc b/src/3rdparty/chromium/services/network/public/cpp/net_ipc_param_traits.cc --- a/src/3rdparty/chromium/services/network/public/cpp/net_ipc_param_traits.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/services/network/public/cpp/net_ipc_param_traits.cc 2021-04-30 20:10:44.929638395 +0100 @@ -572,20 +572,23 @@ WriteParam(m, p.scheme()); WriteParam(m, p.registrable_domain()); WriteParam(m, p.schemefully_same()); + WriteParam(m, p.first_party_url().spec()); } bool ParamTraits::Read(const base::Pickle* m, base::PickleIterator* iter, param_type* r) { - std::string scheme, registrable_domain; + std::string scheme, registrable_domain, first_party_url; bool schemefully_same; if (!ReadParam(m, iter, &scheme) || !ReadParam(m, iter, ®istrable_domain) || - !ReadParam(m, iter, &schemefully_same)) + !ReadParam(m, iter, &schemefully_same) || + !ReadParam(m, iter, &first_party_url)) return false; return net::SiteForCookies::FromWire(scheme, registrable_domain, - schemefully_same, r); + schemefully_same, + GURL(first_party_url), r); } void ParamTraits::Log(const param_type& p, diff -Naur a/src/3rdparty/chromium/services/network/public/cpp/site_for_cookies_mojom_traits.cc b/src/3rdparty/chromium/services/network/public/cpp/site_for_cookies_mojom_traits.cc --- a/src/3rdparty/chromium/services/network/public/cpp/site_for_cookies_mojom_traits.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/services/network/public/cpp/site_for_cookies_mojom_traits.cc 2021-04-30 20:10:44.929638395 +0100 @@ -11,7 +11,7 @@ bool StructTraits:: Read(network::mojom::SiteForCookiesDataView data, net::SiteForCookies* out) { - std::string scheme, registrable_domain; + std::string scheme, registrable_domain, first_party_url; if (!data.ReadScheme(&scheme)) { return false; } @@ -19,8 +19,13 @@ return false; } + if (!data.ReadFirstPartyUrl(&first_party_url)) { + return false; + } + bool result = net::SiteForCookies::FromWire(scheme, registrable_domain, - data.schemefully_same(), out); + data.schemefully_same(), + GURL(first_party_url), out); if (!result) { network::debug::SetDeserializationCrashKeyString("site_for_cookie"); } diff -Naur a/src/3rdparty/chromium/services/network/public/cpp/site_for_cookies_mojom_traits.h b/src/3rdparty/chromium/services/network/public/cpp/site_for_cookies_mojom_traits.h --- a/src/3rdparty/chromium/services/network/public/cpp/site_for_cookies_mojom_traits.h 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/services/network/public/cpp/site_for_cookies_mojom_traits.h 2021-04-30 20:10:44.929638395 +0100 @@ -29,6 +29,11 @@ return input.schemefully_same(); } + static std::string first_party_url( + const net::SiteForCookies& input) { + return input.first_party_url().spec(); + } + static bool Read(network::mojom::SiteForCookiesDataView data, net::SiteForCookies* out); }; diff -Naur a/src/3rdparty/chromium/services/network/public/mojom/site_for_cookies.mojom b/src/3rdparty/chromium/services/network/public/mojom/site_for_cookies.mojom --- a/src/3rdparty/chromium/services/network/public/mojom/site_for_cookies.mojom 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/services/network/public/mojom/site_for_cookies.mojom 2021-04-30 20:10:44.929638395 +0100 @@ -11,4 +11,5 @@ string scheme; string registrable_domain; bool schemefully_same; + string first_party_url; }; diff -Naur a/src/3rdparty/chromium/services/network/public/mojom/url_response_head.mojom b/src/3rdparty/chromium/services/network/public/mojom/url_response_head.mojom --- a/src/3rdparty/chromium/services/network/public/mojom/url_response_head.mojom 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/services/network/public/mojom/url_response_head.mojom 2021-04-30 21:19:25.175854718 +0100 @@ -134,6 +134,12 @@ // https://fetch.spec.whatwg.org/#concept-response-type FetchResponseType response_type = FetchResponseType.kDefault; + // Pre-computed padding. This should only be non-zero when |response_type| + // is set to kOpaque. Note, this is not set by network service, but will be + // populated if the response was provided by a service worker FetchEvent + // handler. + int64 padding = 0; + // The cache name of the CacheStorage from where the response is served via // the ServiceWorker. Empty if the response isn't from the CacheStorage. string cache_storage_cache_name; diff -Naur a/src/3rdparty/chromium/storage/browser/BUILD.gn b/src/3rdparty/chromium/storage/browser/BUILD.gn --- a/src/3rdparty/chromium/storage/browser/BUILD.gn 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/storage/browser/BUILD.gn 2021-04-30 21:19:25.175854718 +0100 @@ -183,8 +183,6 @@ "file_system/watcher_manager.h", "quota/client_usage_tracker.cc", "quota/client_usage_tracker.h", - "quota/padding_key.cc", - "quota/padding_key.h", "quota/quota_callbacks.h", "quota/quota_client.h", "quota/quota_client_type.cc", diff -Naur a/src/3rdparty/chromium/storage/browser/quota/padding_key.cc b/src/3rdparty/chromium/storage/browser/quota/padding_key.cc --- a/src/3rdparty/chromium/storage/browser/quota/padding_key.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/storage/browser/quota/padding_key.cc 1970-01-01 01:00:00.000000000 +0100 @@ -1,87 +0,0 @@ -// Copyright 2019 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "storage/browser/quota/padding_key.h" - -#include -#include - -#include "base/no_destructor.h" -#include "crypto/hmac.h" -#include "net/http/http_request_headers.h" - -using crypto::SymmetricKey; - -namespace storage { - -namespace { - -const SymmetricKey::Algorithm kPaddingKeyAlgorithm = SymmetricKey::AES; - -// The range of the padding added to response sizes for opaque resources. -// Increment the CacheStorage padding version if changed. -constexpr uint64_t kPaddingRange = 14431 * 1024; - -std::unique_ptr* GetPaddingKeyInternal() { - static base::NoDestructor> s_padding_key([] { - return SymmetricKey::GenerateRandomKey(kPaddingKeyAlgorithm, 128); - }()); - return s_padding_key.get(); -} - -} // namespace - -const SymmetricKey* GetDefaultPaddingKey() { - return GetPaddingKeyInternal()->get(); -} - -std::unique_ptr CopyDefaultPaddingKey() { - return SymmetricKey::Import(kPaddingKeyAlgorithm, - (*GetPaddingKeyInternal())->key()); -} - -std::unique_ptr DeserializePaddingKey( - const std::string& raw_key) { - return SymmetricKey::Import(kPaddingKeyAlgorithm, raw_key); -} - -std::string SerializeDefaultPaddingKey() { - return (*GetPaddingKeyInternal())->key(); -} - -void ResetPaddingKeyForTesting() { - *GetPaddingKeyInternal() = - SymmetricKey::GenerateRandomKey(kPaddingKeyAlgorithm, 128); -} - -int64_t ComputeResponsePadding(const std::string& response_url, - const crypto::SymmetricKey* padding_key, - bool has_metadata, - bool loaded_with_credentials, - const std::string& request_method) { - DCHECK(!response_url.empty()); - - crypto::HMAC hmac(crypto::HMAC::SHA256); - CHECK(hmac.Init(padding_key)); - - std::string key = response_url; - if (has_metadata) - key += "METADATA"; - if (loaded_with_credentials) - key += "CREDENTIALED"; - - // It should only be possible to have a CORS safelisted method here since - // the spec does not permit other methods for no-cors requests. - DCHECK(request_method == net::HttpRequestHeaders::kGetMethod || - request_method == net::HttpRequestHeaders::kHeadMethod || - request_method == net::HttpRequestHeaders::kPostMethod); - key += request_method; - - uint64_t digest_start; - CHECK(hmac.Sign(key, reinterpret_cast(&digest_start), - sizeof(digest_start))); - return digest_start % kPaddingRange; -} - -} // namespace storage diff -Naur a/src/3rdparty/chromium/storage/browser/quota/padding_key.h b/src/3rdparty/chromium/storage/browser/quota/padding_key.h --- a/src/3rdparty/chromium/storage/browser/quota/padding_key.h 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/storage/browser/quota/padding_key.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,70 +0,0 @@ -// Copyright 2019 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef STORAGE_BROWSER_QUOTA_PADDING_KEY_H_ -#define STORAGE_BROWSER_QUOTA_PADDING_KEY_H_ - -#include -#include - -#include "base/component_export.h" -#include "crypto/symmetric_key.h" -#include "url/gurl.h" - -namespace storage { - -COMPONENT_EXPORT(STORAGE_BROWSER) -const crypto::SymmetricKey* GetDefaultPaddingKey(); - -// Returns a copy of the default key used to calculate padding sizes. -// -// The default padding key is a singleton object whose value is randomly -// generated the first time it is requested on every browser startup. In -// CacheStorage, when a cache does not have a padding key, it is assigned the -// current default key. -COMPONENT_EXPORT(STORAGE_BROWSER) -std::unique_ptr CopyDefaultPaddingKey(); - -// Builds a key whose value is the given string. -// -// May return null if deserializing fails (e.g. if the raw key is the wrong -// size). -COMPONENT_EXPORT(STORAGE_BROWSER) -std::unique_ptr DeserializePaddingKey( - const std::string& raw_key); - -// Gets the raw value of the default padding key. -// -// Each cache stores the raw value of the key that should be used when -// calculating its padding size. -COMPONENT_EXPORT(STORAGE_BROWSER) -std::string SerializeDefaultPaddingKey(); - -// Resets the default key to a random value. -// -// Simulating a key change across a browser restart lets us test that padding -// calculations are using the appropriate key. -COMPONENT_EXPORT(STORAGE_BROWSER) -void ResetPaddingKeyForTesting(); - -// Computes the padding size for a resource. -// -// For AppCache, which does not support storing metadata for a resource, -// |has_metadata| will always be false. -// -// For CacheStorage, the padding size of an entry depends on whether it contains -// metadata (a.k.a. "side data") and if the response was loaded with -// credentials. If metadata is added to the entry, the entry must be assigned a -// new padding size. Otherwise, the growth in the entry's size would leak the -// exact size of the added metadata. -COMPONENT_EXPORT(STORAGE_BROWSER) -int64_t ComputeResponsePadding(const std::string& response_url, - const crypto::SymmetricKey* padding_key, - bool has_metadata, - bool loaded_with_credentials, - const std::string& request_method); - -} // namespace storage - -#endif // STORAGE_BROWSER_QUOTA_PADDING_KEY_H_ diff -Naur a/src/3rdparty/chromium/storage/common/BUILD.gn b/src/3rdparty/chromium/storage/common/BUILD.gn --- a/src/3rdparty/chromium/storage/common/BUILD.gn 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/storage/common/BUILD.gn 2021-04-30 21:19:25.175854718 +0100 @@ -17,6 +17,8 @@ "file_system/file_system_types.h", "file_system/file_system_util.cc", "file_system/file_system_util.h", + "quota/padding_key.cc", + "quota/padding_key.h", ] # TODO(jschuh): crbug.com/167187 fix size_t to int truncations. diff -Naur a/src/3rdparty/chromium/storage/common/quota/padding_key.cc b/src/3rdparty/chromium/storage/common/quota/padding_key.cc --- a/src/3rdparty/chromium/storage/common/quota/padding_key.cc 1970-01-01 01:00:00.000000000 +0100 +++ b/src/3rdparty/chromium/storage/common/quota/padding_key.cc 2021-04-30 21:19:46.383509887 +0100 @@ -0,0 +1,146 @@ +// Copyright 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "storage/common/quota/padding_key.h" + +#include +#include +#include +#include "base/no_destructor.h" +#include "base/strings/stringprintf.h" +#include "base/time/time.h" +#include "crypto/hmac.h" +#include "crypto/random.h" +#include "crypto/symmetric_key.h" +#include "net/base/registry_controlled_domains/registry_controlled_domain.h" +#include "net/base/url_util.h" +#include "net/http/http_request_headers.h" +#include "services/network/public/mojom/url_response_head.mojom-shared.h" +#include "url/gurl.h" +#include "url/origin.h" +#include "url/url_canon.h" +#include "url/url_constants.h" +#include "url/url_util.h" + +using crypto::SymmetricKey; + +namespace storage { + +namespace { + +const SymmetricKey::Algorithm kPaddingKeyAlgorithm = SymmetricKey::AES; + +// The range of the padding added to response sizes for opaque resources. +// Increment the CacheStorage padding version if changed. +constexpr uint64_t kPaddingRange = 14431 * 1024; + +std::unique_ptr* GetPaddingKeyInternal() { + static base::NoDestructor> s_padding_key([] { + return SymmetricKey::GenerateRandomKey(kPaddingKeyAlgorithm, 128); + }()); + return s_padding_key.get(); +} + +static bool IsStandardSchemeWithNetworkHost(base::StringPiece scheme) { + // file scheme is special. Windows file share origins can have network hosts. + if (scheme == url::kFileScheme) + return true; + + url::SchemeType scheme_type; + if (!url::GetStandardSchemeType( + scheme.data(), url::Component(0, scheme.length()), &scheme_type)) { + return false; + } + return scheme_type == url::SCHEME_WITH_HOST_PORT_AND_USER_INFORMATION || + scheme_type == url::SCHEME_WITH_HOST_AND_PORT; +} + + +static url::Origin SchemefuleSiteReplacement( + const url::Origin& origin) { + // 1. If origin is an opaque origin, then return origin. + if (origin.opaque()) + return origin; + + std::string registerable_domain; + + // Non-normative step. + // We only lookup the registerable domain for schemes with network hosts, this + // is non-normative. Other schemes for non-opaque origins do not + // meaningfully have a registerable domain for their host, so they are + // skipped. + if (IsStandardSchemeWithNetworkHost(origin.scheme())) { + registerable_domain = GetDomainAndRegistry( + origin, net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES); + } + + // If origin's host's registrable domain is null, then return (origin's + // scheme, origin's host). + // + // `GetDomainAndRegistry()` returns an empty string for IP literals and + // effective TLDs. + // + // Note that `registerable_domain` could still end up empty, since the + // `origin` might have a scheme that permits empty hostnames, such as "file". + bool used_registerable_domain = !registerable_domain.empty(); + if (!used_registerable_domain) + registerable_domain = origin.host(); + + int port = url::DefaultPortForScheme(origin.scheme().c_str(), + origin.scheme().length()); + + // Provide a default port of 0 for non-standard schemes. + if (port == url::PORT_UNSPECIFIED) + port = 0; + + return url::Origin::CreateFromNormalizedTuple(origin.scheme(), + registerable_domain, port); +} + +} // namespace + +bool ShouldPadResponseType(network::mojom::FetchResponseType type) { + return type == network::mojom::FetchResponseType::kOpaque || + type == network::mojom::FetchResponseType::kOpaqueRedirect; +} + +int64_t ComputeRandomResponsePadding() { + uint64_t raw_random = 0; + crypto::RandBytes(&raw_random, sizeof(uint64_t)); + return raw_random % kPaddingRange; +} + +int64_t ComputeStableResponsePadding(const url::Origin& origin, + const std::string& response_url, + const base::Time& response_time, + const std::string& request_method, + int64_t side_data_size) { + DCHECK(!response_url.empty()); + + url::Origin site = SchemefuleSiteReplacement(origin); + + DCHECK_GT(response_time, base::Time::UnixEpoch()); + int64_t microseconds = + (response_time - base::Time::UnixEpoch()).InMicroseconds(); + + // It should only be possible to have a CORS safelisted method here since + // the spec does not permit other methods for no-cors requests. + DCHECK(request_method == net::HttpRequestHeaders::kGetMethod || + request_method == net::HttpRequestHeaders::kHeadMethod || + request_method == net::HttpRequestHeaders::kPostMethod); + + std::string key = base::StringPrintf( + "%s-%" PRId64 "-%s-%s-%" PRId64, response_url.c_str(), microseconds, + site.Serialize().c_str(), request_method.c_str(), side_data_size); + + crypto::HMAC hmac(crypto::HMAC::SHA256); + CHECK(hmac.Init(GetPaddingKeyInternal()->get())); + + uint64_t digest_start = 0; + CHECK(hmac.Sign(key, reinterpret_cast(&digest_start), + sizeof(digest_start))); + return digest_start % kPaddingRange; +} + +} // namespace storage diff -Naur a/src/3rdparty/chromium/storage/common/quota/padding_key.h b/src/3rdparty/chromium/storage/common/quota/padding_key.h --- a/src/3rdparty/chromium/storage/common/quota/padding_key.h 1970-01-01 01:00:00.000000000 +0100 +++ b/src/3rdparty/chromium/storage/common/quota/padding_key.h 2021-04-30 21:19:46.383509887 +0100 @@ -0,0 +1,51 @@ +// Copyright 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef STORAGE_COMMON_QUOTA_PADDING_KEY_H_ +#define STORAGE_COMMON_QUOTA_PADDING_KEY_H_ + +#include +#include + +#include "base/component_export.h" +#include "services/network/public/mojom/url_response_head.mojom-shared.h" +#include "url/gurl.h" + +namespace base { +class Time; +} // namespace base + +namespace url { +class Origin; +} // namespace url + +namespace storage { + +// Utility method to determine if a given type of response should be padded. +COMPONENT_EXPORT(STORAGE_COMMON) +bool ShouldPadResponseType(network::mojom::FetchResponseType type); + +// Compute a purely random padding size for a resource. A random padding is +// preferred except in cases where a site could rapidly trigger a large number +// of padded values for the same resource; e.g. from http cache. +COMPONENT_EXPORT(STORAGE_COMMON) +int64_t ComputeRandomResponsePadding(); + +// Compute a stable padding value for a resource. This should be used for +// cases where a site could trigger a large number of padding values to be +// generated for the same resource; e.g. http cache. The |origin| is the +// origin of the context that loaded the resource. Note, its important that the +// |response_time| be the time stored in the cache and not just the current +// time. The |side_data_size| should only be passed if padding is being +// computed for a side data blob. +COMPONENT_EXPORT(STORAGE_COMMON) +int64_t ComputeStableResponsePadding(const url::Origin& origin, + const std::string& response_url, + const base::Time& response_time, + const std::string& request_method, + int64_t side_data_size = 0); + +} // namespace storage + +#endif // STORAGE_COMMON_QUOTA_PADDING_KEY_H_ diff -Naur a/src/3rdparty/chromium/third_party/angle/src/libANGLE/angletypes.h b/src/3rdparty/chromium/third_party/angle/src/libANGLE/angletypes.h --- a/src/3rdparty/chromium/third_party/angle/src/libANGLE/angletypes.h 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/angle/src/libANGLE/angletypes.h 2021-04-30 21:25:18.485535817 +0100 @@ -74,7 +74,7 @@ bool operator==(const Rectangle &a, const Rectangle &b); bool operator!=(const Rectangle &a, const Rectangle &b); -bool ClipRectangle(const Rectangle &source, const Rectangle &clip, Rectangle *intersection); +ANGLE_NO_DISCARD bool ClipRectangle(const Rectangle &source, const Rectangle &clip, Rectangle *intersection); struct Offset { diff -Naur a/src/3rdparty/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d11/Blit11.cpp b/src/3rdparty/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d11/Blit11.cpp --- a/src/3rdparty/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d11/Blit11.cpp 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d11/Blit11.cpp 2021-04-30 21:25:18.485535817 +0100 @@ -141,7 +141,10 @@ uint8_t *destData) { gl::Rectangle clippedDestArea(destArea.x, destArea.y, destArea.width, destArea.height); - gl::ClipRectangle(clippedDestArea, clipRect, &clippedDestArea); + if (!gl::ClipRectangle(clippedDestArea, clipRect, &clippedDestArea)) + { + return; + } // Determine if entire rows can be copied at once instead of each individual pixel. There // must be no out of bounds lookups, whole rows copies, and no scale. diff -Naur a/src/3rdparty/chromium/third_party/angle/src/libANGLE/renderer/gl/FramebufferGL.cpp b/src/3rdparty/chromium/third_party/angle/src/libANGLE/renderer/gl/FramebufferGL.cpp --- a/src/3rdparty/chromium/third_party/angle/src/libANGLE/renderer/gl/FramebufferGL.cpp 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/angle/src/libANGLE/renderer/gl/FramebufferGL.cpp 2021-04-30 21:25:18.486537548 +0100 @@ -1117,7 +1117,10 @@ // If pixels lying outside the read framebuffer, adjust src region // and dst region to appropriate in-bounds regions respectively. gl::Rectangle realSourceRegion; - ClipRectangle(bounds.sourceRegion, bounds.sourceBounds, &realSourceRegion); + if (!ClipRectangle(bounds.sourceRegion, bounds.sourceBounds, &realSourceRegion)) + { + return angle::Result::Stop; + } GLuint xOffset = realSourceRegion.x - bounds.sourceRegion.x; GLuint yOffset = realSourceRegion.y - bounds.sourceRegion.y; diff -Naur a/src/3rdparty/chromium/third_party/angle/src/libANGLE/renderer/metal/ContextMtl.mm b/src/3rdparty/chromium/third_party/angle/src/libANGLE/renderer/metal/ContextMtl.mm --- a/src/3rdparty/chromium/third_party/angle/src/libANGLE/renderer/metal/ContextMtl.mm 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/angle/src/libANGLE/renderer/metal/ContextMtl.mm 2021-04-30 21:25:18.486537548 +0100 @@ -1362,7 +1362,10 @@ // Clip the render area to the viewport. gl::Rectangle viewportClippedRenderArea; - gl::ClipRectangle(renderArea, glState.getViewport(), &viewportClippedRenderArea); + if (!gl::ClipRectangle(renderArea, glState.getViewport(), &viewportClippedRenderArea)) + { + viewportClippedRenderArea = gl::Rectangle(); + } gl::Rectangle scissoredArea = ClipRectToScissor(getState(), viewportClippedRenderArea, false); if (framebufferMtl->flipY()) diff -Naur a/src/3rdparty/chromium/third_party/angle/src/libANGLE/renderer/vulkan/ContextVk.cpp b/src/3rdparty/chromium/third_party/angle/src/libANGLE/renderer/vulkan/ContextVk.cpp --- a/src/3rdparty/chromium/third_party/angle/src/libANGLE/renderer/vulkan/ContextVk.cpp 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/angle/src/libANGLE/renderer/vulkan/ContextVk.cpp 2021-04-30 21:25:18.486537548 +0100 @@ -2824,8 +2824,11 @@ // Clip the render area to the viewport. gl::Rectangle viewportClippedRenderArea; - gl::ClipRectangle(renderArea, getCorrectedViewport(glState.getViewport()), - &viewportClippedRenderArea); + if (!gl::ClipRectangle(renderArea, getCorrectedViewport(glState.getViewport()), + &viewportClippedRenderArea)) + { + viewportClippedRenderArea = gl::Rectangle(); + } gl::Rectangle scissoredArea = ClipRectToScissor(getState(), viewportClippedRenderArea, false); gl::Rectangle rotatedScissoredArea; diff -Naur a/src/3rdparty/chromium/third_party/blink/public/mojom/fetch/fetch_api_response.mojom b/src/3rdparty/chromium/third_party/blink/public/mojom/fetch/fetch_api_response.mojom --- a/src/3rdparty/chromium/third_party/blink/public/mojom/fetch/fetch_api_response.mojom 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/blink/public/mojom/fetch/fetch_api_response.mojom 2021-04-30 21:20:05.693885817 +0100 @@ -36,6 +36,10 @@ network.mojom.FetchResponseType response_type = network.mojom.FetchResponseType.kDefault; + // Pre-computed padding for this response. This should only be non-zero + // for when |response_type| is kOpaque. + int64 padding = 0; + // The source of this response, e.g. network, CacheStorage. network.mojom.FetchResponseSource response_source = network.mojom.FetchResponseSource.kUnspecified; @@ -89,19 +93,6 @@ // ALPN negotiated protocol of the socket which fetched this resource. string alpn_negotiated_protocol = "unknown"; - // True if the response was loaded with a Request where the credentials mode - // would potentially send cookies to the server: - // - // https://fetch.spec.whatwg.org/#requestcredentials - // - // For example, if RequestCredentials is 'include' this field will be true. - // If RequestCredentials is 'same-origin', but the Response was loaded - // cross-origin then this field will be false. - // - // This field may be true even if there were no cookies actually available - // to send. - bool loaded_with_credentials = false; - // True if the response was originally loaded via a request fetched over a // SPDY channel. bool was_fetched_via_spdy = false; diff -Naur a/src/3rdparty/chromium/third_party/blink/public/platform/web_url_response.h b/src/3rdparty/chromium/third_party/blink/public/platform/web_url_response.h --- a/src/3rdparty/chromium/third_party/blink/public/platform/web_url_response.h 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/blink/public/platform/web_url_response.h 2021-04-30 21:19:25.175854718 +0100 @@ -264,6 +264,12 @@ BLINK_PLATFORM_EXPORT void SetType(network::mojom::FetchResponseType); BLINK_PLATFORM_EXPORT network::mojom::FetchResponseType GetType() const; + // Pre-computed padding. This should only be non-zero if the type is + // kOpaque. In addition, it is only set for responses provided by a + // service worker FetchEvent handler. + BLINK_PLATFORM_EXPORT void SetPadding(int64_t); + BLINK_PLATFORM_EXPORT int64_t GetPadding() const; + // The URL list of the Response object the ServiceWorker passed to // respondWith(). See // network::ResourceResponseInfo::url_list_via_service_worker for details. diff -Naur a/src/3rdparty/chromium/third_party/blink/renderer/core/animation/css_interpolation_types_map.cc b/src/3rdparty/chromium/third_party/blink/renderer/core/animation/css_interpolation_types_map.cc --- a/src/3rdparty/chromium/third_party/blink/renderer/core/animation/css_interpolation_types_map.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/blink/renderer/core/animation/css_interpolation_types_map.cc 2021-04-30 21:13:28.150774858 +0100 @@ -83,28 +83,22 @@ DEFINE_STATIC_LOCAL(ApplicableTypesMap, all_applicable_types_map, ()); DEFINE_STATIC_LOCAL(ApplicableTypesMap, composited_applicable_types_map, ()); - ApplicableTypesMap& applicable_types_map = - allow_all_animations_ ? all_applicable_types_map - : composited_applicable_types_map; - - auto entry = applicable_types_map.find(property); - bool found_entry = entry != applicable_types_map.end(); - // Custom property interpolation types may change over time so don't trust the - // applicableTypesMap without checking the registry. + // applicable_types_map without checking the registry. Also since the static + // map is shared between documents, the registered type may be different in + // the different documents. if (registry_ && property.IsCSSCustomProperty()) { - const auto* registration = GetRegistration(registry_, property); - if (registration) { - if (found_entry) { - applicable_types_map.erase(entry); - } + if (const auto* registration = GetRegistration(registry_, property)) return registration->GetInterpolationTypes(); - } } - if (found_entry) { + ApplicableTypesMap& applicable_types_map = + allow_all_animations_ ? all_applicable_types_map + : composited_applicable_types_map; + + auto entry = applicable_types_map.find(property); + if (entry != applicable_types_map.end()) return *entry->value; - } std::unique_ptr applicable_types = std::make_unique(); diff -Naur a/src/3rdparty/chromium/third_party/blink/renderer/core/BUILD.gn b/src/3rdparty/chromium/third_party/blink/renderer/core/BUILD.gn --- a/src/3rdparty/chromium/third_party/blink/renderer/core/BUILD.gn 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/blink/renderer/core/BUILD.gn 2021-04-30 21:19:25.175854718 +0100 @@ -199,6 +199,7 @@ ] deps = [ "//components/paint_preview/common", + "//storage/common", "//third_party/blink/public/common", "//third_party/blink/renderer/platform", "//third_party/blink/renderer/platform/wtf", diff -Naur a/src/3rdparty/chromium/third_party/blink/renderer/core/fetch/DEPS b/src/3rdparty/chromium/third_party/blink/renderer/core/fetch/DEPS --- a/src/3rdparty/chromium/third_party/blink/renderer/core/fetch/DEPS 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/blink/renderer/core/fetch/DEPS 2021-04-30 21:19:25.175854718 +0100 @@ -9,6 +9,7 @@ "+net/http/http_response_info.h", "+services/network/public/cpp", "+services/network/public/mojom", + "+storage/common/quota/padding_key.h", "+url/gurl.h", ] diff -Naur a/src/3rdparty/chromium/third_party/blink/renderer/core/fetch/fetch_manager.cc b/src/3rdparty/chromium/third_party/blink/renderer/core/fetch/fetch_manager.cc --- a/src/3rdparty/chromium/third_party/blink/renderer/core/fetch/fetch_manager.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/blink/renderer/core/fetch/fetch_manager.cc 2021-04-30 21:19:25.175854718 +0100 @@ -423,16 +423,21 @@ FetchResponseData* response_data = FetchResponseData::CreateWithBuffer( BodyStreamBuffer::Create(script_state, place_holder_body_, signal_)); - response_data->InitFromResourceResponse( - url_list_, fetch_request_data_->Method(), - fetch_request_data_->Credentials(), tainting, response); - - FetchResponseData* tainted_response = nullptr; - DCHECK(!(network_utils::IsRedirectResponseCode(response_http_status_code_) && HasNonEmptyLocationHeader(response_data->HeaderList()) && fetch_request_data_->Redirect() != RedirectMode::kManual)); + auto response_type = response.GetType(); + if (network_utils::IsRedirectResponseCode(response_http_status_code_) && + fetch_request_data_->Redirect() == RedirectMode::kManual) + response_type = network::mojom::FetchResponseType::kOpaqueRedirect; + + response_data->InitFromResourceResponse( + execution_context_, response_type, url_list_, + fetch_request_data_->Method(), fetch_request_data_->Credentials(), + tainting, response); + + FetchResponseData* tainted_response = nullptr; if (network_utils::IsRedirectResponseCode(response_http_status_code_) && fetch_request_data_->Redirect() == RedirectMode::kManual) { tainted_response = response_data->CreateOpaqueRedirectFilteredResponse(); diff -Naur a/src/3rdparty/chromium/third_party/blink/renderer/core/fetch/fetch_response_data.cc b/src/3rdparty/chromium/third_party/blink/renderer/core/fetch/fetch_response_data.cc --- a/src/3rdparty/chromium/third_party/blink/renderer/core/fetch/fetch_response_data.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/blink/renderer/core/fetch/fetch_response_data.cc 2021-04-30 21:20:05.693885817 +0100 @@ -4,6 +4,7 @@ #include "third_party/blink/renderer/core/fetch/fetch_response_data.h" +#include "storage/common/quota/padding_key.h" #include "third_party/blink/public/mojom/fetch/fetch_api_response.mojom-blink.h" #include "third_party/blink/renderer/core/fetch/fetch_header_list.h" #include "third_party/blink/renderer/core/typed_arrays/dom_array_buffer.h" @@ -188,6 +189,7 @@ ExceptionState& exception_state) { FetchResponseData* new_response = Create(); new_response->type_ = type_; + new_response->padding_ = padding_; new_response->response_source_ = response_source_; if (termination_reason_) { new_response->termination_reason_ = std::make_unique(); @@ -204,7 +206,6 @@ new_response->cors_exposed_header_names_ = cors_exposed_header_names_; new_response->connection_info_ = connection_info_; new_response->alpn_negotiated_protocol_ = alpn_negotiated_protocol_; - new_response->loaded_with_credentials_ = loaded_with_credentials_; new_response->was_fetched_via_spdy_ = was_fetched_via_spdy_; new_response->has_range_requested_ = has_range_requested_; @@ -269,6 +270,7 @@ response->status_code = status_; response->status_text = status_message_; response->response_type = type_; + response->padding = padding_; response->response_source = response_source_; response->mime_type = mime_type_; response->request_method = request_method_; @@ -278,7 +280,6 @@ HeaderSetToVector(cors_exposed_header_names_); response->connection_info = connection_info_; response->alpn_negotiated_protocol = alpn_negotiated_protocol_; - response->loaded_with_credentials = loaded_with_credentials_; response->was_fetched_via_spdy = was_fetched_via_spdy_; response->has_range_requested = has_range_requested_; for (const auto& header : HeaderList()->List()) @@ -289,6 +290,8 @@ } void FetchResponseData::InitFromResourceResponse( + ExecutionContext* context, + network::mojom::FetchResponseType response_type, const Vector& request_url_list, const AtomicString& request_method, network::mojom::CredentialsMode request_credentials, @@ -339,14 +342,23 @@ SetWasFetchedViaSpdy(response.WasFetchedViaSPDY()); - // TODO(wanderview): Remove |tainting| and use |response.GetType()| - // instead once the OOR-CORS disabled path is removed. - SetLoadedWithCredentials( - request_credentials == network::mojom::CredentialsMode::kInclude || - (request_credentials == network::mojom::CredentialsMode::kSameOrigin && - tainting == FetchRequestData::kBasicTainting)); - SetHasRangeRequested(response.HasRangeRequested()); + + // Use the explicit padding in the response provided by a service worker + // or compute a new padding if necessary. + if (response.GetPadding()) { + SetPadding(response.GetPadding()); + } else { + if (storage::ShouldPadResponseType(response_type)) { + int64_t padding = response.WasCached() + ? storage::ComputeStableResponsePadding( + context->GetSecurityOrigin()->ToUrlOrigin(), + Url()->GetString().Utf8(), ResponseTime(), + request_method.Utf8()) + : storage::ComputeRandomResponsePadding(); + SetPadding(padding); + } + } } FetchResponseData::FetchResponseData(Type type, @@ -354,6 +366,7 @@ uint16_t status, AtomicString status_message) : type_(type), + padding_(0), response_source_(source), status_(status), status_message_(status_message), @@ -361,7 +374,6 @@ response_time_(base::Time::Now()), connection_info_(net::HttpResponseInfo::CONNECTION_INFO_UNKNOWN), alpn_negotiated_protocol_("unknown"), - loaded_with_credentials_(false), was_fetched_via_spdy_(false), has_range_requested_(false) {} diff -Naur a/src/3rdparty/chromium/third_party/blink/renderer/core/fetch/fetch_response_data.h b/src/3rdparty/chromium/third_party/blink/renderer/core/fetch/fetch_response_data.h --- a/src/3rdparty/chromium/third_party/blink/renderer/core/fetch/fetch_response_data.h 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/blink/renderer/core/fetch/fetch_response_data.h 2021-04-30 21:20:05.693885817 +0100 @@ -85,6 +85,8 @@ } bool HasRangeRequested() const { return has_range_requested_; } + int64_t GetPadding() const { return padding_; } + void SetPadding(int64_t padding) { padding_ = padding; } void SetResponseSource(network::mojom::FetchResponseSource response_source) { response_source_ = response_source; } @@ -116,9 +118,6 @@ void SetAlpnNegotiatedProtocol(AtomicString alpn_negotiated_protocol) { alpn_negotiated_protocol_ = alpn_negotiated_protocol; } - void SetLoadedWithCredentials(bool loaded_with_credentials) { - loaded_with_credentials_ = loaded_with_credentials; - } void SetWasFetchedViaSpdy(bool was_fetched_via_spdy) { was_fetched_via_spdy_ = was_fetched_via_spdy; } @@ -138,6 +137,8 @@ // Initialize non-body data from the given |response|. void InitFromResourceResponse( + ExecutionContext* context, + network::mojom::FetchResponseType response_type, const Vector& request_url_list, const AtomicString& request_method, network::mojom::CredentialsMode request_credentials, @@ -148,6 +149,7 @@ private: network::mojom::FetchResponseType type_; + int64_t padding_; network::mojom::FetchResponseSource response_source_; std::unique_ptr termination_reason_; Vector url_list_; @@ -163,7 +165,6 @@ HTTPHeaderSet cors_exposed_header_names_; net::HttpResponseInfo::ConnectionInfo connection_info_; AtomicString alpn_negotiated_protocol_; - bool loaded_with_credentials_; bool was_fetched_via_spdy_; bool has_range_requested_; diff -Naur a/src/3rdparty/chromium/third_party/blink/renderer/core/fetch/response.cc b/src/3rdparty/chromium/third_party/blink/renderer/core/fetch/response.cc --- a/src/3rdparty/chromium/third_party/blink/renderer/core/fetch/response.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/blink/renderer/core/fetch/response.cc 2021-04-30 21:20:05.694887549 +0100 @@ -374,6 +374,7 @@ else response = FetchResponseData::CreateNetworkErrorResponse(); + response->SetPadding(fetch_api_response.padding); response->SetResponseSource(fetch_api_response.response_source); response->SetURLList(fetch_api_response.url_list); response->SetStatus(fetch_api_response.status_code); @@ -386,8 +387,6 @@ response->SetConnectionInfo(fetch_api_response.connection_info); response->SetAlpnNegotiatedProtocol( WTF::AtomicString(fetch_api_response.alpn_negotiated_protocol)); - response->SetLoadedWithCredentials( - fetch_api_response.loaded_with_credentials); response->SetWasFetchedViaSpdy(fetch_api_response.was_fetched_via_spdy); response->SetHasRangeRequested(fetch_api_response.has_range_requested); diff -Naur a/src/3rdparty/chromium/third_party/blink/renderer/core/frame/local_frame_view.cc b/src/3rdparty/chromium/third_party/blink/renderer/core/frame/local_frame_view.cc --- a/src/3rdparty/chromium/third_party/blink/renderer/core/frame/local_frame_view.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/blink/renderer/core/frame/local_frame_view.cc 2021-04-30 20:09:39.234077417 +0100 @@ -2766,11 +2766,14 @@ for (PaintLayerScrollableArea* area : *animating_scrollable_areas) area->UpdateCompositorScrollAnimations(); } - frame_view.GetLayoutView() - ->GetDocument() - .GetDocumentAnimations() - .UpdateAnimations(DocumentLifecycle::kPaintClean, - paint_artifact_compositor_.get()); + { + ScriptForbiddenScope forbid_script; + frame_view.GetLayoutView() + ->GetDocument() + .GetDocumentAnimations() + .UpdateAnimations(DocumentLifecycle::kPaintClean, + paint_artifact_compositor_.get()); + } }); // Initialize animation properties in the newly created paint property diff -Naur a/src/3rdparty/chromium/third_party/blink/renderer/core/loader/modulescript/module_script_loader.cc b/src/3rdparty/chromium/third_party/blink/renderer/core/loader/modulescript/module_script_loader.cc --- a/src/3rdparty/chromium/third_party/blink/renderer/core/loader/modulescript/module_script_loader.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/blink/renderer/core/loader/modulescript/module_script_loader.cc 2021-04-30 21:16:34.639100084 +0100 @@ -122,12 +122,6 @@ ResourceLoaderOptions options(&modulator_->GetScriptState()->World()); - // If destination is "worker" or "sharedworker" and the - // top-level module fetch flag is set, then set request's mode to - // "same-origin". - // Cross-origin workers are not supported due to security checks in - // AbstractWorker::ResolveURL, so no action needs to be taken here. - // Set up the module script request given request and // options. // @@ -178,6 +172,26 @@ fetch_client_settings_object.GetSecurityOrigin(), options_.CredentialsMode()); + // If destination is "worker" or "sharedworker" and the + // top-level module fetch flag is set, then set request's mode to + // "same-origin". + // + // `kServiceWorker` is included here for consistency, while it isn't mentioned + // in the spec. This doesn't affect the behavior, because we already forbid + // redirects and cross-origin response URLs in other places. + if ((module_request.Destination() == + network::mojom::RequestDestination::kWorker || + module_request.Destination() == + network::mojom::RequestDestination::kSharedWorker || + module_request.Destination() == + network::mojom::RequestDestination::kServiceWorker) && + level == ModuleGraphLevel::kTopLevelModuleFetch) { + // This should be done after SetCrossOriginAccessControl() that sets the + // mode to kCors. + fetch_params.MutableResourceRequest().SetMode( + network::mojom::RequestMode::kSameOrigin); + } + // ... referrer is referrer, ... fetch_params.MutableResourceRequest().SetReferrerString( module_request.ReferrerString()); diff -Naur a/src/3rdparty/chromium/third_party/blink/renderer/core/scroll/scroll_animator_mac.mm b/src/3rdparty/chromium/third_party/blink/renderer/core/scroll/scroll_animator_mac.mm --- a/src/3rdparty/chromium/third_party/blink/renderer/core/scroll/scroll_animator_mac.mm 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/blink/renderer/core/scroll/scroll_animator_mac.mm 2021-04-30 21:13:46.598660068 +0100 @@ -327,6 +327,11 @@ double fraction = delta / duration_; fraction = clampTo(fraction, 0.0, 1.0); double progress = timing_function_->Evaluate(fraction); + // In some scenarios, animation_ gets released during the call to + // setCurrentProgress. Because BlinkScrollbarPartAnimationTimer is a + // member variable of BlinkScrollbarPartAnimation animation_ the timer + // gets freed at the same time with animation_. In that case, it will + // not be safe to call any other code after animation_ setCurrentProgress. [animation_ setCurrentProgress:progress]; } @@ -401,6 +406,10 @@ - (void)setCurrentProgress:(NSAnimationProgress)progress { DCHECK(_scrollbar); + // In some scenarios, BlinkScrollbarPartAnimation is released in the middle + // of this method by _scrollbarPainter. This is why we have to retain the self + // pointer when we run this method. + [self retain]; CGFloat currentValue; if (_startValue > _endValue) @@ -427,7 +436,13 @@ break; } - _scrollbar->SetNeedsPaintInvalidation(invalidParts); + // Before BlinkScrollbarPartAnimation is released by _scrollbarPainter, + // invalidate is called and _scrollbar is set to nullptr. Check to see + // if _scrollbar is non-null before calling SetNeedsPaintInvalidation. + if (_scrollbar) + _scrollbar->SetNeedsPaintInvalidation(invalidParts); + + [self release]; } - (void)invalidate { diff -Naur a/src/3rdparty/chromium/third_party/blink/renderer/modules/service_worker/fetch_event.cc b/src/3rdparty/chromium/third_party/blink/renderer/modules/service_worker/fetch_event.cc --- a/src/3rdparty/chromium/third_party/blink/renderer/modules/service_worker/fetch_event.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/blink/renderer/modules/service_worker/fetch_event.cc 2021-04-30 21:19:25.176856449 +0100 @@ -158,13 +158,19 @@ Vector url_list(1); url_list[0] = preload_response_->CurrentRequestUrl(); + auto response_type = + network_utils::IsRedirectResponseCode(preload_response_->HttpStatusCode()) + ? network::mojom::FetchResponseType::kOpaqueRedirect + : network::mojom::FetchResponseType::kBasic; + response_data->InitFromResourceResponse( - url_list, http_names::kGET, network::mojom::CredentialsMode::kInclude, + ExecutionContext::From(script_state), response_type, url_list, + http_names::kGET, network::mojom::CredentialsMode::kInclude, FetchRequestData::kBasicTainting, preload_response_->ToResourceResponse()); FetchResponseData* tainted_response = - network_utils::IsRedirectResponseCode(preload_response_->HttpStatusCode()) + response_type == network::mojom::FetchResponseType::kOpaqueRedirect ? response_data->CreateOpaqueRedirectFilteredResponse() : response_data->CreateBasicFilteredResponse(); preload_response_property_->Resolve( diff -Naur a/src/3rdparty/chromium/third_party/blink/renderer/modules/webmidi/midi_dispatcher.cc b/src/3rdparty/chromium/third_party/blink/renderer/modules/webmidi/midi_dispatcher.cc --- a/src/3rdparty/chromium/third_party/blink/renderer/modules/webmidi/midi_dispatcher.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/blink/renderer/modules/webmidi/midi_dispatcher.cc 2021-04-30 21:14:54.318706961 +0100 @@ -101,8 +101,13 @@ void MIDIDispatcher::SessionStarted(midi::mojom::blink::Result result) { TRACE_EVENT0("midi", "MIDIDispatcher::OnSessionStarted"); + // We always have a valid instance in `client_` in the production code, but + // just in case to be robust for mojo injections and code changes in the + // future. Other methods protect accesses to `client_` by `initialized_` flag + // that is set below. + SECURITY_CHECK(client_); + DCHECK(!initialized_); - DCHECK(client_); initialized_ = true; if (result == midi::mojom::blink::Result::OK) { diff -Naur a/src/3rdparty/chromium/third_party/blink/renderer/platform/exported/web_url_response.cc b/src/3rdparty/chromium/third_party/blink/renderer/platform/exported/web_url_response.cc --- a/src/3rdparty/chromium/third_party/blink/renderer/platform/exported/web_url_response.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/blink/renderer/platform/exported/web_url_response.cc 2021-04-30 21:19:25.176856449 +0100 @@ -374,6 +374,13 @@ return resource_response_->GetType(); } +void WebURLResponse::SetPadding(int64_t padding) { + resource_response_->SetPadding(padding); +} +int64_t WebURLResponse::GetPadding() const { + return resource_response_->GetPadding(); +} + void WebURLResponse::SetUrlListViaServiceWorker( const WebVector& url_list_via_service_worker) { Vector url_list(url_list_via_service_worker.size()); diff -Naur a/src/3rdparty/chromium/third_party/blink/renderer/platform/loader/fetch/resource_response.h b/src/3rdparty/chromium/third_party/blink/renderer/platform/loader/fetch/resource_response.h --- a/src/3rdparty/chromium/third_party/blink/renderer/platform/loader/fetch/resource_response.h 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/blink/renderer/platform/loader/fetch/resource_response.h 2021-04-30 21:19:25.176856449 +0100 @@ -358,6 +358,9 @@ // https://html.spec.whatwg.org/C/#cors-cross-origin bool IsCorsCrossOrigin() const; + int64_t GetPadding() const { return padding_; } + void SetPadding(int64_t padding) { padding_ = padding; } + // See network::ResourceResponseInfo::url_list_via_service_worker. const Vector& UrlListViaServiceWorker() const { return url_list_via_service_worker_; @@ -597,6 +600,11 @@ network::mojom::FetchResponseType response_type_ = network::mojom::FetchResponseType::kDefault; + // Pre-computed padding. This should only be non-zero if |response_type| is + // set to kOpaque. In addition, it is only set if the response was provided + // by a service worker FetchEvent handler. + int64_t padding_ = 0; + // HTTP version used in the response, if known. HTTPVersion http_version_ = kHTTPVersionUnknown; diff -Naur a/src/3rdparty/chromium/third_party/blink/renderer/platform/network/network_state_notifier.cc b/src/3rdparty/chromium/third_party/blink/renderer/platform/network/network_state_notifier.cc --- a/src/3rdparty/chromium/third_party/blink/renderer/platform/network/network_state_notifier.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/blink/renderer/platform/network/network_state_notifier.cc 2021-04-30 21:15:14.791091301 +0100 @@ -395,8 +395,14 @@ // If any observers were removed during the iteration they will have // 0 values, clean them up. - for (wtf_size_t i = 0; i < list->zeroed_observers.size(); ++i) - list->observers.EraseAt(list->zeroed_observers[i]); + std::sort(list->zeroed_observers.begin(), list->zeroed_observers.end()); + int removed = 0; + for (wtf_size_t i = 0; i < list->zeroed_observers.size(); ++i) { + int index_to_remove = list->zeroed_observers[i] - removed; + DCHECK_EQ(nullptr, list->observers[index_to_remove]); + list->observers.EraseAt(index_to_remove); + removed += 1; + } list->zeroed_observers.clear(); diff -Naur a/src/3rdparty/chromium/third_party/blink/renderer/platform/network/network_state_notifier_test.cc b/src/3rdparty/chromium/third_party/blink/renderer/platform/network/network_state_notifier_test.cc --- a/src/3rdparty/chromium/third_party/blink/renderer/platform/network/network_state_notifier_test.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/blink/renderer/platform/network/network_state_notifier_test.cc 2021-04-30 21:15:14.791091301 +0100 @@ -528,6 +528,53 @@ kUnknownThroughputMbps, SaveData::kOff)); } +// It should be safe to remove multiple observers in one iteration. +TEST_F(NetworkStateNotifierTest, RemoveMultipleObserversWhileNotifying) { + StateObserver observer1, observer2, observer3; + std::unique_ptr handle1 = + notifier_.AddConnectionObserver(&observer1, GetTaskRunner()); + std::unique_ptr handle2 = + notifier_.AddConnectionObserver(&observer2, GetTaskRunner()); + std::unique_ptr handle3 = + notifier_.AddConnectionObserver(&observer3, GetTaskRunner()); + observer1.RemoveObserverOnNotification(std::move(handle1)); + observer3.RemoveObserverOnNotification(std::move(handle3)); + + // Running the first time should delete observers 1 and 3. + SetConnection(kWebConnectionTypeBluetooth, kBluetoothMaxBandwidthMbps, + WebEffectiveConnectionType::kTypeUnknown, kUnknownRtt, + kUnknownRtt, kUnknownThroughputMbps, SaveData::kOff); + EXPECT_TRUE(VerifyObservations( + observer1, kWebConnectionTypeBluetooth, kBluetoothMaxBandwidthMbps, + WebEffectiveConnectionType::kTypeUnknown, kUnknownRtt, kUnknownRtt, + kUnknownThroughputMbps, SaveData::kOff)); + EXPECT_TRUE(VerifyObservations( + observer2, kWebConnectionTypeBluetooth, kBluetoothMaxBandwidthMbps, + WebEffectiveConnectionType::kTypeUnknown, kUnknownRtt, kUnknownRtt, + kUnknownThroughputMbps, SaveData::kOff)); + EXPECT_TRUE(VerifyObservations( + observer3, kWebConnectionTypeBluetooth, kBluetoothMaxBandwidthMbps, + WebEffectiveConnectionType::kTypeUnknown, kUnknownRtt, kUnknownRtt, + kUnknownThroughputMbps, SaveData::kOff)); + + // Run again and only observer 2 should have been updated. + SetConnection(kWebConnectionTypeEthernet, kEthernetMaxBandwidthMbps, + WebEffectiveConnectionType::kTypeUnknown, kUnknownRtt, + kUnknownRtt, kUnknownThroughputMbps, SaveData::kOff); + EXPECT_TRUE(VerifyObservations( + observer1, kWebConnectionTypeBluetooth, kBluetoothMaxBandwidthMbps, + WebEffectiveConnectionType::kTypeUnknown, kUnknownRtt, kUnknownRtt, + kUnknownThroughputMbps, SaveData::kOff)); + EXPECT_TRUE(VerifyObservations( + observer2, kWebConnectionTypeEthernet, kEthernetMaxBandwidthMbps, + WebEffectiveConnectionType::kTypeUnknown, kUnknownRtt, kUnknownRtt, + kUnknownThroughputMbps, SaveData::kOff)); + EXPECT_TRUE(VerifyObservations( + observer3, kWebConnectionTypeBluetooth, kBluetoothMaxBandwidthMbps, + WebEffectiveConnectionType::kTypeUnknown, kUnknownRtt, kUnknownRtt, + kUnknownThroughputMbps, SaveData::kOff)); +} + TEST_F(NetworkStateNotifierTest, MultipleContextsAddObserver) { StateObserver observer1, observer2; std::unique_ptr handle1 = diff -Naur a/src/3rdparty/chromium/third_party/blink/renderer/platform/weborigin/security_origin.cc b/src/3rdparty/chromium/third_party/blink/renderer/platform/weborigin/security_origin.cc --- a/src/3rdparty/chromium/third_party/blink/renderer/platform/weborigin/security_origin.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/blink/renderer/platform/weborigin/security_origin.cc 2021-04-30 20:10:44.929638395 +0100 @@ -143,7 +143,8 @@ domain_(host_), port_(IsDefaultPortForProtocol(url.Port(), protocol_) ? kInvalidPort : url.Port()), - effective_port_(port_ ? port_ : DefaultPortForProtocol(protocol_)) { + effective_port_(port_ ? port_ : DefaultPortForProtocol(protocol_)), + full_url_(url.Copy()) { DCHECK(!ShouldTreatAsOpaqueOrigin(url)); // NOTE(juvaldma)(Chromium 67.0.3396.47) @@ -193,7 +194,8 @@ agent_cluster_id_(other->agent_cluster_id_), precursor_origin_(other->precursor_origin_ ? other->precursor_origin_->IsolatedCopy() - : nullptr) {} + : nullptr), + full_url_(other->full_url_.Copy()) {} SecurityOrigin::SecurityOrigin(const SecurityOrigin* other, ConstructSameThreadCopy) @@ -212,7 +214,8 @@ other->is_opaque_origin_potentially_trustworthy_), cross_agent_cluster_access_(other->cross_agent_cluster_access_), agent_cluster_id_(other->agent_cluster_id_), - precursor_origin_(other->precursor_origin_) {} + precursor_origin_(other->precursor_origin_), + full_url_(other->full_url_.Copy()) {} scoped_refptr SecurityOrigin::CreateWithReferenceOrigin( const KURL& url, @@ -281,6 +284,7 @@ url::Origin::Nonce(*nonce_if_opaque), tuple_origin.get())); } CHECK(tuple_origin); + tuple_origin->full_url_ = KURL(origin.GetFullURL()); return tuple_origin; } @@ -297,6 +301,7 @@ } url::Origin result = url::Origin::CreateFromNormalizedTuple( std::move(scheme), std::move(host), port); + result.SetFullURL(full_url_); CHECK(!result.opaque()); return result; } diff -Naur a/src/3rdparty/chromium/third_party/blink/renderer/platform/weborigin/security_origin.h b/src/3rdparty/chromium/third_party/blink/renderer/platform/weborigin/security_origin.h --- a/src/3rdparty/chromium/third_party/blink/renderer/platform/weborigin/security_origin.h 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/blink/renderer/platform/weborigin/security_origin.h 2021-04-30 20:10:44.929638395 +0100 @@ -35,6 +35,7 @@ #include "base/gtest_prod_util.h" #include "base/macros.h" #include "third_party/blink/renderer/platform/platform_export.h" +#include "third_party/blink/renderer/platform/weborigin/kurl.h" #include "third_party/blink/renderer/platform/wtf/allocator/allocator.h" #include "third_party/blink/renderer/platform/wtf/text/wtf_string.h" #include "third_party/blink/renderer/platform/wtf/thread_safe_ref_counted.h" @@ -424,6 +425,8 @@ // origin is derived. const scoped_refptr precursor_origin_; + KURL full_url_; + DISALLOW_COPY_AND_ASSIGN(SecurityOrigin); }; diff -Naur a/src/3rdparty/chromium/third_party/blink/tools/blinkpy/presubmit/audit_non_blink_usage.py b/src/3rdparty/chromium/third_party/blink/tools/blinkpy/presubmit/audit_non_blink_usage.py --- a/src/3rdparty/chromium/third_party/blink/tools/blinkpy/presubmit/audit_non_blink_usage.py 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/blink/tools/blinkpy/presubmit/audit_non_blink_usage.py 2021-04-30 21:19:25.176856449 +0100 @@ -1172,6 +1172,15 @@ 'allowed': ['net::RequestPriority'], }, { + 'paths': + ['third_party/blink/renderer/core/fetch/fetch_response_data.cc'], + 'allowed': [ + 'storage::ComputeRandomResponsePadding', + 'storage::ComputeStableResponsePadding', + 'storage::ShouldPadResponseType' + ], + }, + { 'paths': ['third_party/blink/renderer/core/frame/local_frame_view.cc'], 'allowed': ['cc::frame_viewer_instrumentation::IsTracingLayerTreeSnapshots'], diff -Naur a/src/3rdparty/chromium/third_party/skia/src/core/SkScalerContext.cpp b/src/3rdparty/chromium/third_party/skia/src/core/SkScalerContext.cpp --- a/src/3rdparty/chromium/third_party/skia/src/core/SkScalerContext.cpp 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/skia/src/core/SkScalerContext.cpp 2021-04-30 21:17:25.854620657 +0100 @@ -541,41 +541,39 @@ } void SkScalerContext::getImage(const SkGlyph& origGlyph) { - const SkGlyph* glyph = &origGlyph; + const SkGlyph* unfilteredGlyph = &origGlyph; SkGlyph tmpGlyph{origGlyph.getPackedID()}; // in case we need to call generateImage on a mask-format that is different // (i.e. larger) than what our caller allocated by looking at origGlyph. SkAutoMalloc tmpGlyphImageStorage; - if (fMaskFilter) { // restore the prefilter bounds - + if (fMaskFilter) { // need the original bounds, sans our maskfilter sk_sp mf = std::move(fMaskFilter); this->getMetrics(&tmpGlyph); fMaskFilter = std::move(mf); - // we need the prefilter bounds to be <= filter bounds - SkASSERT(tmpGlyph.fWidth <= origGlyph.fWidth); - SkASSERT(tmpGlyph.fHeight <= origGlyph.fHeight); - - if (tmpGlyph.fMaskFormat == origGlyph.fMaskFormat) { + // Use the origGlyph storage for the temporary unfiltered mask if it will fit. + if (tmpGlyph.fMaskFormat == origGlyph.fMaskFormat && + tmpGlyph.imageSize() <= origGlyph.imageSize()) + { tmpGlyph.fImage = origGlyph.fImage; } else { tmpGlyphImageStorage.reset(tmpGlyph.imageSize()); tmpGlyph.fImage = tmpGlyphImageStorage.get(); } - glyph = &tmpGlyph; + unfilteredGlyph = &tmpGlyph; } if (!fGenerateImageFromPath) { - generateImage(*glyph); + generateImage(*unfilteredGlyph); } else { SkPath devPath; - SkMask mask = glyph->mask(); + SkMask mask = unfilteredGlyph->mask(); - if (!this->internalGetPath(glyph->getPackedID(), &devPath)) { - generateImage(*glyph); + if (!this->internalGetPath(unfilteredGlyph->getPackedID(), &devPath)) { + generateImage(*unfilteredGlyph); } else { SkASSERT(SkMask::kARGB32_Format != origGlyph.fMaskFormat); SkASSERT(SkMask::kARGB32_Format != mask.fFormat); @@ -587,39 +585,98 @@ } if (fMaskFilter) { - // the src glyph image shouldn't be 3D - SkASSERT(SkMask::k3D_Format != glyph->fMaskFormat); + // k3D_Format should not be mask filtered. + SkASSERT(SkMask::k3D_Format != unfilteredGlyph->fMaskFormat); + + SkMask filteredMask; + SkMask srcMask; + SkMatrix m; + fRec.getMatrixFrom2x2(&m); + + if (as_MFB(fMaskFilter)->filterMask(&filteredMask, unfilteredGlyph->mask(), m, nullptr)) { + // Filter succeeded; filteredMask.fImage was allocated. + srcMask = filteredMask; + } else if (unfilteredGlyph->fImage == tmpGlyphImageStorage.get()) { + // Filter did nothing; unfiltered mask is independent of origGlyph.fImage. + srcMask = unfilteredGlyph->mask(); + } else if (origGlyph.iRect() == unfilteredGlyph->iRect()) { + // Filter did nothing; the unfiltered mask is in origGlyph.fImage and matches. + return; + } else { + // Filter did nothing; the unfiltered mask is in origGlyph.fImage and conflicts. + srcMask = unfilteredGlyph->mask(); + size_t imageSize = unfilteredGlyph->imageSize(); + tmpGlyphImageStorage.reset(imageSize); + srcMask.fImage = static_cast(tmpGlyphImageStorage.get()); + memcpy(srcMask.fImage, unfilteredGlyph->fImage, imageSize); + } + + SkASSERT_RELEASE(srcMask.fFormat == origGlyph.fMaskFormat); + SkMask dstMask = origGlyph.mask(); + SkIRect origBounds = dstMask.fBounds; + + // Find the intersection of src and dst while updating the fImages. + if (srcMask.fBounds.fTop < dstMask.fBounds.fTop) { + int32_t topDiff = dstMask.fBounds.fTop - srcMask.fBounds.fTop; + srcMask.fImage += srcMask.fRowBytes * topDiff; + srcMask.fBounds.fTop = dstMask.fBounds.fTop; + } + if (dstMask.fBounds.fTop < srcMask.fBounds.fTop) { + int32_t topDiff = srcMask.fBounds.fTop - dstMask.fBounds.fTop; + dstMask.fImage += dstMask.fRowBytes * topDiff; + dstMask.fBounds.fTop = srcMask.fBounds.fTop; + } + + if (srcMask.fBounds.fLeft < dstMask.fBounds.fLeft) { + int32_t leftDiff = dstMask.fBounds.fLeft - srcMask.fBounds.fLeft; + srcMask.fImage += leftDiff; + srcMask.fBounds.fLeft = dstMask.fBounds.fLeft; + } + if (dstMask.fBounds.fLeft < srcMask.fBounds.fLeft) { + int32_t leftDiff = srcMask.fBounds.fLeft - dstMask.fBounds.fLeft; + dstMask.fImage += leftDiff; + dstMask.fBounds.fLeft = srcMask.fBounds.fLeft; + } + + if (srcMask.fBounds.fBottom < dstMask.fBounds.fBottom) { + dstMask.fBounds.fBottom = srcMask.fBounds.fBottom; + } + if (dstMask.fBounds.fBottom < srcMask.fBounds.fBottom) { + srcMask.fBounds.fBottom = dstMask.fBounds.fBottom; + } + + if (srcMask.fBounds.fRight < dstMask.fBounds.fRight) { + dstMask.fBounds.fRight = srcMask.fBounds.fRight; + } + if (dstMask.fBounds.fRight < srcMask.fBounds.fRight) { + srcMask.fBounds.fRight = dstMask.fBounds.fRight; + } + + SkASSERT(srcMask.fBounds == dstMask.fBounds); + int width = srcMask.fBounds.width(); + int height = srcMask.fBounds.height(); + int dstRB = dstMask.fRowBytes; + int srcRB = srcMask.fRowBytes; + + const uint8_t* src = srcMask.fImage; + uint8_t* dst = dstMask.fImage; + + if (SkMask::k3D_Format == filteredMask.fFormat) { + // we have to copy 3 times as much + height *= 3; + } + + // If not filling the full original glyph, clear it out first. + if (dstMask.fBounds != origBounds) { + sk_bzero(origGlyph.fImage, origGlyph.fHeight * origGlyph.rowBytes()); + } - SkMask srcM = glyph->mask(), - dstM; - SkMatrix matrix; - - fRec.getMatrixFrom2x2(&matrix); - - if (as_MFB(fMaskFilter)->filterMask(&dstM, srcM, matrix, nullptr)) { - int width = std::min(origGlyph.fWidth, dstM.fBounds.width()); - int height = std::min(origGlyph.fHeight, dstM.fBounds.height()); - int dstRB = origGlyph.rowBytes(); - int srcRB = dstM.fRowBytes; - - const uint8_t* src = (const uint8_t*)dstM.fImage; - uint8_t* dst = (uint8_t*)origGlyph.fImage; - - if (SkMask::k3D_Format == dstM.fFormat) { - // we have to copy 3 times as much - height *= 3; - } - - // clean out our glyph, since it may be larger than dstM - //sk_bzero(dst, height * dstRB); - - while (--height >= 0) { - memcpy(dst, src, width); - src += srcRB; - dst += dstRB; - } - SkMask::FreeImage(dstM.fImage); + while (--height >= 0) { + memcpy(dst, src, width); + src += srcRB; + dst += dstRB; } + SkMask::FreeImage(filteredMask.fImage); } } diff -Naur a/src/3rdparty/chromium/third_party/sqlite/src/amalgamation/sqlite3.c b/src/3rdparty/chromium/third_party/sqlite/src/amalgamation/sqlite3.c --- a/src/3rdparty/chromium/third_party/sqlite/src/amalgamation/sqlite3.c 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/sqlite/src/amalgamation/sqlite3.c 2021-04-30 21:16:15.249587377 +0100 @@ -50422,6 +50422,7 @@ p->page.pExtra = &p[1]; p->isBulkLocal = 0; p->isAnchor = 0; + p->pLruPrev = 0; /* Initializing this saves a valgrind error */ } (*pCache->pnPurgeable)++; return p; @@ -72324,7 +72325,9 @@ } pgno = get4byte(pRight); while( 1 ){ - rc = getAndInitPage(pBt, pgno, &apOld[i], 0, 0); + if( rc==SQLITE_OK ){ + rc = getAndInitPage(pBt, pgno, &apOld[i], 0, 0); + } if( rc ){ memset(apOld, 0, (i+1)*sizeof(MemPage*)); goto balance_cleanup; @@ -72363,12 +72366,10 @@ if( pBt->btsFlags & BTS_FAST_SECURE ){ int iOff; + /* If the following if() condition is not true, the db is corrupted. + ** The call to dropCell() below will detect this. */ iOff = SQLITE_PTR_TO_INT(apDiv[i]) - SQLITE_PTR_TO_INT(pParent->aData); - if( (iOff+szNew[i])>(int)pBt->usableSize ){ - rc = SQLITE_CORRUPT_BKPT; - memset(apOld, 0, (i+1)*sizeof(MemPage*)); - goto balance_cleanup; - }else{ + if( (iOff+szNew[i])<=(int)pBt->usableSize ){ memcpy(&aOvflSpace[iOff], apDiv[i], szNew[i]); apDiv[i] = &aOvflSpace[apDiv[i]-pParent->aData]; } @@ -231234,7 +231235,7 @@ #endif /* !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_STMTVTAB) */ /************** End of stmt.c ************************************************/ -#if __LINE__!=231237 +#if __LINE__!=231238 #undef SQLITE_SOURCE_ID #define SQLITE_SOURCE_ID "2020-12-01 16:14:00 b7738010bc8ef02ba84820368e557306390a33c38adaa5c7703154bae3edalt2" #endif diff -Naur a/src/3rdparty/chromium/third_party/sqlite/src/amalgamation_dev/sqlite3.c b/src/3rdparty/chromium/third_party/sqlite/src/amalgamation_dev/sqlite3.c --- a/src/3rdparty/chromium/third_party/sqlite/src/amalgamation_dev/sqlite3.c 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/sqlite/src/amalgamation_dev/sqlite3.c 2021-04-30 21:16:15.268620272 +0100 @@ -50435,6 +50435,7 @@ p->page.pExtra = &p[1]; p->isBulkLocal = 0; p->isAnchor = 0; + p->pLruPrev = 0; /* Initializing this saves a valgrind error */ } (*pCache->pnPurgeable)++; return p; @@ -72337,7 +72338,9 @@ } pgno = get4byte(pRight); while( 1 ){ - rc = getAndInitPage(pBt, pgno, &apOld[i], 0, 0); + if( rc==SQLITE_OK ){ + rc = getAndInitPage(pBt, pgno, &apOld[i], 0, 0); + } if( rc ){ memset(apOld, 0, (i+1)*sizeof(MemPage*)); goto balance_cleanup; @@ -72376,12 +72379,10 @@ if( pBt->btsFlags & BTS_FAST_SECURE ){ int iOff; + /* If the following if() condition is not true, the db is corrupted. + ** The call to dropCell() below will detect this. */ iOff = SQLITE_PTR_TO_INT(apDiv[i]) - SQLITE_PTR_TO_INT(pParent->aData); - if( (iOff+szNew[i])>(int)pBt->usableSize ){ - rc = SQLITE_CORRUPT_BKPT; - memset(apOld, 0, (i+1)*sizeof(MemPage*)); - goto balance_cleanup; - }else{ + if( (iOff+szNew[i])<=(int)pBt->usableSize ){ memcpy(&aOvflSpace[iOff], apDiv[i], szNew[i]); apDiv[i] = &aOvflSpace[apDiv[i]-pParent->aData]; } @@ -231747,7 +231748,7 @@ #endif /* !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_STMTVTAB) */ /************** End of stmt.c ************************************************/ -#if __LINE__!=231750 +#if __LINE__!=231751 #undef SQLITE_SOURCE_ID #define SQLITE_SOURCE_ID "2020-12-01 16:14:00 b7738010bc8ef02ba84820368e557306390a33c38adaa5c7703154bae3edalt2" #endif diff -Naur a/src/3rdparty/chromium/third_party/sqlite/src/src/btree.c b/src/3rdparty/chromium/third_party/sqlite/src/src/btree.c --- a/src/3rdparty/chromium/third_party/sqlite/src/src/btree.c 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/sqlite/src/src/btree.c 2021-04-30 21:16:15.270623735 +0100 @@ -7618,7 +7618,9 @@ } pgno = get4byte(pRight); while( 1 ){ - rc = getAndInitPage(pBt, pgno, &apOld[i], 0, 0); + if( rc==SQLITE_OK ){ + rc = getAndInitPage(pBt, pgno, &apOld[i], 0, 0); + } if( rc ){ memset(apOld, 0, (i+1)*sizeof(MemPage*)); goto balance_cleanup; @@ -7657,12 +7659,10 @@ if( pBt->btsFlags & BTS_FAST_SECURE ){ int iOff; + /* If the following if() condition is not true, the db is corrupted. + ** The call to dropCell() below will detect this. */ iOff = SQLITE_PTR_TO_INT(apDiv[i]) - SQLITE_PTR_TO_INT(pParent->aData); - if( (iOff+szNew[i])>(int)pBt->usableSize ){ - rc = SQLITE_CORRUPT_BKPT; - memset(apOld, 0, (i+1)*sizeof(MemPage*)); - goto balance_cleanup; - }else{ + if( (iOff+szNew[i])<=(int)pBt->usableSize ){ memcpy(&aOvflSpace[iOff], apDiv[i], szNew[i]); apDiv[i] = &aOvflSpace[apDiv[i]-pParent->aData]; } diff -Naur a/src/3rdparty/chromium/third_party/sqlite/src/src/pcache1.c b/src/3rdparty/chromium/third_party/sqlite/src/src/pcache1.c --- a/src/3rdparty/chromium/third_party/sqlite/src/src/pcache1.c 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/sqlite/src/src/pcache1.c 2021-04-30 21:16:15.270623735 +0100 @@ -461,6 +461,7 @@ p->page.pExtra = &p[1]; p->isBulkLocal = 0; p->isAnchor = 0; + p->pLruPrev = 0; /* Initializing this saves a valgrind error */ } (*pCache->pnPurgeable)++; return p; diff -Naur a/src/3rdparty/chromium/third_party/webrtc/media/sctp/sctp_transport.cc b/src/3rdparty/chromium/third_party/webrtc/media/sctp/sctp_transport.cc --- a/src/3rdparty/chromium/third_party/webrtc/media/sctp/sctp_transport.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/webrtc/media/sctp/sctp_transport.cc 2021-04-30 21:18:03.541758869 +0100 @@ -20,6 +20,7 @@ // Successful return value from usrsctp callbacks. Is not actually used by // usrsctp, but all example programs for usrsctp use 1 as their return value. constexpr int kSctpSuccessReturn = 1; +constexpr int kSctpErrorReturn = 0; } // namespace @@ -27,6 +28,7 @@ #include #include +#include #include #include @@ -79,59 +81,22 @@ PPID_TEXT_LAST = 51 }; -// Maps SCTP transport ID to SctpTransport object, necessary in send threshold -// callback and outgoing packet callback. -// TODO(crbug.com/1076703): Remove once the underlying problem is fixed or -// workaround is provided in usrsctp. -class SctpTransportMap { - public: - SctpTransportMap() = default; - - // Assigns a new unused ID to the following transport. - uintptr_t Register(cricket::SctpTransport* transport) { - webrtc::MutexLock lock(&lock_); - // usrsctp_connect fails with a value of 0... - if (next_id_ == 0) { - ++next_id_; - } - // In case we've wrapped around and need to find an empty spot from a - // removed transport. Assumes we'll never be full. - while (map_.find(next_id_) != map_.end()) { - ++next_id_; - if (next_id_ == 0) { - ++next_id_; - } - }; - map_[next_id_] = transport; - return next_id_++; - } - - // Returns true if found. - bool Deregister(uintptr_t id) { - webrtc::MutexLock lock(&lock_); - return map_.erase(id) > 0; - } - - cricket::SctpTransport* Retrieve(uintptr_t id) const { - webrtc::MutexLock lock(&lock_); - auto it = map_.find(id); - if (it == map_.end()) { - return nullptr; - } - return it->second; - } +// Should only be modified by UsrSctpWrapper. +ABSL_CONST_INIT cricket::SctpTransportMap* g_transport_map_ = nullptr; +// Helper that will call C's free automatically. +// TODO(b/181900299): Figure out why unique_ptr with a custom deleter is causing +// issues in a certain build environment. +class AutoFreedPointer { + public: + explicit AutoFreedPointer(void* ptr) : ptr_(ptr) {} + AutoFreedPointer(AutoFreedPointer&& o) : ptr_(o.ptr_) { o.ptr_ = nullptr; } + ~AutoFreedPointer() { free(ptr_); } + void* get() const { return ptr_; } private: - mutable webrtc::Mutex lock_; - - uintptr_t next_id_ RTC_GUARDED_BY(lock_) = 0; - std::unordered_map map_ - RTC_GUARDED_BY(lock_); + void* ptr_; }; -// Should only be modified by UsrSctpWrapper. -ABSL_CONST_INIT SctpTransportMap* g_transport_map_ = nullptr; - // Helper for logging SCTP messages. #if defined(__GNUC__) __attribute__((__format__(__printf__, 1, 2))) @@ -256,6 +221,71 @@ namespace cricket { +// Maps SCTP transport ID to SctpTransport object, necessary in send threshold +// callback and outgoing packet callback. It also provides a facility to +// safely post a task to an SctpTransport's network thread from another thread. +class SctpTransportMap { + public: + SctpTransportMap() = default; + + // Assigns a new unused ID to the following transport. + uintptr_t Register(cricket::SctpTransport* transport) { + webrtc::MutexLock lock(&lock_); + // usrsctp_connect fails with a value of 0... + if (next_id_ == 0) { + ++next_id_; + } + // In case we've wrapped around and need to find an empty spot from a + // removed transport. Assumes we'll never be full. + while (map_.find(next_id_) != map_.end()) { + ++next_id_; + if (next_id_ == 0) { + ++next_id_; + } + }; + map_[next_id_] = transport; + return next_id_++; + } + + // Returns true if found. + bool Deregister(uintptr_t id) { + webrtc::MutexLock lock(&lock_); + return map_.erase(id) > 0; + } + + // Posts |action| to the network thread of the transport identified by |id| + // and returns true if found, all while holding a lock to protect against the + // transport being simultaneously deleted/deregistered, or returns false if + // not found. + template + bool PostToTransportThread(uintptr_t id, F action) const { + webrtc::MutexLock lock(&lock_); + SctpTransport* transport = RetrieveWhileHoldingLock(id); + if (!transport) { + return false; + } + transport->invoker_.AsyncInvoke( + RTC_FROM_HERE, transport->network_thread_, + [transport, action{std::move(action)}]() { action(transport); }); + return true; + } + + private: + SctpTransport* RetrieveWhileHoldingLock(uintptr_t id) const + RTC_EXCLUSIVE_LOCKS_REQUIRED(lock_) { + auto it = map_.find(id); + if (it == map_.end()) { + return nullptr; + } + return it->second; + } + + mutable webrtc::Mutex lock_; + + uintptr_t next_id_ RTC_GUARDED_BY(lock_) = 0; + std::unordered_map map_ RTC_GUARDED_BY(lock_); +}; + // Handles global init/deinit, and mapping from usrsctp callbacks to // SctpTransport calls. class SctpTransport::UsrSctpWrapper { @@ -357,14 +387,6 @@ << "OnSctpOutboundPacket called after usrsctp uninitialized?"; return EINVAL; } - SctpTransport* transport = - g_transport_map_->Retrieve(reinterpret_cast(addr)); - if (!transport) { - RTC_LOG(LS_ERROR) - << "OnSctpOutboundPacket: Failed to get transport for socket ID " - << addr; - return EINVAL; - } RTC_LOG(LS_VERBOSE) << "global OnSctpOutboundPacket():" "addr: " << addr << "; length: " << length @@ -372,13 +394,23 @@ << "; set_df: " << rtc::ToHex(set_df); VerboseLogPacket(data, length, SCTP_DUMP_OUTBOUND); + // Note: We have to copy the data; the caller will delete it. rtc::CopyOnWriteBuffer buf(reinterpret_cast(data), length); - // TODO(deadbeef): Why do we need an AsyncInvoke here? We're already on the - // right thread and don't need to unwind the stack. - transport->invoker_.AsyncInvoke( - RTC_FROM_HERE, transport->network_thread_, - rtc::Bind(&SctpTransport::OnPacketFromSctpToNetwork, transport, buf)); + + // PostsToTransportThread protects against the transport being + // simultaneously deregistered/deleted, since this callback may come from + // the SCTP timer thread and thus race with the network thread. + bool found = g_transport_map_->PostToTransportThread( + reinterpret_cast(addr), [buf](SctpTransport* transport) { + transport->OnPacketFromSctpToNetwork(buf); + }); + if (!found) { + RTC_LOG(LS_ERROR) + << "OnSctpOutboundPacket: Failed to get transport for socket ID " + << addr << "; possibly was already destroyed."; + return EINVAL; + } return 0; } @@ -393,28 +425,45 @@ struct sctp_rcvinfo rcv, int flags, void* ulp_info) { - SctpTransport* transport = GetTransportFromSocket(sock); - if (!transport) { + AutoFreedPointer owned_data(data); + absl::optional id = GetTransportIdFromSocket(sock); + if (!id) { RTC_LOG(LS_ERROR) - << "OnSctpInboundPacket: Failed to get transport for socket " << sock - << "; possibly was already destroyed."; - free(data); - return 0; + << "OnSctpInboundPacket: Failed to get transport ID from socket " + << sock; + return kSctpErrorReturn; } - // Sanity check that both methods of getting the SctpTransport pointer - // yield the same result. - RTC_CHECK_EQ(transport, static_cast(ulp_info)); - int result = - transport->OnDataOrNotificationFromSctp(data, length, rcv, flags); - free(data); - return result; + + if (!g_transport_map_) { + RTC_LOG(LS_ERROR) + << "OnSctpInboundPacket called after usrsctp uninitialized?"; + return kSctpErrorReturn; + } + // PostsToTransportThread protects against the transport being + // simultaneously deregistered/deleted, since this callback may come from + // the SCTP timer thread and thus race with the network thread. + bool found = g_transport_map_->PostToTransportThread( + *id, [owned_data{std::move(owned_data)}, length, rcv, + flags](SctpTransport* transport) { + transport->OnDataOrNotificationFromSctp(owned_data.get(), length, rcv, + flags); + }); + if (!found) { + RTC_LOG(LS_ERROR) + << "OnSctpInboundPacket: Failed to get transport for socket ID " + << *id << "; possibly was already destroyed."; + return kSctpErrorReturn; + } + return kSctpSuccessReturn; } - static SctpTransport* GetTransportFromSocket(struct socket* sock) { + static absl::optional GetTransportIdFromSocket( + struct socket* sock) { + absl::optional ret; struct sockaddr* addrs = nullptr; int naddrs = usrsctp_getladdrs(sock, 0, &addrs); if (naddrs <= 0 || addrs[0].sa_family != AF_CONN) { - return nullptr; + return ret; } // usrsctp_getladdrs() returns the addresses bound to this socket, which // contains the SctpTransport id as sconn_addr. Read the id, @@ -423,17 +472,10 @@ // id of the transport that created them, so [0] is as good as any other. struct sockaddr_conn* sconn = reinterpret_cast(&addrs[0]); - if (!g_transport_map_) { - RTC_LOG(LS_ERROR) - << "GetTransportFromSocket called after usrsctp uninitialized?"; - usrsctp_freeladdrs(addrs); - return nullptr; - } - SctpTransport* transport = g_transport_map_->Retrieve( - reinterpret_cast(sconn->sconn_addr)); + ret = reinterpret_cast(sconn->sconn_addr); usrsctp_freeladdrs(addrs); - return transport; + return ret; } // TODO(crbug.com/webrtc/11899): This is a legacy callback signature, remove @@ -442,14 +484,26 @@ // Fired on our I/O thread. SctpTransport::OnPacketReceived() gets // a packet containing acknowledgments, which goes into usrsctp_conninput, // and then back here. - SctpTransport* transport = GetTransportFromSocket(sock); - if (!transport) { + absl::optional id = GetTransportIdFromSocket(sock); + if (!id) { + RTC_LOG(LS_ERROR) + << "SendThresholdCallback: Failed to get transport ID from socket " + << sock; + return 0; + } + if (!g_transport_map_) { RTC_LOG(LS_ERROR) - << "SendThresholdCallback: Failed to get transport for socket " - << sock << "; possibly was already destroyed."; + << "SendThresholdCallback called after usrsctp uninitialized?"; return 0; } - transport->OnSendThresholdCallback(); + bool found = g_transport_map_->PostToTransportThread( + *id, + [](SctpTransport* transport) { transport->OnSendThresholdCallback(); }); + if (!found) { + RTC_LOG(LS_ERROR) + << "SendThresholdCallback: Failed to get transport for socket ID " + << *id << "; possibly was already destroyed."; + } return 0; } @@ -459,17 +513,26 @@ // Fired on our I/O thread. SctpTransport::OnPacketReceived() gets // a packet containing acknowledgments, which goes into usrsctp_conninput, // and then back here. - SctpTransport* transport = GetTransportFromSocket(sock); - if (!transport) { + absl::optional id = GetTransportIdFromSocket(sock); + if (!id) { RTC_LOG(LS_ERROR) - << "SendThresholdCallback: Failed to get transport for socket " - << sock << "; possibly was already destroyed."; + << "SendThresholdCallback: Failed to get transport ID from socket " + << sock; return 0; } - // Sanity check that both methods of getting the SctpTransport pointer - // yield the same result. - RTC_CHECK_EQ(transport, static_cast(ulp_info)); - transport->OnSendThresholdCallback(); + if (!g_transport_map_) { + RTC_LOG(LS_ERROR) + << "SendThresholdCallback called after usrsctp uninitialized?"; + return 0; + } + bool found = g_transport_map_->PostToTransportThread( + *id, + [](SctpTransport* transport) { transport->OnSendThresholdCallback(); }); + if (!found) { + RTC_LOG(LS_ERROR) + << "SendThresholdCallback: Failed to get transport for socket ID " + << *id << "; possibly was already destroyed."; + } return 0; } }; @@ -1120,24 +1183,25 @@ rtc::PacketOptions(), PF_NORMAL); } -int SctpTransport::InjectDataOrNotificationFromSctpForTesting( +void SctpTransport::InjectDataOrNotificationFromSctpForTesting( void* data, size_t length, struct sctp_rcvinfo rcv, int flags) { - return OnDataOrNotificationFromSctp(data, length, rcv, flags); + OnDataOrNotificationFromSctp(data, length, rcv, flags); } -int SctpTransport::OnDataOrNotificationFromSctp(void* data, - size_t length, - struct sctp_rcvinfo rcv, - int flags) { +void SctpTransport::OnDataOrNotificationFromSctp(void* data, + size_t length, + struct sctp_rcvinfo rcv, + int flags) { + RTC_DCHECK_RUN_ON(network_thread_); // If data is NULL, the SCTP association has been closed. if (!data) { RTC_LOG(LS_INFO) << debug_name_ << "->OnDataOrNotificationFromSctp(...): " "No data; association closed."; - return kSctpSuccessReturn; + return; } // Handle notifications early. @@ -1150,13 +1214,10 @@ << "->OnDataOrNotificationFromSctp(...): SCTP notification" << " length=" << length; - // Copy and dispatch asynchronously rtc::CopyOnWriteBuffer notification(reinterpret_cast(data), length); - invoker_.AsyncInvoke( - RTC_FROM_HERE, network_thread_, - rtc::Bind(&SctpTransport::OnNotificationFromSctp, this, notification)); - return kSctpSuccessReturn; + OnNotificationFromSctp(notification); + return; } // Log data chunk @@ -1174,7 +1235,7 @@ // Unexpected PPID, dropping RTC_LOG(LS_ERROR) << "Received an unknown PPID " << ppid << " on an SCTP packet. Dropping."; - return kSctpSuccessReturn; + return; } // Expect only continuation messages belonging to the same SID. The SCTP @@ -1210,7 +1271,7 @@ if (partial_incoming_message_.size() < kSctpSendBufferSize) { // We still have space in the buffer. Continue buffering chunks until // the message is complete before handing it out. - return kSctpSuccessReturn; + return; } else { // The sender is exceeding the maximum message size that we announced. // Spit out a warning but still hand out the partial message. Note that @@ -1224,17 +1285,11 @@ } } - // Dispatch the complete message. - // The ownership of the packet transfers to |invoker_|. Using - // CopyOnWriteBuffer is the most convenient way to do this. - invoker_.AsyncInvoke( - RTC_FROM_HERE, network_thread_, - rtc::Bind(&SctpTransport::OnDataFromSctpToTransport, this, params, - partial_incoming_message_)); + // Dispatch the complete message and reset the message buffer. - // Reset the message buffer + // Dispatch the complete message and reset the message buffer. + OnDataFromSctpToTransport(params, partial_incoming_message_); partial_incoming_message_.Clear(); - return kSctpSuccessReturn; } void SctpTransport::OnDataFromSctpToTransport( diff -Naur a/src/3rdparty/chromium/third_party/webrtc/media/sctp/sctp_transport.h b/src/3rdparty/chromium/third_party/webrtc/media/sctp/sctp_transport.h --- a/src/3rdparty/chromium/third_party/webrtc/media/sctp/sctp_transport.h 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/third_party/webrtc/media/sctp/sctp_transport.h 2021-04-30 21:18:03.542760600 +0100 @@ -96,10 +96,10 @@ void set_debug_name_for_testing(const char* debug_name) override { debug_name_ = debug_name; } - int InjectDataOrNotificationFromSctpForTesting(void* data, - size_t length, - struct sctp_rcvinfo rcv, - int flags); + void InjectDataOrNotificationFromSctpForTesting(void* data, + size_t length, + struct sctp_rcvinfo rcv, + int flags); // Exposed to allow Post call from c-callbacks. // TODO(deadbeef): Remove this or at least make it return a const pointer. @@ -180,12 +180,12 @@ // Called using |invoker_| to send packet on the network. void OnPacketFromSctpToNetwork(const rtc::CopyOnWriteBuffer& buffer); - // Called on the SCTP thread. + // Called on the network thread. // Flags are standard socket API flags (RFC 6458). - int OnDataOrNotificationFromSctp(void* data, - size_t length, - struct sctp_rcvinfo rcv, - int flags); + void OnDataOrNotificationFromSctp(void* data, + size_t length, + struct sctp_rcvinfo rcv, + int flags); // Called using |invoker_| to decide what to do with the data. void OnDataFromSctpToTransport(const ReceiveDataParams& params, const rtc::CopyOnWriteBuffer& buffer); @@ -281,6 +281,8 @@ // various callbacks. uintptr_t id_ = 0; + friend class SctpTransportMap; + RTC_DISALLOW_COPY_AND_ASSIGN(SctpTransport); }; @@ -299,6 +301,8 @@ rtc::Thread* network_thread_; }; +class SctpTransportMap; + } // namespace cricket #endif // MEDIA_SCTP_SCTP_TRANSPORT_H_ diff -Naur a/src/3rdparty/chromium/tools/metrics/histograms/enums.xml b/src/3rdparty/chromium/tools/metrics/histograms/enums.xml --- a/src/3rdparty/chromium/tools/metrics/histograms/enums.xml 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/tools/metrics/histograms/enums.xml 2021-04-30 21:19:25.182866837 +0100 @@ -8777,6 +8777,8 @@ + + diff -Naur a/src/3rdparty/chromium/ui/views/win/hwnd_message_handler.cc b/src/3rdparty/chromium/ui/views/win/hwnd_message_handler.cc --- a/src/3rdparty/chromium/ui/views/win/hwnd_message_handler.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/ui/views/win/hwnd_message_handler.cc 2021-04-30 21:22:19.598325383 +0100 @@ -1661,7 +1661,13 @@ const gfx::Size& screen_size) { TRACE_EVENT0("ui", "HWNDMessageHandler::OnDisplayChange"); + base::WeakPtr ref(msg_handler_weak_factory_.GetWeakPtr()); delegate_->HandleDisplayChange(); + + // HandleDisplayChange() may result in |this| being deleted. + if (!ref) + return; + // Force a WM_NCCALCSIZE to occur to ensure that we handle auto hide // taskbars correctly. SendFrameChanged(); diff -Naur a/src/3rdparty/chromium/url/origin.cc b/src/3rdparty/chromium/url/origin.cc --- a/src/3rdparty/chromium/url/origin.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/url/origin.cc 2021-04-30 20:10:44.929638395 +0100 @@ -54,7 +54,10 @@ if (!tuple.IsValid()) return Origin(); - return Origin(std::move(tuple)); + + Origin origin = Origin(std::move(tuple)); + origin.full_url_ = url; + return origin; } Origin Origin::Resolve(const GURL& url, const Origin& base_origin) { @@ -152,6 +155,17 @@ return tuple_.GetURL(); } +GURL Origin::GetFullURL() const { + if (opaque()) + return GURL(); + + return full_url_; +} + +void Origin::SetFullURL(const GURL &url) { + full_url_ = url; +} + base::Optional Origin::GetNonceForSerialization() const { // TODO(nasko): Consider not making a copy here, but return a reference to diff -Naur a/src/3rdparty/chromium/url/origin.h b/src/3rdparty/chromium/url/origin.h --- a/src/3rdparty/chromium/url/origin.h 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/url/origin.h 2021-04-30 20:10:44.930640127 +0100 @@ -20,6 +20,7 @@ #include "base/unguessable_token.h" #include "build/build_config.h" #include "ipc/ipc_param_traits.h" +#include "url/gurl.h" #include "url/scheme_host_port.h" #include "url/third_party/mozilla/url_parse.h" #include "url/url_canon.h" @@ -260,6 +261,9 @@ // URL (e.g. with a path component). GURL GetURL() const; + GURL GetFullURL() const; + void SetFullURL(const GURL &url); + // Same as GURL::DomainIs. If |this| origin is opaque, then returns false. bool DomainIs(base::StringPiece canonical_domain) const; @@ -414,6 +418,8 @@ // nonce is preserved when an opaque origin is copied or moved. An Origin // is considered opaque if and only if |nonce_| holds a value. base::Optional nonce_; + + GURL full_url_; }; // Pretty-printers for logging. These expose the internal state of the nonce. diff -Naur a/src/3rdparty/chromium/v8/AUTHORS b/src/3rdparty/chromium/v8/AUTHORS --- a/src/3rdparty/chromium/v8/AUTHORS 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/v8/AUTHORS 2021-04-30 21:21:55.406512413 +0100 @@ -69,6 +69,7 @@ Ben Noordhuis Benjamin Tan Bert Belder +Brendon Tiszka Burcu Dogan Caitlin Potter Craig Schlenter diff -Naur a/src/3rdparty/chromium/v8/src/builtins/builtins-array.cc b/src/3rdparty/chromium/v8/src/builtins/builtins-array.cc --- a/src/3rdparty/chromium/v8/src/builtins/builtins-array.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/v8/src/builtins/builtins-array.cc 2021-04-30 21:21:55.406512413 +0100 @@ -649,11 +649,14 @@ index_offset_(0u), bit_field_(FastElementsField::encode(fast_elements) | ExceedsLimitField::encode(false) | - IsFixedArrayField::encode(storage->IsFixedArray()) | + IsFixedArrayField::encode(storage->IsFixedArray(isolate)) | HasSimpleElementsField::encode( - storage->IsFixedArray() || - !storage->map().IsCustomElementsReceiverMap())) { - DCHECK(!(this->fast_elements() && !is_fixed_array())); + storage->IsFixedArray(isolate) || + // Don't take fast path for storages that might have + // side effects when storing to them. + (!storage->map(isolate).IsCustomElementsReceiverMap() && + !storage->IsJSTypedArray(isolate)))) { + DCHECK_IMPLIES(this->fast_elements(), is_fixed_array()); } ~ArrayConcatVisitor() { clear_storage(); } @@ -1063,8 +1066,8 @@ return IterateElementsSlow(isolate, receiver, length, visitor); } - if (!HasOnlySimpleElements(isolate, *receiver) || - !visitor->has_simple_elements()) { + if (!visitor->has_simple_elements() || + !HasOnlySimpleElements(isolate, *receiver)) { return IterateElementsSlow(isolate, receiver, length, visitor); } Handle array = Handle::cast(receiver); @@ -1080,6 +1083,9 @@ case HOLEY_SEALED_ELEMENTS: case HOLEY_NONEXTENSIBLE_ELEMENTS: case HOLEY_ELEMENTS: { + // Disallow execution so the cached elements won't change mid execution. + DisallowJavascriptExecution no_js(isolate); + // Run through the elements FixedArray and use HasElement and GetElement // to check the prototype for missing elements. Handle elements(FixedArray::cast(array->elements()), isolate); @@ -1106,6 +1112,9 @@ } case HOLEY_DOUBLE_ELEMENTS: case PACKED_DOUBLE_ELEMENTS: { + // Disallow execution so the cached elements won't change mid execution. + DisallowJavascriptExecution no_js(isolate); + // Empty array is FixedArray but not FixedDoubleArray. if (length == 0) break; // Run through the elements FixedArray and use HasElement and GetElement @@ -1142,6 +1151,9 @@ } case DICTIONARY_ELEMENTS: { + // Disallow execution so the cached dictionary won't change mid execution. + DisallowJavascriptExecution no_js(isolate); + Handle dict(array->element_dictionary(), isolate); std::vector indices; indices.reserve(dict->Capacity() / 2); diff -Naur a/src/3rdparty/chromium/v8/src/compiler/backend/x64/instruction-selector-x64.cc b/src/3rdparty/chromium/v8/src/compiler/backend/x64/instruction-selector-x64.cc --- a/src/3rdparty/chromium/v8/src/compiler/backend/x64/instruction-selector-x64.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/v8/src/compiler/backend/x64/instruction-selector-x64.cc 2021-04-30 20:09:58.530432989 +0100 @@ -1279,7 +1279,9 @@ opcode = load_rep.IsSigned() ? kX64Movsxwq : kX64Movzxwq; break; case MachineRepresentation::kWord32: - opcode = load_rep.IsSigned() ? kX64Movsxlq : kX64Movl; + // ChangeInt32ToInt64 must interpret its input as a _signed_ 32-bit + // integer, so here we must sign-extend the loaded value in any case. + opcode = kX64Movsxlq; break; default: UNREACHABLE(); diff -Naur a/src/3rdparty/chromium/v8/src/compiler/js-call-reducer.cc b/src/3rdparty/chromium/v8/src/compiler/js-call-reducer.cc --- a/src/3rdparty/chromium/v8/src/compiler/js-call-reducer.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/v8/src/compiler/js-call-reducer.cc 2021-04-30 21:26:06.294177911 +0100 @@ -5251,24 +5251,31 @@ } // Compute the new {length}. - length = graph()->NewNode(simplified()->NumberSubtract(), length, - jsgraph()->OneConstant()); + Node* new_length = graph()->NewNode(simplified()->NumberSubtract(), + length, jsgraph()->OneConstant()); + + // This extra check exists solely to break an exploitation technique + // that abuses typer mismatches. + new_length = efalse = graph()->NewNode( + simplified()->CheckBounds(p.feedback(), + CheckBoundsFlag::kAbortOnOutOfBounds), + new_length, length, efalse, if_false); // Store the new {length} to the {receiver}. efalse = graph()->NewNode( simplified()->StoreField(AccessBuilder::ForJSArrayLength(kind)), - receiver, length, efalse, if_false); + receiver, new_length, efalse, if_false); // Load the last entry from the {elements}. vfalse = efalse = graph()->NewNode( simplified()->LoadElement(AccessBuilder::ForFixedArrayElement(kind)), - elements, length, efalse, if_false); + elements, new_length, efalse, if_false); // Store a hole to the element we just removed from the {receiver}. efalse = graph()->NewNode( simplified()->StoreElement( AccessBuilder::ForFixedArrayElement(GetHoleyElementsKind(kind))), - elements, length, jsgraph()->TheHoleConstant(), efalse, if_false); + elements, new_length, jsgraph()->TheHoleConstant(), efalse, if_false); } control = graph()->NewNode(common()->Merge(2), if_true, if_false); @@ -5444,19 +5451,27 @@ } // Compute the new {length}. - length = graph()->NewNode(simplified()->NumberSubtract(), length, - jsgraph()->OneConstant()); + Node* new_length = graph()->NewNode(simplified()->NumberSubtract(), + length, jsgraph()->OneConstant()); + + // This extra check exists solely to break an exploitation technique + // that abuses typer mismatches. + new_length = etrue1 = graph()->NewNode( + simplified()->CheckBounds(p.feedback(), + CheckBoundsFlag::kAbortOnOutOfBounds), + new_length, length, etrue1, if_true1); // Store the new {length} to the {receiver}. etrue1 = graph()->NewNode( simplified()->StoreField(AccessBuilder::ForJSArrayLength(kind)), - receiver, length, etrue1, if_true1); + receiver, new_length, etrue1, if_true1); // Store a hole to the element we just removed from the {receiver}. etrue1 = graph()->NewNode( simplified()->StoreElement(AccessBuilder::ForFixedArrayElement( GetHoleyElementsKind(kind))), - elements, length, jsgraph()->TheHoleConstant(), etrue1, if_true1); + elements, new_length, jsgraph()->TheHoleConstant(), etrue1, + if_true1); } Node* if_false1 = graph()->NewNode(common()->IfFalse(), branch1); diff -Naur a/src/3rdparty/chromium/v8/src/compiler/representation-change.cc b/src/3rdparty/chromium/v8/src/compiler/representation-change.cc --- a/src/3rdparty/chromium/v8/src/compiler/representation-change.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/v8/src/compiler/representation-change.cc 2021-04-30 21:26:31.349488557 +0100 @@ -211,7 +211,10 @@ return GetFloat32RepresentationFor(node, output_rep, output_type, use_info.truncation()); case MachineRepresentation::kFloat64: - DCHECK_NE(TypeCheckKind::kBigInt, use_info.type_check()); + DCHECK(use_info.type_check() == TypeCheckKind::kNone || + use_info.type_check() == TypeCheckKind::kNumber || + use_info.type_check() == TypeCheckKind::kNumberOrBoolean || + use_info.type_check() == TypeCheckKind::kNumberOrOddball); return GetFloat64RepresentationFor(node, output_rep, output_type, use_node, use_info); case MachineRepresentation::kBit: @@ -727,15 +730,22 @@ } } else if (IsAnyTagged(output_rep)) { if (output_type.Is(Type::Undefined())) { - if (use_info.type_check() == TypeCheckKind::kNumberOrBoolean) { + if (use_info.type_check() == TypeCheckKind::kNumberOrOddball || + (use_info.type_check() == TypeCheckKind::kNone && + use_info.truncation().TruncatesOddballAndBigIntToNumber())) { + return jsgraph()->Float64Constant( + std::numeric_limits::quiet_NaN()); + } else { + DCHECK(use_info.type_check() == TypeCheckKind::kNone || + use_info.type_check() == TypeCheckKind::kNumber || + use_info.type_check() == TypeCheckKind::kNumberOrBoolean); Node* unreachable = InsertUnconditionalDeopt( - use_node, DeoptimizeReason::kNotANumberOrBoolean); + use_node, use_info.type_check() == TypeCheckKind::kNumber + ? DeoptimizeReason::kNotANumber + : DeoptimizeReason::kNotANumberOrBoolean); return jsgraph()->graph()->NewNode( jsgraph()->common()->DeadValue(MachineRepresentation::kFloat64), unreachable); - } else { - return jsgraph()->Float64Constant( - std::numeric_limits::quiet_NaN()); } } else if (output_rep == MachineRepresentation::kTaggedSigned) { node = InsertChangeTaggedSignedToInt32(node); @@ -747,12 +757,13 @@ output_type.Is(Type::NumberOrHole())) { // JavaScript 'null' is an Oddball that results in +0 when truncated to // Number. In a context like -0 == null, which must evaluate to false, - // this truncation must not happen. For this reason we restrict this case - // to when either the user explicitly requested a float (and thus wants - // +0 if null is the input) or we know from the types that the input can - // only be Number | Hole. The latter is necessary to handle the operator - // CheckFloat64Hole. We did not put in the type (Number | Oddball \ Null) - // to discover more bugs related to this conversion via crashes. + // this truncation must not happen. For this reason we restrict this + // case to when either the user explicitly requested a float (and thus + // wants +0 if null is the input) or we know from the types that the + // input can only be Number | Hole. The latter is necessary to handle + // the operator CheckFloat64Hole. We did not put in the type (Number | + // Oddball \ Null) to discover more bugs related to this conversion via + // crashes. op = simplified()->TruncateTaggedToFloat64(); } else if (use_info.type_check() == TypeCheckKind::kNumber || (use_info.type_check() == TypeCheckKind::kNumberOrOddball && @@ -949,10 +960,10 @@ return node; } else if (output_rep == MachineRepresentation::kWord64) { if (output_type.Is(Type::Signed32()) || - output_type.Is(Type::Unsigned32())) { - op = machine()->TruncateInt64ToInt32(); - } else if (output_type.Is(cache_->kSafeInteger) && - use_info.truncation().IsUsedAsWord32()) { + (output_type.Is(Type::Unsigned32()) && + use_info.type_check() == TypeCheckKind::kNone) || + (output_type.Is(cache_->kSafeInteger) && + use_info.truncation().IsUsedAsWord32())) { op = machine()->TruncateInt64ToInt32(); } else if (use_info.type_check() == TypeCheckKind::kSignedSmall || use_info.type_check() == TypeCheckKind::kSigned32 || diff -Naur a/src/3rdparty/chromium/v8/src/compiler/simplified-lowering.cc b/src/3rdparty/chromium/v8/src/compiler/simplified-lowering.cc --- a/src/3rdparty/chromium/v8/src/compiler/simplified-lowering.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/v8/src/compiler/simplified-lowering.cc 2021-04-30 21:24:53.213851142 +0100 @@ -1453,10 +1453,15 @@ Type right_feedback_type = TypeOf(node->InputAt(1)); // Using Signed32 as restriction type amounts to promising there won't be - // signed overflow. This is incompatible with relying on a Word32 - // truncation in order to skip the overflow check. + // signed overflow. This is incompatible with relying on a Word32 truncation + // in order to skip the overflow check. Similarly, we must not drop -0 from + // the result type unless we deopt for -0 inputs. Type const restriction = - truncation.IsUsedAsWord32() ? Type::Any() : Type::Signed32(); + truncation.IsUsedAsWord32() + ? Type::Any() + : (truncation.identify_zeros() == kIdentifyZeros) + ? Type::Signed32OrMinusZero() + : Type::Signed32(); // Handle the case when no int32 checks on inputs are necessary (but // an overflow check is needed on the output). Note that we do not diff -Naur a/src/3rdparty/chromium/v8/src/compiler/type-cache.h b/src/3rdparty/chromium/v8/src/compiler/type-cache.h --- a/src/3rdparty/chromium/v8/src/compiler/type-cache.h 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/v8/src/compiler/type-cache.h 2021-04-30 21:25:41.333030031 +0100 @@ -80,7 +80,7 @@ Type::Union(kPositiveIntegerOrMinusZero, Type::NaN(), zone()); Type const kAdditiveSafeInteger = - CreateRange(-4503599627370496.0, 4503599627370496.0); + CreateRange(-4503599627370495.0, 4503599627370495.0); Type const kSafeInteger = CreateRange(-kMaxSafeInteger, kMaxSafeInteger); Type const kAdditiveSafeIntegerOrMinusZero = Type::Union(kAdditiveSafeInteger, Type::MinusZero(), zone()); diff -Naur a/src/3rdparty/chromium/v8/src/deoptimizer/deoptimize-reason.h b/src/3rdparty/chromium/v8/src/deoptimizer/deoptimize-reason.h --- a/src/3rdparty/chromium/v8/src/deoptimizer/deoptimize-reason.h 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/v8/src/deoptimizer/deoptimize-reason.h 2021-04-30 21:26:31.349488557 +0100 @@ -43,6 +43,7 @@ V(NotAJavaScriptObject, "not a JavaScript object") \ V(NotAJavaScriptObjectOrNullOrUndefined, \ "not a JavaScript object, Null or Undefined") \ + V(NotANumber, "not a Number") \ V(NotANumberOrBoolean, "not a Number or Boolean") \ V(NotANumberOrOddball, "not a Number or Oddball") \ V(NotAnArrayIndex, "not an array index") \ diff -Naur a/src/3rdparty/chromium/v8/src/heap/memory-chunk-layout.cc b/src/3rdparty/chromium/v8/src/heap/memory-chunk-layout.cc --- a/src/3rdparty/chromium/v8/src/heap/memory-chunk-layout.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/v8/src/heap/memory-chunk-layout.cc 2021-04-30 21:16:58.934091394 +0100 @@ -42,7 +42,7 @@ } intptr_t MemoryChunkLayout::ObjectStartOffsetInDataPage() { - return RoundUp(MemoryChunk::kHeaderSize + Bitmap::kSize, kTaggedSize); + return RoundUp(MemoryChunk::kHeaderSize + Bitmap::kSize, kDoubleSize); } size_t MemoryChunkLayout::ObjectStartOffsetInMemoryChunk( diff -Naur a/src/3rdparty/chromium/v8/src/objects/fixed-array-inl.h b/src/3rdparty/chromium/v8/src/objects/fixed-array-inl.h --- a/src/3rdparty/chromium/v8/src/objects/fixed-array-inl.h 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/v8/src/objects/fixed-array-inl.h 2021-04-30 21:21:35.277721939 +0100 @@ -336,7 +336,7 @@ double FixedDoubleArray::get_scalar(int index) { DCHECK(map() != GetReadOnlyRoots().fixed_cow_array_map() && map() != GetReadOnlyRoots().fixed_array_map()); - DCHECK(index >= 0 && index < this->length()); + DCHECK_LT(static_cast(index), static_cast(length())); DCHECK(!is_the_hole(index)); return ReadField(kHeaderSize + index * kDoubleSize); } @@ -344,7 +344,7 @@ uint64_t FixedDoubleArray::get_representation(int index) { DCHECK(map() != GetReadOnlyRoots().fixed_cow_array_map() && map() != GetReadOnlyRoots().fixed_array_map()); - DCHECK(index >= 0 && index < this->length()); + DCHECK_LT(static_cast(index), static_cast(length())); int offset = kHeaderSize + index * kDoubleSize; // Bug(v8:8875): Doubles may be unaligned. return base::ReadUnalignedValue(field_address(offset)); @@ -362,6 +362,7 @@ void FixedDoubleArray::set(int index, double value) { DCHECK(map() != GetReadOnlyRoots().fixed_cow_array_map() && map() != GetReadOnlyRoots().fixed_array_map()); + DCHECK_LT(static_cast(index), static_cast(length())); int offset = kHeaderSize + index * kDoubleSize; if (std::isnan(value)) { WriteField(offset, std::numeric_limits::quiet_NaN()); @@ -378,6 +379,7 @@ void FixedDoubleArray::set_the_hole(int index) { DCHECK(map() != GetReadOnlyRoots().fixed_cow_array_map() && map() != GetReadOnlyRoots().fixed_array_map()); + DCHECK_LT(static_cast(index), static_cast(length())); int offset = kHeaderSize + index * kDoubleSize; base::WriteUnalignedValue(field_address(offset), kHoleNanInt64); } diff -Naur a/src/3rdparty/chromium/v8/src/objects/js-list-format.cc b/src/3rdparty/chromium/v8/src/objects/js-list-format.cc --- a/src/3rdparty/chromium/v8/src/objects/js-list-format.cc 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/v8/src/objects/js-list-format.cc 2021-04-30 21:24:17.541187323 +0100 @@ -28,6 +28,35 @@ namespace v8 { namespace internal { +#if U_ICU_VERSION_MAJOR_NUM >= 67 +namespace { + +UListFormatterWidth GetIcuWidth(JSListFormat::Style style) { + switch (style) { + case JSListFormat::Style::LONG: + return ULISTFMT_WIDTH_WIDE; + case JSListFormat::Style::SHORT: + return ULISTFMT_WIDTH_SHORT; + case JSListFormat::Style::NARROW: + return ULISTFMT_WIDTH_NARROW; + } + UNREACHABLE(); +} + +UListFormatterType GetIcuType(JSListFormat::Type type) { + switch (type) { + case JSListFormat::Type::CONJUNCTION: + return ULISTFMT_TYPE_AND; + case JSListFormat::Type::DISJUNCTION: + return ULISTFMT_TYPE_OR; + case JSListFormat::Type::UNIT: + return ULISTFMT_TYPE_UNITS; + } + UNREACHABLE(); +} + +} // namespace +#else namespace { const char* kStandard = "standard"; const char* kOr = "or"; @@ -74,7 +103,7 @@ } } // namespace - +#endif MaybeHandle JSListFormat::New(Isolate* isolate, Handle map, Handle locales, Handle input_options) { @@ -143,7 +172,11 @@ icu::Locale icu_locale = r.icu_locale; UErrorCode status = U_ZERO_ERROR; icu::ListFormatter* formatter = icu::ListFormatter::createInstance( +#if U_ICU_VERSION_MAJOR_NUM >= 67 + icu_locale, GetIcuType(type_enum), GetIcuWidth(style_enum), status); +#else icu_locale, GetIcuStyleString(style_enum, type_enum), status); +#endif if (U_FAILURE(status) || formatter == nullptr) { delete formatter; THROW_NEW_ERROR(isolate, NewRangeError(MessageTemplate::kIcuError), diff -Naur a/src/3rdparty/chromium/v8/tools/v8heapconst.py b/src/3rdparty/chromium/v8/tools/v8heapconst.py --- a/src/3rdparty/chromium/v8/tools/v8heapconst.py 2021-04-01 12:19:23.000000000 +0100 +++ b/src/3rdparty/chromium/v8/tools/v8heapconst.py 2021-04-30 21:16:58.935093125 +0100 @@ -205,266 +205,266 @@ # List of known V8 maps. KNOWN_MAPS = { - ("read_only_space", 0x02115): (170, "MetaMap"), - ("read_only_space", 0x0213d): (67, "NullMap"), - ("read_only_space", 0x02165): (162, "DescriptorArrayMap"), - ("read_only_space", 0x0218d): (156, "WeakFixedArrayMap"), - ("read_only_space", 0x021cd): (96, "EnumCacheMap"), - ("read_only_space", 0x02201): (117, "FixedArrayMap"), - ("read_only_space", 0x0224d): (8, "OneByteInternalizedStringMap"), - ("read_only_space", 0x02299): (167, "FreeSpaceMap"), - ("read_only_space", 0x022c1): (166, "OnePointerFillerMap"), - ("read_only_space", 0x022e9): (166, "TwoPointerFillerMap"), - ("read_only_space", 0x02311): (67, "UninitializedMap"), - ("read_only_space", 0x02389): (67, "UndefinedMap"), - ("read_only_space", 0x023cd): (66, "HeapNumberMap"), - ("read_only_space", 0x02401): (67, "TheHoleMap"), - ("read_only_space", 0x02461): (67, "BooleanMap"), - ("read_only_space", 0x02505): (131, "ByteArrayMap"), - ("read_only_space", 0x0252d): (117, "FixedCOWArrayMap"), - ("read_only_space", 0x02555): (118, "HashTableMap"), - ("read_only_space", 0x0257d): (64, "SymbolMap"), - ("read_only_space", 0x025a5): (40, "OneByteStringMap"), - ("read_only_space", 0x025cd): (129, "ScopeInfoMap"), - ("read_only_space", 0x025f5): (175, "SharedFunctionInfoMap"), - ("read_only_space", 0x0261d): (159, "CodeMap"), - ("read_only_space", 0x02645): (158, "CellMap"), - ("read_only_space", 0x0266d): (174, "GlobalPropertyCellMap"), - ("read_only_space", 0x02695): (70, "ForeignMap"), - ("read_only_space", 0x026bd): (157, "TransitionArrayMap"), - ("read_only_space", 0x026e5): (45, "ThinOneByteStringMap"), - ("read_only_space", 0x0270d): (165, "FeedbackVectorMap"), - ("read_only_space", 0x0273d): (67, "ArgumentsMarkerMap"), - ("read_only_space", 0x0279d): (67, "ExceptionMap"), - ("read_only_space", 0x027f9): (67, "TerminationExceptionMap"), - ("read_only_space", 0x02861): (67, "OptimizedOutMap"), - ("read_only_space", 0x028c1): (67, "StaleRegisterMap"), - ("read_only_space", 0x02921): (130, "ScriptContextTableMap"), - ("read_only_space", 0x02949): (127, "ClosureFeedbackCellArrayMap"), - ("read_only_space", 0x02971): (164, "FeedbackMetadataArrayMap"), - ("read_only_space", 0x02999): (117, "ArrayListMap"), - ("read_only_space", 0x029c1): (65, "BigIntMap"), - ("read_only_space", 0x029e9): (128, "ObjectBoilerplateDescriptionMap"), - ("read_only_space", 0x02a11): (132, "BytecodeArrayMap"), - ("read_only_space", 0x02a39): (160, "CodeDataContainerMap"), - ("read_only_space", 0x02a61): (161, "CoverageInfoMap"), - ("read_only_space", 0x02a89): (133, "FixedDoubleArrayMap"), - ("read_only_space", 0x02ab1): (120, "GlobalDictionaryMap"), - ("read_only_space", 0x02ad9): (97, "ManyClosuresCellMap"), - ("read_only_space", 0x02b01): (117, "ModuleInfoMap"), - ("read_only_space", 0x02b29): (121, "NameDictionaryMap"), - ("read_only_space", 0x02b51): (97, "NoClosuresCellMap"), - ("read_only_space", 0x02b79): (122, "NumberDictionaryMap"), - ("read_only_space", 0x02ba1): (97, "OneClosureCellMap"), - ("read_only_space", 0x02bc9): (123, "OrderedHashMapMap"), - ("read_only_space", 0x02bf1): (124, "OrderedHashSetMap"), - ("read_only_space", 0x02c19): (125, "OrderedNameDictionaryMap"), - ("read_only_space", 0x02c41): (172, "PreparseDataMap"), - ("read_only_space", 0x02c69): (173, "PropertyArrayMap"), - ("read_only_space", 0x02c91): (93, "SideEffectCallHandlerInfoMap"), - ("read_only_space", 0x02cb9): (93, "SideEffectFreeCallHandlerInfoMap"), - ("read_only_space", 0x02ce1): (93, "NextCallSideEffectFreeCallHandlerInfoMap"), - ("read_only_space", 0x02d09): (126, "SimpleNumberDictionaryMap"), - ("read_only_space", 0x02d31): (149, "SmallOrderedHashMapMap"), - ("read_only_space", 0x02d59): (150, "SmallOrderedHashSetMap"), - ("read_only_space", 0x02d81): (151, "SmallOrderedNameDictionaryMap"), - ("read_only_space", 0x02da9): (152, "SourceTextModuleMap"), - ("read_only_space", 0x02dd1): (153, "SyntheticModuleMap"), - ("read_only_space", 0x02df9): (155, "UncompiledDataWithoutPreparseDataMap"), - ("read_only_space", 0x02e21): (154, "UncompiledDataWithPreparseDataMap"), - ("read_only_space", 0x02e49): (71, "WasmTypeInfoMap"), - ("read_only_space", 0x02e71): (181, "WeakArrayListMap"), - ("read_only_space", 0x02e99): (119, "EphemeronHashTableMap"), - ("read_only_space", 0x02ec1): (163, "EmbedderDataArrayMap"), - ("read_only_space", 0x02ee9): (182, "WeakCellMap"), - ("read_only_space", 0x02f11): (32, "StringMap"), - ("read_only_space", 0x02f39): (41, "ConsOneByteStringMap"), - ("read_only_space", 0x02f61): (33, "ConsStringMap"), - ("read_only_space", 0x02f89): (37, "ThinStringMap"), - ("read_only_space", 0x02fb1): (35, "SlicedStringMap"), - ("read_only_space", 0x02fd9): (43, "SlicedOneByteStringMap"), - ("read_only_space", 0x03001): (34, "ExternalStringMap"), - ("read_only_space", 0x03029): (42, "ExternalOneByteStringMap"), - ("read_only_space", 0x03051): (50, "UncachedExternalStringMap"), - ("read_only_space", 0x03079): (0, "InternalizedStringMap"), - ("read_only_space", 0x030a1): (2, "ExternalInternalizedStringMap"), - ("read_only_space", 0x030c9): (10, "ExternalOneByteInternalizedStringMap"), - ("read_only_space", 0x030f1): (18, "UncachedExternalInternalizedStringMap"), - ("read_only_space", 0x03119): (26, "UncachedExternalOneByteInternalizedStringMap"), - ("read_only_space", 0x03141): (58, "UncachedExternalOneByteStringMap"), - ("read_only_space", 0x03169): (67, "SelfReferenceMarkerMap"), - ("read_only_space", 0x03191): (67, "BasicBlockCountersMarkerMap"), - ("read_only_space", 0x031d5): (87, "ArrayBoilerplateDescriptionMap"), - ("read_only_space", 0x032a5): (99, "InterceptorInfoMap"), - ("read_only_space", 0x05399): (72, "PromiseFulfillReactionJobTaskMap"), - ("read_only_space", 0x053c1): (73, "PromiseRejectReactionJobTaskMap"), - ("read_only_space", 0x053e9): (74, "CallableTaskMap"), - ("read_only_space", 0x05411): (75, "CallbackTaskMap"), - ("read_only_space", 0x05439): (76, "PromiseResolveThenableJobTaskMap"), - ("read_only_space", 0x05461): (79, "FunctionTemplateInfoMap"), - ("read_only_space", 0x05489): (80, "ObjectTemplateInfoMap"), - ("read_only_space", 0x054b1): (81, "AccessCheckInfoMap"), - ("read_only_space", 0x054d9): (82, "AccessorInfoMap"), - ("read_only_space", 0x05501): (83, "AccessorPairMap"), - ("read_only_space", 0x05529): (84, "AliasedArgumentsEntryMap"), - ("read_only_space", 0x05551): (85, "AllocationMementoMap"), - ("read_only_space", 0x05579): (88, "AsmWasmDataMap"), - ("read_only_space", 0x055a1): (89, "AsyncGeneratorRequestMap"), - ("read_only_space", 0x055c9): (90, "BreakPointMap"), - ("read_only_space", 0x055f1): (91, "BreakPointInfoMap"), - ("read_only_space", 0x05619): (92, "CachedTemplateObjectMap"), - ("read_only_space", 0x05641): (94, "ClassPositionsMap"), - ("read_only_space", 0x05669): (95, "DebugInfoMap"), - ("read_only_space", 0x05691): (98, "FunctionTemplateRareDataMap"), - ("read_only_space", 0x056b9): (100, "InterpreterDataMap"), - ("read_only_space", 0x056e1): (101, "PromiseCapabilityMap"), - ("read_only_space", 0x05709): (102, "PromiseReactionMap"), - ("read_only_space", 0x05731): (103, "PropertyDescriptorObjectMap"), - ("read_only_space", 0x05759): (104, "PrototypeInfoMap"), - ("read_only_space", 0x05781): (105, "ScriptMap"), - ("read_only_space", 0x057a9): (106, "SourceTextModuleInfoEntryMap"), - ("read_only_space", 0x057d1): (107, "StackFrameInfoMap"), - ("read_only_space", 0x057f9): (108, "StackTraceFrameMap"), - ("read_only_space", 0x05821): (109, "TemplateObjectDescriptionMap"), - ("read_only_space", 0x05849): (110, "Tuple2Map"), - ("read_only_space", 0x05871): (111, "WasmCapiFunctionDataMap"), - ("read_only_space", 0x05899): (112, "WasmExceptionTagMap"), - ("read_only_space", 0x058c1): (113, "WasmExportedFunctionDataMap"), - ("read_only_space", 0x058e9): (114, "WasmIndirectFunctionTableMap"), - ("read_only_space", 0x05911): (115, "WasmJSFunctionDataMap"), - ("read_only_space", 0x05939): (116, "WasmValueMap"), - ("read_only_space", 0x05961): (135, "SloppyArgumentsElementsMap"), - ("read_only_space", 0x05989): (171, "OnHeapBasicBlockProfilerDataMap"), - ("read_only_space", 0x059b1): (168, "InternalClassMap"), - ("read_only_space", 0x059d9): (177, "SmiPairMap"), - ("read_only_space", 0x05a01): (176, "SmiBoxMap"), - ("read_only_space", 0x05a29): (146, "ExportedSubClassBaseMap"), - ("read_only_space", 0x05a51): (147, "ExportedSubClassMap"), - ("read_only_space", 0x05a79): (68, "AbstractInternalClassSubclass1Map"), - ("read_only_space", 0x05aa1): (69, "AbstractInternalClassSubclass2Map"), - ("read_only_space", 0x05ac9): (134, "InternalClassWithSmiElementsMap"), - ("read_only_space", 0x05af1): (169, "InternalClassWithStructElementsMap"), - ("read_only_space", 0x05b19): (148, "ExportedSubClass2Map"), - ("read_only_space", 0x05b41): (178, "SortStateMap"), - ("read_only_space", 0x05b69): (86, "AllocationSiteWithWeakNextMap"), - ("read_only_space", 0x05b91): (86, "AllocationSiteWithoutWeakNextMap"), - ("read_only_space", 0x05bb9): (77, "LoadHandler1Map"), - ("read_only_space", 0x05be1): (77, "LoadHandler2Map"), - ("read_only_space", 0x05c09): (77, "LoadHandler3Map"), - ("read_only_space", 0x05c31): (78, "StoreHandler0Map"), - ("read_only_space", 0x05c59): (78, "StoreHandler1Map"), - ("read_only_space", 0x05c81): (78, "StoreHandler2Map"), - ("read_only_space", 0x05ca9): (78, "StoreHandler3Map"), - ("map_space", 0x02115): (1057, "ExternalMap"), - ("map_space", 0x0213d): (1072, "JSMessageObjectMap"), - ("map_space", 0x02165): (180, "WasmRttEqrefMap"), - ("map_space", 0x0218d): (180, "WasmRttExternrefMap"), - ("map_space", 0x021b5): (180, "WasmRttFuncrefMap"), - ("map_space", 0x021dd): (180, "WasmRttI31refMap"), + ("read_only_space", 0x02119): (170, "MetaMap"), + ("read_only_space", 0x02141): (67, "NullMap"), + ("read_only_space", 0x02169): (162, "DescriptorArrayMap"), + ("read_only_space", 0x02191): (156, "WeakFixedArrayMap"), + ("read_only_space", 0x021d1): (96, "EnumCacheMap"), + ("read_only_space", 0x02205): (117, "FixedArrayMap"), + ("read_only_space", 0x02251): (8, "OneByteInternalizedStringMap"), + ("read_only_space", 0x0229d): (167, "FreeSpaceMap"), + ("read_only_space", 0x022c5): (166, "OnePointerFillerMap"), + ("read_only_space", 0x022ed): (166, "TwoPointerFillerMap"), + ("read_only_space", 0x02315): (67, "UninitializedMap"), + ("read_only_space", 0x0238d): (67, "UndefinedMap"), + ("read_only_space", 0x023d1): (66, "HeapNumberMap"), + ("read_only_space", 0x02405): (67, "TheHoleMap"), + ("read_only_space", 0x02465): (67, "BooleanMap"), + ("read_only_space", 0x02509): (131, "ByteArrayMap"), + ("read_only_space", 0x02531): (117, "FixedCOWArrayMap"), + ("read_only_space", 0x02559): (118, "HashTableMap"), + ("read_only_space", 0x02581): (64, "SymbolMap"), + ("read_only_space", 0x025a9): (40, "OneByteStringMap"), + ("read_only_space", 0x025d1): (129, "ScopeInfoMap"), + ("read_only_space", 0x025f9): (175, "SharedFunctionInfoMap"), + ("read_only_space", 0x02621): (159, "CodeMap"), + ("read_only_space", 0x02649): (158, "CellMap"), + ("read_only_space", 0x02671): (174, "GlobalPropertyCellMap"), + ("read_only_space", 0x02699): (70, "ForeignMap"), + ("read_only_space", 0x026c1): (157, "TransitionArrayMap"), + ("read_only_space", 0x026e9): (45, "ThinOneByteStringMap"), + ("read_only_space", 0x02711): (165, "FeedbackVectorMap"), + ("read_only_space", 0x02741): (67, "ArgumentsMarkerMap"), + ("read_only_space", 0x027a1): (67, "ExceptionMap"), + ("read_only_space", 0x027fd): (67, "TerminationExceptionMap"), + ("read_only_space", 0x02865): (67, "OptimizedOutMap"), + ("read_only_space", 0x028c5): (67, "StaleRegisterMap"), + ("read_only_space", 0x02925): (130, "ScriptContextTableMap"), + ("read_only_space", 0x0294d): (127, "ClosureFeedbackCellArrayMap"), + ("read_only_space", 0x02975): (164, "FeedbackMetadataArrayMap"), + ("read_only_space", 0x0299d): (117, "ArrayListMap"), + ("read_only_space", 0x029c5): (65, "BigIntMap"), + ("read_only_space", 0x029ed): (128, "ObjectBoilerplateDescriptionMap"), + ("read_only_space", 0x02a15): (132, "BytecodeArrayMap"), + ("read_only_space", 0x02a3d): (160, "CodeDataContainerMap"), + ("read_only_space", 0x02a65): (161, "CoverageInfoMap"), + ("read_only_space", 0x02a8d): (133, "FixedDoubleArrayMap"), + ("read_only_space", 0x02ab5): (120, "GlobalDictionaryMap"), + ("read_only_space", 0x02add): (97, "ManyClosuresCellMap"), + ("read_only_space", 0x02b05): (117, "ModuleInfoMap"), + ("read_only_space", 0x02b2d): (121, "NameDictionaryMap"), + ("read_only_space", 0x02b55): (97, "NoClosuresCellMap"), + ("read_only_space", 0x02b7d): (122, "NumberDictionaryMap"), + ("read_only_space", 0x02ba5): (97, "OneClosureCellMap"), + ("read_only_space", 0x02bcd): (123, "OrderedHashMapMap"), + ("read_only_space", 0x02bf5): (124, "OrderedHashSetMap"), + ("read_only_space", 0x02c1d): (125, "OrderedNameDictionaryMap"), + ("read_only_space", 0x02c45): (172, "PreparseDataMap"), + ("read_only_space", 0x02c6d): (173, "PropertyArrayMap"), + ("read_only_space", 0x02c95): (93, "SideEffectCallHandlerInfoMap"), + ("read_only_space", 0x02cbd): (93, "SideEffectFreeCallHandlerInfoMap"), + ("read_only_space", 0x02ce5): (93, "NextCallSideEffectFreeCallHandlerInfoMap"), + ("read_only_space", 0x02d0d): (126, "SimpleNumberDictionaryMap"), + ("read_only_space", 0x02d35): (149, "SmallOrderedHashMapMap"), + ("read_only_space", 0x02d5d): (150, "SmallOrderedHashSetMap"), + ("read_only_space", 0x02d85): (151, "SmallOrderedNameDictionaryMap"), + ("read_only_space", 0x02dad): (152, "SourceTextModuleMap"), + ("read_only_space", 0x02dd5): (153, "SyntheticModuleMap"), + ("read_only_space", 0x02dfd): (155, "UncompiledDataWithoutPreparseDataMap"), + ("read_only_space", 0x02e25): (154, "UncompiledDataWithPreparseDataMap"), + ("read_only_space", 0x02e4d): (71, "WasmTypeInfoMap"), + ("read_only_space", 0x02e75): (181, "WeakArrayListMap"), + ("read_only_space", 0x02e9d): (119, "EphemeronHashTableMap"), + ("read_only_space", 0x02ec5): (163, "EmbedderDataArrayMap"), + ("read_only_space", 0x02eed): (182, "WeakCellMap"), + ("read_only_space", 0x02f15): (32, "StringMap"), + ("read_only_space", 0x02f3d): (41, "ConsOneByteStringMap"), + ("read_only_space", 0x02f65): (33, "ConsStringMap"), + ("read_only_space", 0x02f8d): (37, "ThinStringMap"), + ("read_only_space", 0x02fb5): (35, "SlicedStringMap"), + ("read_only_space", 0x02fdd): (43, "SlicedOneByteStringMap"), + ("read_only_space", 0x03005): (34, "ExternalStringMap"), + ("read_only_space", 0x0302d): (42, "ExternalOneByteStringMap"), + ("read_only_space", 0x03055): (50, "UncachedExternalStringMap"), + ("read_only_space", 0x0307d): (0, "InternalizedStringMap"), + ("read_only_space", 0x030a5): (2, "ExternalInternalizedStringMap"), + ("read_only_space", 0x030cd): (10, "ExternalOneByteInternalizedStringMap"), + ("read_only_space", 0x030f5): (18, "UncachedExternalInternalizedStringMap"), + ("read_only_space", 0x0311d): (26, "UncachedExternalOneByteInternalizedStringMap"), + ("read_only_space", 0x03145): (58, "UncachedExternalOneByteStringMap"), + ("read_only_space", 0x0316d): (67, "SelfReferenceMarkerMap"), + ("read_only_space", 0x03195): (67, "BasicBlockCountersMarkerMap"), + ("read_only_space", 0x031d9): (87, "ArrayBoilerplateDescriptionMap"), + ("read_only_space", 0x032a9): (99, "InterceptorInfoMap"), + ("read_only_space", 0x0539d): (72, "PromiseFulfillReactionJobTaskMap"), + ("read_only_space", 0x053c5): (73, "PromiseRejectReactionJobTaskMap"), + ("read_only_space", 0x053ed): (74, "CallableTaskMap"), + ("read_only_space", 0x05415): (75, "CallbackTaskMap"), + ("read_only_space", 0x0543d): (76, "PromiseResolveThenableJobTaskMap"), + ("read_only_space", 0x05465): (79, "FunctionTemplateInfoMap"), + ("read_only_space", 0x0548d): (80, "ObjectTemplateInfoMap"), + ("read_only_space", 0x054b5): (81, "AccessCheckInfoMap"), + ("read_only_space", 0x054dd): (82, "AccessorInfoMap"), + ("read_only_space", 0x05505): (83, "AccessorPairMap"), + ("read_only_space", 0x0552d): (84, "AliasedArgumentsEntryMap"), + ("read_only_space", 0x05555): (85, "AllocationMementoMap"), + ("read_only_space", 0x0557d): (88, "AsmWasmDataMap"), + ("read_only_space", 0x055a5): (89, "AsyncGeneratorRequestMap"), + ("read_only_space", 0x055cd): (90, "BreakPointMap"), + ("read_only_space", 0x055f5): (91, "BreakPointInfoMap"), + ("read_only_space", 0x0561d): (92, "CachedTemplateObjectMap"), + ("read_only_space", 0x05645): (94, "ClassPositionsMap"), + ("read_only_space", 0x0566d): (95, "DebugInfoMap"), + ("read_only_space", 0x05695): (98, "FunctionTemplateRareDataMap"), + ("read_only_space", 0x056bd): (100, "InterpreterDataMap"), + ("read_only_space", 0x056e5): (101, "PromiseCapabilityMap"), + ("read_only_space", 0x0570d): (102, "PromiseReactionMap"), + ("read_only_space", 0x05735): (103, "PropertyDescriptorObjectMap"), + ("read_only_space", 0x0575d): (104, "PrototypeInfoMap"), + ("read_only_space", 0x05785): (105, "ScriptMap"), + ("read_only_space", 0x057ad): (106, "SourceTextModuleInfoEntryMap"), + ("read_only_space", 0x057d5): (107, "StackFrameInfoMap"), + ("read_only_space", 0x057fd): (108, "StackTraceFrameMap"), + ("read_only_space", 0x05825): (109, "TemplateObjectDescriptionMap"), + ("read_only_space", 0x0584d): (110, "Tuple2Map"), + ("read_only_space", 0x05875): (111, "WasmCapiFunctionDataMap"), + ("read_only_space", 0x0589d): (112, "WasmExceptionTagMap"), + ("read_only_space", 0x058c5): (113, "WasmExportedFunctionDataMap"), + ("read_only_space", 0x058ed): (114, "WasmIndirectFunctionTableMap"), + ("read_only_space", 0x05915): (115, "WasmJSFunctionDataMap"), + ("read_only_space", 0x0593d): (116, "WasmValueMap"), + ("read_only_space", 0x05965): (135, "SloppyArgumentsElementsMap"), + ("read_only_space", 0x0598d): (171, "OnHeapBasicBlockProfilerDataMap"), + ("read_only_space", 0x059b5): (168, "InternalClassMap"), + ("read_only_space", 0x059dd): (177, "SmiPairMap"), + ("read_only_space", 0x05a05): (176, "SmiBoxMap"), + ("read_only_space", 0x05a2d): (146, "ExportedSubClassBaseMap"), + ("read_only_space", 0x05a54): (147, "ExportedSubClassMap"), + ("read_only_space", 0x05a7d): (68, "AbstractInternalClassSubclass1Map"), + ("read_only_space", 0x05aa5): (69, "AbstractInternalClassSubclass2Map"), + ("read_only_space", 0x05acd): (134, "InternalClassWithSmiElementsMap"), + ("read_only_space", 0x05af5): (169, "InternalClassWithStructElementsMap"), + ("read_only_space", 0x05b1d): (148, "ExportedSubClass2Map"), + ("read_only_space", 0x05b45): (178, "SortStateMap"), + ("read_only_space", 0x05b6d): (86, "AllocationSiteWithWeakNextMap"), + ("read_only_space", 0x05b95): (86, "AllocationSiteWithoutWeakNextMap"), + ("read_only_space", 0x05bbd): (77, "LoadHandler1Map"), + ("read_only_space", 0x05be5): (77, "LoadHandler2Map"), + ("read_only_space", 0x05c0d): (77, "LoadHandler3Map"), + ("read_only_space", 0x05c35): (78, "StoreHandler0Map"), + ("read_only_space", 0x05c5d): (78, "StoreHandler1Map"), + ("read_only_space", 0x05c85): (78, "StoreHandler2Map"), + ("read_only_space", 0x05cad): (78, "StoreHandler3Map"), + ("map_space", 0x02119): (1057, "ExternalMap"), + ("map_space", 0x02141): (1072, "JSMessageObjectMap"), + ("map_space", 0x02169): (180, "WasmRttEqrefMap"), + ("map_space", 0x02191): (180, "WasmRttExternrefMap"), + ("map_space", 0x021b9): (180, "WasmRttFuncrefMap"), + ("map_space", 0x021e1): (180, "WasmRttI31refMap"), } # List of known V8 objects. KNOWN_OBJECTS = { - ("read_only_space", 0x021b5): "EmptyWeakFixedArray", - ("read_only_space", 0x021bd): "EmptyDescriptorArray", - ("read_only_space", 0x021f5): "EmptyEnumCache", - ("read_only_space", 0x02229): "EmptyFixedArray", - ("read_only_space", 0x02231): "NullValue", - ("read_only_space", 0x02339): "UninitializedValue", - ("read_only_space", 0x023b1): "UndefinedValue", - ("read_only_space", 0x023f5): "NanValue", - ("read_only_space", 0x02429): "TheHoleValue", - ("read_only_space", 0x02455): "HoleNanValue", - ("read_only_space", 0x02489): "TrueValue", - ("read_only_space", 0x024c9): "FalseValue", - ("read_only_space", 0x024f9): "empty_string", - ("read_only_space", 0x02735): "EmptyScopeInfo", - ("read_only_space", 0x02765): "ArgumentsMarker", - ("read_only_space", 0x027c5): "Exception", - ("read_only_space", 0x02821): "TerminationException", - ("read_only_space", 0x02889): "OptimizedOut", - ("read_only_space", 0x028e9): "StaleRegister", - ("read_only_space", 0x031b9): "EmptyPropertyArray", - ("read_only_space", 0x031c1): "EmptyByteArray", - ("read_only_space", 0x031c9): "EmptyObjectBoilerplateDescription", - ("read_only_space", 0x031fd): "EmptyArrayBoilerplateDescription", - ("read_only_space", 0x03209): "EmptyClosureFeedbackCellArray", - ("read_only_space", 0x03211): "EmptySlowElementDictionary", - ("read_only_space", 0x03235): "EmptyOrderedHashMap", - ("read_only_space", 0x03249): "EmptyOrderedHashSet", - ("read_only_space", 0x0325d): "EmptyFeedbackMetadata", - ("read_only_space", 0x03269): "EmptyPropertyCell", - ("read_only_space", 0x0327d): "EmptyPropertyDictionary", - ("read_only_space", 0x032cd): "NoOpInterceptorInfo", - ("read_only_space", 0x032f5): "EmptyWeakArrayList", - ("read_only_space", 0x03301): "InfinityValue", - ("read_only_space", 0x0330d): "MinusZeroValue", - ("read_only_space", 0x03319): "MinusInfinityValue", - ("read_only_space", 0x03325): "SelfReferenceMarker", - ("read_only_space", 0x03365): "BasicBlockCountersMarker", - ("read_only_space", 0x033a9): "OffHeapTrampolineRelocationInfo", - ("read_only_space", 0x033b5): "TrampolineTrivialCodeDataContainer", - ("read_only_space", 0x033c1): "TrampolinePromiseRejectionCodeDataContainer", - ("read_only_space", 0x033cd): "GlobalThisBindingScopeInfo", - ("read_only_space", 0x03405): "EmptyFunctionScopeInfo", - ("read_only_space", 0x0342d): "NativeScopeInfo", - ("read_only_space", 0x03449): "HashSeed", - ("old_space", 0x02115): "ArgumentsIteratorAccessor", - ("old_space", 0x02159): "ArrayLengthAccessor", - ("old_space", 0x0219d): "BoundFunctionLengthAccessor", - ("old_space", 0x021e1): "BoundFunctionNameAccessor", - ("old_space", 0x02225): "ErrorStackAccessor", - ("old_space", 0x02269): "FunctionArgumentsAccessor", - ("old_space", 0x022ad): "FunctionCallerAccessor", - ("old_space", 0x022f1): "FunctionNameAccessor", - ("old_space", 0x02335): "FunctionLengthAccessor", - ("old_space", 0x02379): "FunctionPrototypeAccessor", - ("old_space", 0x023bd): "RegExpResultIndicesAccessor", - ("old_space", 0x02401): "StringLengthAccessor", - ("old_space", 0x02445): "InvalidPrototypeValidityCell", - ("old_space", 0x024cd): "EmptyScript", - ("old_space", 0x0250d): "ManyClosuresCell", - ("old_space", 0x02519): "ArrayConstructorProtector", - ("old_space", 0x0252d): "NoElementsProtector", - ("old_space", 0x02541): "IsConcatSpreadableProtector", - ("old_space", 0x02555): "ArraySpeciesProtector", - ("old_space", 0x02569): "TypedArraySpeciesProtector", - ("old_space", 0x0257d): "PromiseSpeciesProtector", - ("old_space", 0x02591): "RegExpSpeciesProtector", - ("old_space", 0x025a5): "StringLengthProtector", - ("old_space", 0x025b9): "ArrayIteratorProtector", - ("old_space", 0x025cd): "ArrayBufferDetachingProtector", - ("old_space", 0x025e1): "PromiseHookProtector", - ("old_space", 0x025f5): "PromiseResolveProtector", - ("old_space", 0x02609): "MapIteratorProtector", - ("old_space", 0x0261d): "PromiseThenProtector", - ("old_space", 0x02631): "SetIteratorProtector", - ("old_space", 0x02645): "StringIteratorProtector", - ("old_space", 0x02659): "SingleCharacterStringCache", - ("old_space", 0x02a61): "StringSplitCache", - ("old_space", 0x02e69): "RegExpMultipleCache", - ("old_space", 0x03271): "BuiltinsConstantsTable", - ("old_space", 0x0364d): "AsyncFunctionAwaitRejectSharedFun", - ("old_space", 0x03675): "AsyncFunctionAwaitResolveSharedFun", - ("old_space", 0x0369d): "AsyncGeneratorAwaitRejectSharedFun", - ("old_space", 0x036c5): "AsyncGeneratorAwaitResolveSharedFun", - ("old_space", 0x036ed): "AsyncGeneratorYieldResolveSharedFun", - ("old_space", 0x03715): "AsyncGeneratorReturnResolveSharedFun", - ("old_space", 0x0373d): "AsyncGeneratorReturnClosedRejectSharedFun", - ("old_space", 0x03765): "AsyncGeneratorReturnClosedResolveSharedFun", - ("old_space", 0x0378d): "AsyncIteratorValueUnwrapSharedFun", - ("old_space", 0x037b5): "PromiseAllResolveElementSharedFun", - ("old_space", 0x037dd): "PromiseAllSettledResolveElementSharedFun", - ("old_space", 0x03805): "PromiseAllSettledRejectElementSharedFun", - ("old_space", 0x0382d): "PromiseAnyRejectElementSharedFun", - ("old_space", 0x03855): "PromiseCapabilityDefaultRejectSharedFun", - ("old_space", 0x0387d): "PromiseCapabilityDefaultResolveSharedFun", - ("old_space", 0x038a5): "PromiseCatchFinallySharedFun", - ("old_space", 0x038cd): "PromiseGetCapabilitiesExecutorSharedFun", - ("old_space", 0x038f5): "PromiseThenFinallySharedFun", - ("old_space", 0x0391d): "PromiseThrowerFinallySharedFun", - ("old_space", 0x03945): "PromiseValueThunkFinallySharedFun", - ("old_space", 0x0396d): "ProxyRevokeSharedFun", + ("read_only_space", 0x021b9): "EmptyWeakFixedArray", + ("read_only_space", 0x021c1): "EmptyDescriptorArray", + ("read_only_space", 0x021f9): "EmptyEnumCache", + ("read_only_space", 0x0222d): "EmptyFixedArray", + ("read_only_space", 0x02235): "NullValue", + ("read_only_space", 0x0233d): "UninitializedValue", + ("read_only_space", 0x023b5): "UndefinedValue", + ("read_only_space", 0x023f9): "NanValue", + ("read_only_space", 0x0242d): "TheHoleValue", + ("read_only_space", 0x02459): "HoleNanValue", + ("read_only_space", 0x0248d): "TrueValue", + ("read_only_space", 0x024cd): "FalseValue", + ("read_only_space", 0x024fd): "empty_string", + ("read_only_space", 0x02739): "EmptyScopeInfo", + ("read_only_space", 0x02769): "ArgumentsMarker", + ("read_only_space", 0x027c9): "Exception", + ("read_only_space", 0x02825): "TerminationException", + ("read_only_space", 0x0288d): "OptimizedOut", + ("read_only_space", 0x028ed): "StaleRegister", + ("read_only_space", 0x031bd): "EmptyPropertyArray", + ("read_only_space", 0x031c5): "EmptyByteArray", + ("read_only_space", 0x031cd): "EmptyObjectBoilerplateDescription", + ("read_only_space", 0x03201): "EmptyArrayBoilerplateDescription", + ("read_only_space", 0x0320d): "EmptyClosureFeedbackCellArray", + ("read_only_space", 0x03215): "EmptySlowElementDictionary", + ("read_only_space", 0x03239): "EmptyOrderedHashMap", + ("read_only_space", 0x0324d): "EmptyOrderedHashSet", + ("read_only_space", 0x03261): "EmptyFeedbackMetadata", + ("read_only_space", 0x0326d): "EmptyPropertyCell", + ("read_only_space", 0x03281): "EmptyPropertyDictionary", + ("read_only_space", 0x032d1): "NoOpInterceptorInfo", + ("read_only_space", 0x032f9): "EmptyWeakArrayList", + ("read_only_space", 0x03305): "InfinityValue", + ("read_only_space", 0x03311): "MinusZeroValue", + ("read_only_space", 0x0331d): "MinusInfinityValue", + ("read_only_space", 0x03329): "SelfReferenceMarker", + ("read_only_space", 0x03369): "BasicBlockCountersMarker", + ("read_only_space", 0x033ad): "OffHeapTrampolineRelocationInfo", + ("read_only_space", 0x033b9): "TrampolineTrivialCodeDataContainer", + ("read_only_space", 0x033c5): "TrampolinePromiseRejectionCodeDataContainer", + ("read_only_space", 0x033d1): "GlobalThisBindingScopeInfo", + ("read_only_space", 0x03409): "EmptyFunctionScopeInfo", + ("read_only_space", 0x03432): "NativeScopeInfo", + ("read_only_space", 0x0344d): "HashSeed", + ("old_space", 0x02119): "ArgumentsIteratorAccessor", + ("old_space", 0x0215d): "ArrayLengthAccessor", + ("old_space", 0x021a1): "BoundFunctionLengthAccessor", + ("old_space", 0x021e5): "BoundFunctionNameAccessor", + ("old_space", 0x02229): "ErrorStackAccessor", + ("old_space", 0x0226d): "FunctionArgumentsAccessor", + ("old_space", 0x022b1): "FunctionCallerAccessor", + ("old_space", 0x022f5): "FunctionNameAccessor", + ("old_space", 0x02339): "FunctionLengthAccessor", + ("old_space", 0x0237d): "FunctionPrototypeAccessor", + ("old_space", 0x023c1): "RegExpResultIndicesAccessor", + ("old_space", 0x02405): "StringLengthAccessor", + ("old_space", 0x02449): "InvalidPrototypeValidityCell", + ("old_space", 0x024d1): "EmptyScript", + ("old_space", 0x02511): "ManyClosuresCell", + ("old_space", 0x0251d): "ArrayConstructorProtector", + ("old_space", 0x02531): "NoElementsProtector", + ("old_space", 0x02545): "IsConcatSpreadableProtector", + ("old_space", 0x02559): "ArraySpeciesProtector", + ("old_space", 0x0256d): "TypedArraySpeciesProtector", + ("old_space", 0x02581): "PromiseSpeciesProtector", + ("old_space", 0x02595): "RegExpSpeciesProtector", + ("old_space", 0x025a9): "StringLengthProtector", + ("old_space", 0x025bd): "ArrayIteratorProtector", + ("old_space", 0x025d1): "ArrayBufferDetachingProtector", + ("old_space", 0x025e5): "PromiseHookProtector", + ("old_space", 0x025f9): "PromiseResolveProtector", + ("old_space", 0x0260d): "MapIteratorProtector", + ("old_space", 0x02621): "PromiseThenProtector", + ("old_space", 0x02635): "SetIteratorProtector", + ("old_space", 0x02649): "StringIteratorProtector", + ("old_space", 0x0265d): "SingleCharacterStringCache", + ("old_space", 0x02a65): "StringSplitCache", + ("old_space", 0x02e6d): "RegExpMultipleCache", + ("old_space", 0x03275): "BuiltinsConstantsTable", + ("old_space", 0x03651): "AsyncFunctionAwaitRejectSharedFun", + ("old_space", 0x03679): "AsyncFunctionAwaitResolveSharedFun", + ("old_space", 0x036a1): "AsyncGeneratorAwaitRejectSharedFun", + ("old_space", 0x036c9): "AsyncGeneratorAwaitResolveSharedFun", + ("old_space", 0x036f1): "AsyncGeneratorYieldResolveSharedFun", + ("old_space", 0x03719): "AsyncGeneratorReturnResolveSharedFun", + ("old_space", 0x03741): "AsyncGeneratorReturnClosedRejectSharedFun", + ("old_space", 0x03769): "AsyncGeneratorReturnClosedResolveSharedFun", + ("old_space", 0x03791): "AsyncIteratorValueUnwrapSharedFun", + ("old_space", 0x037b9): "PromiseAllResolveElementSharedFun", + ("old_space", 0x037e1): "PromiseAllSettledResolveElementSharedFun", + ("old_space", 0x03809): "PromiseAllSettledRejectElementSharedFun", + ("old_space", 0x03831): "PromiseAnyRejectElementSharedFun", + ("old_space", 0x03859): "PromiseCapabilityDefaultRejectSharedFun", + ("old_space", 0x03881): "PromiseCapabilityDefaultResolveSharedFun", + ("old_space", 0x038a9): "PromiseCatchFinallySharedFun", + ("old_space", 0x038d1): "PromiseGetCapabilitiesExecutorSharedFun", + ("old_space", 0x038f9): "PromiseThenFinallySharedFun", + ("old_space", 0x03921): "PromiseThrowerFinallySharedFun", + ("old_space", 0x03949): "PromiseValueThunkFinallySharedFun", + ("old_space", 0x03971): "ProxyRevokeSharedFun", } # Lower 32 bits of first page addresses for various heap spaces. diff -Naur a/src/3rdparty.rej b/src/3rdparty.rej --- a/src/3rdparty.rej 1970-01-01 01:00:00.000000000 +0100 +++ b/src/3rdparty.rej 2021-04-30 21:32:42.355810662 +0100 @@ -0,0 +1,5 @@ +--- src/3rdparty ++++ src/3rdparty +@@ -1 +1 @@ +-Subproject commit 048f5e99303d4bf6b3c872ada7aadafaaebec932 ++Subproject commit 6764c29f7c5aaf9ecbe6532f9e2b845604c926a5 diff -Naur a/src/core/content_browser_client_qt.cpp b/src/core/content_browser_client_qt.cpp --- a/src/core/content_browser_client_qt.cpp 2021-04-01 15:33:27.000000000 +0100 +++ b/src/core/content_browser_client_qt.cpp 2021-04-30 21:34:29.148412518 +0100 @@ -39,6 +39,7 @@ #include "content_browser_client_qt.h" +#include "base/files/file_util.h" #include "base/optional.h" #include "base/task/post_task.h" #include "chrome/browser/custom_handlers/protocol_handler_registry.h" @@ -167,6 +168,7 @@ #include "extensions/common/manifest_handlers/mime_types_handler.h" #include "extensions/extension_web_contents_observer_qt.h" #include "extensions/extensions_browser_client_qt.h" +#include "extensions/pdf_iframe_navigation_throttle_qt.h" #include "net/plugin_response_interceptor_url_loader_throttle.h" #endif @@ -222,6 +224,13 @@ namespace QtWebEngineCore { +void MaybeAddThrottle( + std::unique_ptr maybe_throttle, + std::vector>* throttles) { + if (maybe_throttle) + throttles->push_back(std::move(maybe_throttle)); +} + class QtShareGLContext : public gl::GLContext { public: QtShareGLContext(QOpenGLContext *qtContext) @@ -471,12 +480,7 @@ std::string ContentBrowserClientQt::GetApplicationLocale() { - std::string bcp47Name = QLocale().bcp47Name().toStdString(); - if (m_cachedQtLocale != bcp47Name) { - m_cachedQtLocale = bcp47Name; - m_appLocale = WebEngineLibraryInfo::getApplicationLocale(); - } - return m_appLocale; + return WebEngineLibraryInfo::getApplicationLocale(); } std::string ContentBrowserClientQt::GetAcceptLangs(content::BrowserContext *context) @@ -492,7 +496,7 @@ std::string processType = command_line->GetSwitchValueASCII(switches::kProcessType); if (processType == switches::kZygoteProcess) - command_line->AppendSwitchASCII(switches::kLang, GetApplicationLocale()); + command_line->AppendSwitchASCII(switches::kLang, WebEngineLibraryInfo::getApplicationLocale()); } void ContentBrowserClientQt::GetAdditionalWebUISchemes(std::vector* additional_schemes) @@ -520,9 +524,8 @@ #if defined(Q_OS_LINUX) void ContentBrowserClientQt::GetAdditionalMappedFilesForChildProcess(const base::CommandLine& command_line, int child_process_id, content::PosixFileDescriptorInfo* mappings) { - const std::string &locale = GetApplicationLocale(); - const base::FilePath &locale_file_path = ui::ResourceBundle::GetSharedInstance().GetLocaleFilePath(locale); - if (locale_file_path.empty()) + const base::FilePath &locale_file_path = ui::ResourceBundle::GetSharedInstance().GetLocaleFilePath(WebEngineLibraryInfo::getResolvedLocale()); + if (locale_file_path.empty() || !base::PathExists(locale_file_path)) return; // Open pak file of the current locale in the Browser process and pass its file descriptor to the sandboxed @@ -997,7 +1000,13 @@ WebContentsViewQt::from(static_cast(source)->GetView())->client(); if (!client) return false; - client->navigationRequested(pageTransitionToNavigationType(params.transition_type()), + + // Redirects might not be reflected in transition_type at this point (see also chrome/.../web_navigation_api_helpers.cc) + auto transition_type = params.transition_type(); + if (params.is_redirect()) + transition_type = ui::PageTransitionFromInt(transition_type | ui::PAGE_TRANSITION_SERVER_REDIRECT); + + client->navigationRequested(pageTransitionToNavigationType(transition_type), toQt(params.url()), navigationRequestAction, params.is_main_frame()); @@ -1012,6 +1021,11 @@ navigation_handle, base::BindRepeating(&navigationThrottleCallback), navigation_interception::SynchronyMode::kSync)); + +#if BUILDFLAG(ENABLE_EXTENSIONS) + MaybeAddThrottle(extensions::PDFIFrameNavigationThrottleQt::MaybeCreateThrottleFor(navigation_handle), &throttles); +#endif + return throttles; } diff -Naur a/src/core/content_browser_client_qt.h b/src/core/content_browser_client_qt.h --- a/src/core/content_browser_client_qt.h 2021-04-01 15:33:27.000000000 +0100 +++ b/src/core/content_browser_client_qt.h 2021-04-30 21:34:29.148412518 +0100 @@ -269,8 +269,6 @@ private: scoped_refptr m_shareGroupQtQuick; - std::string m_appLocale; - std::string m_cachedQtLocale; }; } // namespace QtWebEngineCore diff -Naur a/src/core/content_main_delegate_qt.cpp b/src/core/content_main_delegate_qt.cpp --- a/src/core/content_main_delegate_qt.cpp 2021-04-01 15:33:27.000000000 +0100 +++ b/src/core/content_main_delegate_qt.cpp 2021-04-30 21:34:29.148412518 +0100 @@ -179,7 +179,9 @@ #endif net::NetModule::SetResourceProvider(PlatformResourceProvider); - ui::ResourceBundle::InitSharedInstanceWithLocale(WebEngineLibraryInfo::getApplicationLocale(), nullptr, ui::ResourceBundle::LOAD_COMMON_RESOURCES); + + base::i18n::SetICUDefaultLocale(WebEngineLibraryInfo::getApplicationLocale()); + ui::ResourceBundle::InitSharedInstanceWithLocale(WebEngineLibraryInfo::getResolvedLocale(), nullptr, ui::ResourceBundle::LOAD_COMMON_RESOURCES); base::CommandLine* parsedCommandLine = base::CommandLine::ForCurrentProcess(); logging::LoggingSettings settings; diff -Naur a/src/core/core_chromium.pri b/src/core/core_chromium.pri --- a/src/core/core_chromium.pri 2021-04-01 15:33:27.000000000 +0100 +++ b/src/core/core_chromium.pri 2021-04-30 21:30:29.356908551 +0100 @@ -113,7 +113,6 @@ renderer/web_engine_page_render_frame.cpp \ renderer/render_configuration.cpp \ renderer/user_resource_controller.cpp \ - renderer/plugins/plugin_placeholder_qt.cpp \ renderer_host/web_engine_page_host.cpp \ renderer_host/user_resource_controller_host.cpp \ resource_bundle_qt.cpp \ @@ -218,7 +217,6 @@ renderer/web_engine_page_render_frame.h \ renderer/render_configuration.h \ renderer/user_resource_controller.h \ - renderer/plugins/plugin_placeholder_qt.h \ renderer_host/web_engine_page_host.h \ renderer_host/user_resource_controller_host.h \ request_controller.h \ @@ -326,6 +324,7 @@ extensions/extensions_browser_client_qt.cpp \ extensions/messaging_delegate_qt.cpp \ extensions/mime_handler_view_guest_delegate_qt.cpp \ + extensions/pdf_iframe_navigation_throttle_qt.cpp \ extensions/plugin_service_filter_qt.cpp \ net/plugin_response_interceptor_url_loader_throttle.cpp \ renderer/extensions/extensions_dispatcher_delegate_qt.cpp \ @@ -345,6 +344,7 @@ extensions/extensions_browser_client_qt.h \ extensions/messaging_delegate_qt.h \ extensions/mime_handler_view_guest_delegate_qt.h \ + extensions/pdf_iframe_navigation_throttle_qt.h \ extensions/plugin_service_filter_qt.h \ net/plugin_response_interceptor_url_loader_throttle.h \ renderer/extensions/extensions_dispatcher_delegate_qt.h \ diff -Naur a/src/core/extensions/pdf_iframe_navigation_throttle_qt.cpp b/src/core/extensions/pdf_iframe_navigation_throttle_qt.cpp --- a/src/core/extensions/pdf_iframe_navigation_throttle_qt.cpp 1970-01-01 01:00:00.000000000 +0100 +++ b/src/core/extensions/pdf_iframe_navigation_throttle_qt.cpp 2021-04-30 21:30:29.356908551 +0100 @@ -0,0 +1,219 @@ +/**************************************************************************** +** +** Copyright (C) 2021 The Qt Company Ltd. +** Contact: https://www.qt.io/licensing/ +** +** This file is part of the QtWebEngine module of the Qt Toolkit. +** +** $QT_BEGIN_LICENSE:LGPL$ +** Commercial License Usage +** Licensees holding valid commercial Qt licenses may use this file in +** accordance with the commercial license agreement provided with the +** Software or, alternatively, in accordance with the terms contained in +** a written agreement between you and The Qt Company. For licensing terms +** and conditions see https://www.qt.io/terms-conditions. For further +** information use the contact form at https://www.qt.io/contact-us. +** +** GNU Lesser General Public License Usage +** Alternatively, this file may be used under the terms of the GNU Lesser +** General Public License version 3 as published by the Free Software +** Foundation and appearing in the file LICENSE.LGPL3 included in the +** packaging of this file. Please review the following information to +** ensure the GNU Lesser General Public License version 3 requirements +** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. +** +** GNU General Public License Usage +** Alternatively, this file may be used under the terms of the GNU +** General Public License version 2.0 or (at your option) the GNU General +** Public license version 3 or any later version approved by the KDE Free +** Qt Foundation. The licenses are as published by the Free Software +** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 +** included in the packaging of this file. Please review the following +** information to ensure the GNU General Public License requirements will +** be met: https://www.gnu.org/licenses/gpl-2.0.html and +** https://www.gnu.org/licenses/gpl-3.0.html. +** +** $QT_END_LICENSE$ +** +****************************************************************************/ + +// based on //chrome/browser/plugins/pdf_iframe_navigation_throttle.cc +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + + +#include "extensions/pdf_iframe_navigation_throttle_qt.h" + +#include "chrome/grit/renderer_resources.h" +#include "components/strings/grit/components_strings.h" +#include "content/public/browser/download_utils.h" +#include "content/public/browser/navigation_handle.h" +#include "content/public/browser/plugin_service.h" +#include "content/public/browser/render_process_host.h" +#include "content/public/browser/web_contents.h" +#include "content/public/browser/web_contents_user_data.h" +#include "content/public/common/webplugininfo.h" +#include "net/base/escape.h" +#include "net/http/http_response_headers.h" +#include "ui/base/l10n/l10n_util.h" +#include "ui/base/resource/resource_bundle.h" +#include "ui/base/webui/jstemplate_builder.h" +#include "ui/base/webui/web_ui_util.h" + +namespace extensions { + +constexpr char kPDFMimeType[] = "application/pdf"; + +// Used to scope the posted navigation task to the lifetime of |web_contents|. +class PdfWebContentsLifetimeHelper : public content::WebContentsUserData +{ +public: + explicit PdfWebContentsLifetimeHelper(content::WebContents *web_contents) + : web_contents_(web_contents) + {} + + base::WeakPtr GetWeakPtr() + { + return weak_factory_.GetWeakPtr(); + } + + void NavigateIFrameToPlaceholder(const content::OpenURLParams &url_params) + { + web_contents_->OpenURL(url_params); + } + +private: + friend class content::WebContentsUserData; + + content::WebContents* const web_contents_; + base::WeakPtrFactory weak_factory_{this}; + + WEB_CONTENTS_USER_DATA_KEY_DECL(); +}; + +WEB_CONTENTS_USER_DATA_KEY_IMPL(PdfWebContentsLifetimeHelper) + +bool IsPDFPluginEnabled(content::NavigationHandle *navigation_handle, bool *is_stale) +{ + content::WebContents *web_contents = navigation_handle->GetWebContents(); + int process_id = web_contents->GetMainFrame()->GetProcess()->GetID(); + int routing_id = web_contents->GetMainFrame()->GetRoutingID(); + content::WebPluginInfo plugin_info; + // Will check WebEngineSettings by PluginServiceFilterQt + return content::PluginService::GetInstance()->GetPluginInfo( + process_id, routing_id, navigation_handle->GetURL(), + web_contents->GetMainFrame()->GetLastCommittedOrigin(), kPDFMimeType, + false /* allow_wildcard */, is_stale, &plugin_info, + nullptr /* actual_mime_type */); +} + +std::string GetPDFPlaceholderHTML(const GURL &pdf_url) +{ + std::string template_html = ui::ResourceBundle::GetSharedInstance().LoadDataResourceString(IDR_PDF_PLUGIN_HTML); + webui::AppendWebUiCssTextDefaults(&template_html); + + base::DictionaryValue values; + values.SetString("fileName", pdf_url.ExtractFileName()); + values.SetString("open", l10n_util::GetStringUTF8(IDS_ACCNAME_OPEN)); + values.SetString("pdfUrl", pdf_url.spec()); + + return webui::GetI18nTemplateHtml(template_html, &values); +} + +// static +std::unique_ptr +PDFIFrameNavigationThrottleQt::MaybeCreateThrottleFor(content::NavigationHandle *handle) +{ + if (handle->IsInMainFrame()) + return nullptr; + return std::make_unique(handle); +} + +PDFIFrameNavigationThrottleQt::PDFIFrameNavigationThrottleQt(content::NavigationHandle *handle) + : content::NavigationThrottle(handle) +{ +} + +PDFIFrameNavigationThrottleQt::~PDFIFrameNavigationThrottleQt() +{ +} + +content::NavigationThrottle::ThrottleCheckResult PDFIFrameNavigationThrottleQt::WillProcessResponse() +{ + const net::HttpResponseHeaders *response_headers = navigation_handle()->GetResponseHeaders(); + if (!response_headers) + return content::NavigationThrottle::PROCEED; + + std::string mime_type; + response_headers->GetMimeType(&mime_type); + if (mime_type != kPDFMimeType) + return content::NavigationThrottle::PROCEED; + + // We MUST download responses marked as attachments rather than showing + // a placeholder. + if (content::download_utils::MustDownload(navigation_handle()->GetURL(), response_headers, mime_type)) + return content::NavigationThrottle::PROCEED; + + bool is_stale = false; + bool pdf_plugin_enabled = IsPDFPluginEnabled(navigation_handle(), &is_stale); + + if (is_stale) { + // On browser start, the plugin list may not be ready yet. + content::PluginService::GetInstance()->GetPlugins( + base::BindOnce(&PDFIFrameNavigationThrottleQt::OnPluginsLoaded, + weak_factory_.GetWeakPtr())); + return content::NavigationThrottle::DEFER; + } + + // If the plugin was found, proceed on the navigation. Otherwise fall through + // to the placeholder case. + if (pdf_plugin_enabled) + return content::NavigationThrottle::PROCEED; + + LoadPlaceholderHTML(); + return content::NavigationThrottle::CANCEL_AND_IGNORE; +} + +const char *PDFIFrameNavigationThrottleQt::GetNameForLogging() +{ + return "PDFIFrameNavigationThrottleQt"; +} + +void PDFIFrameNavigationThrottleQt::OnPluginsLoaded( + const std::vector &plugins) +{ + if (IsPDFPluginEnabled(navigation_handle(), nullptr /* is_stale */)) { + Resume(); + } else { + LoadPlaceholderHTML(); + CancelDeferredNavigation(content::NavigationThrottle::CANCEL_AND_IGNORE); + } +} + +void PDFIFrameNavigationThrottleQt::LoadPlaceholderHTML() +{ + // Prepare the params to navigate to the placeholder. + std::string html = GetPDFPlaceholderHTML(navigation_handle()->GetURL()); + GURL data_url("data:text/html," + net::EscapePath(html)); + content::OpenURLParams params = content::OpenURLParams::FromNavigationHandle(navigation_handle()); + params.url = data_url; + params.transition = ui::PAGE_TRANSITION_AUTO_SUBFRAME; + + // Post a task to navigate to the placeholder HTML. We don't navigate + // synchronously here, as starting a navigation within a navigation is + // an antipattern. Use a helper object scoped to the WebContents lifetime to + // scope the navigation task to the WebContents lifetime. + content::WebContents *web_contents = navigation_handle()->GetWebContents(); + if (!web_contents) + return; + + PdfWebContentsLifetimeHelper::CreateForWebContents(web_contents); + PdfWebContentsLifetimeHelper *helper = PdfWebContentsLifetimeHelper::FromWebContents(web_contents); + base::SequencedTaskRunnerHandle::Get()->PostTask( + FROM_HERE, + base::BindOnce(&PdfWebContentsLifetimeHelper::NavigateIFrameToPlaceholder, + helper->GetWeakPtr(), std::move(params))); +} + +} // namespace extensions diff -Naur a/src/core/extensions/pdf_iframe_navigation_throttle_qt.h b/src/core/extensions/pdf_iframe_navigation_throttle_qt.h --- a/src/core/extensions/pdf_iframe_navigation_throttle_qt.h 1970-01-01 01:00:00.000000000 +0100 +++ b/src/core/extensions/pdf_iframe_navigation_throttle_qt.h 2021-04-30 21:30:29.356908551 +0100 @@ -0,0 +1,82 @@ +/**************************************************************************** +** +** Copyright (C) 2021 The Qt Company Ltd. +** Contact: https://www.qt.io/licensing/ +** +** This file is part of the QtWebEngine module of the Qt Toolkit. +** +** $QT_BEGIN_LICENSE:LGPL$ +** Commercial License Usage +** Licensees holding valid commercial Qt licenses may use this file in +** accordance with the commercial license agreement provided with the +** Software or, alternatively, in accordance with the terms contained in +** a written agreement between you and The Qt Company. For licensing terms +** and conditions see https://www.qt.io/terms-conditions. For further +** information use the contact form at https://www.qt.io/contact-us. +** +** GNU Lesser General Public License Usage +** Alternatively, this file may be used under the terms of the GNU Lesser +** General Public License version 3 as published by the Free Software +** Foundation and appearing in the file LICENSE.LGPL3 included in the +** packaging of this file. Please review the following information to +** ensure the GNU Lesser General Public License version 3 requirements +** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. +** +** GNU General Public License Usage +** Alternatively, this file may be used under the terms of the GNU +** General Public License version 2.0 or (at your option) the GNU General +** Public license version 3 or any later version approved by the KDE Free +** Qt Foundation. The licenses are as published by the Free Software +** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 +** included in the packaging of this file. Please review the following +** information to ensure the GNU General Public License requirements will +** be met: https://www.gnu.org/licenses/gpl-2.0.html and +** https://www.gnu.org/licenses/gpl-3.0.html. +** +** $QT_END_LICENSE$ +** +****************************************************************************/ + +// based on //chrome/browser/plugins/pdf_iframe_navigation_throttle.h +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef PDF_IFRAME_NAVIGATION_THROTTLE_QT +#define PDF_IFRAME_NAVIGATION_THROTTLE_QT + +#include "content/public/browser/navigation_throttle.h" + +#include "base/memory/weak_ptr.h" + +namespace content { +class NavigationHandle; +struct WebPluginInfo; +} + +namespace extensions { + +// This class prevents automatical download of PDFs when they are embedded +// in subframes and plugins are disabled in API. +class PDFIFrameNavigationThrottleQt : public content::NavigationThrottle +{ +public: + static std::unique_ptr MaybeCreateThrottleFor(content::NavigationHandle *handle); + + explicit PDFIFrameNavigationThrottleQt(content::NavigationHandle *handle); + ~PDFIFrameNavigationThrottleQt() override; + + // content::NavigationThrottle + content::NavigationThrottle::ThrottleCheckResult WillProcessResponse() override; + const char *GetNameForLogging() override; + +private: + void OnPluginsLoaded(const std::vector &plugins); + void LoadPlaceholderHTML(); + + base::WeakPtrFactory weak_factory_{this}; +}; + +} // namespace extensions + +#endif // PDF_IFRAME_NAVIGATION_THROTTLE_QT diff -Naur a/src/core/net/cookie_monster_delegate_qt.cpp b/src/core/net/cookie_monster_delegate_qt.cpp --- a/src/core/net/cookie_monster_delegate_qt.cpp 2021-04-01 15:33:27.000000000 +0100 +++ b/src/core/net/cookie_monster_delegate_qt.cpp 2021-04-30 21:32:42.355810662 +0100 @@ -80,7 +80,7 @@ void AllowedAccess(const GURL &url, const net::SiteForCookies &site_for_cookies, AllowedAccessCallback callback) override { - bool allow = m_delegate->canGetCookies(toQt(site_for_cookies.RepresentativeUrl()), toQt(url)); + bool allow = m_delegate->canGetCookies(toQt(site_for_cookies.first_party_url()), toQt(url)); std::move(callback).Run(allow); } diff -Naur a/src/core/net/proxying_restricted_cookie_manager_qt.cpp b/src/core/net/proxying_restricted_cookie_manager_qt.cpp --- a/src/core/net/proxying_restricted_cookie_manager_qt.cpp 2021-04-01 15:33:27.000000000 +0100 +++ b/src/core/net/proxying_restricted_cookie_manager_qt.cpp 2021-04-30 21:32:42.355810662 +0100 @@ -197,7 +197,7 @@ { if (!m_profileIoData) return false; - return m_profileIoData->canGetCookies(toQt(site_for_cookies.RepresentativeUrl()), toQt(url)); + return m_profileIoData->canGetCookies(toQt(site_for_cookies.first_party_url()), toQt(url)); } } // namespace QtWebEngineCore diff -Naur a/src/core/net/proxying_url_loader_factory_qt.cpp b/src/core/net/proxying_url_loader_factory_qt.cpp --- a/src/core/net/proxying_url_loader_factory_qt.cpp 2021-04-01 15:33:27.000000000 +0100 +++ b/src/core/net/proxying_url_loader_factory_qt.cpp 2021-04-30 21:32:42.355810662 +0100 @@ -266,7 +266,7 @@ if (!top_document_url.is_empty()) firstPartyUrl = toQt(top_document_url); else - firstPartyUrl = toQt(request_.site_for_cookies.RepresentativeUrl()); // m_topDocumentUrl can be empty for the main-frame. + firstPartyUrl = toQt(request_.site_for_cookies.first_party_url()); // m_topDocumentUrl can be empty for the main-frame. auto info = new QWebEngineUrlRequestInfoPrivate(resourceType, navigationType, originalUrl, firstPartyUrl, initiator, QByteArray::fromStdString(request_.method)); diff -Naur a/src/core/permission_manager_qt.cpp b/src/core/permission_manager_qt.cpp --- a/src/core/permission_manager_qt.cpp 2021-04-01 15:33:27.000000000 +0100 +++ b/src/core/permission_manager_qt.cpp 2021-04-30 21:34:06.444165922 +0100 @@ -122,7 +122,6 @@ PermissionManagerQt::PermissionManagerQt() : m_requestIdCount(0) - , m_subscriberIdCount(0) { } @@ -339,19 +338,19 @@ m_permissions.remove(key); } -int PermissionManagerQt::SubscribePermissionStatusChange( +content::PermissionControllerDelegate::SubscriptionId PermissionManagerQt::SubscribePermissionStatusChange( content::PermissionType permission, content::RenderFrameHost * /* render_frame_host */, const GURL& requesting_origin, base::RepeatingCallback callback) { - int subscriber_id = ++m_subscriberIdCount; + auto subscriber_id = subscription_id_generator_.GenerateNextId(); m_subscribers.insert( { subscriber_id, Subscription { toQt(permission), toQt(requesting_origin), std::move(callback) } }); return subscriber_id; } -void PermissionManagerQt::UnsubscribePermissionStatusChange(int subscription_id) +void PermissionManagerQt::UnsubscribePermissionStatusChange(content::PermissionControllerDelegate::SubscriptionId subscription_id) { if (!m_subscribers.erase(subscription_id)) LOG(WARNING) << "PermissionManagerQt::UnsubscribePermissionStatusChange called on unknown subscription id" << subscription_id; diff -Naur a/src/core/permission_manager_qt.h b/src/core/permission_manager_qt.h --- a/src/core/permission_manager_qt.h 2021-04-01 15:33:27.000000000 +0100 +++ b/src/core/permission_manager_qt.h 2021-04-30 21:34:06.444165922 +0100 @@ -89,13 +89,13 @@ base::OnceCallback&)> callback) override; - int SubscribePermissionStatusChange( + content::PermissionControllerDelegate::SubscriptionId SubscribePermissionStatusChange( content::PermissionType permission, content::RenderFrameHost* render_frame_host, const GURL& requesting_origin, const base::RepeatingCallback callback) override; - void UnsubscribePermissionStatusChange(int subscription_id) override; + void UnsubscribePermissionStatusChange(content::PermissionControllerDelegate::SubscriptionId subscription_id) override; private: QHash, bool> m_permissions; @@ -118,9 +118,9 @@ }; std::vector m_requests; std::vector m_multiRequests; - std::map m_subscribers; + std::map m_subscribers; + content::PermissionControllerDelegate::SubscriptionId::Generator subscription_id_generator_; int m_requestIdCount; - int m_subscriberIdCount; }; diff -Naur a/src/core/profile_adapter.cpp b/src/core/profile_adapter.cpp --- a/src/core/profile_adapter.cpp 2021-04-01 15:33:27.000000000 +0100 +++ b/src/core/profile_adapter.cpp 2021-05-04 21:36:53.503981934 +0100 @@ -87,6 +87,9 @@ namespace QtWebEngineCore { +// static +QPointer ProfileAdapter::s_profileForGlobalCertificateVerification; + ProfileAdapter::ProfileAdapter(const QString &storageName): m_name(storageName) , m_offTheRecord(storageName.isEmpty()) @@ -654,26 +657,26 @@ if (m_usedForGlobalCertificateVerification == enable) return; - static QPointer profileForglobalCertificateVerification; - m_usedForGlobalCertificateVerification = enable; if (enable) { - if (profileForglobalCertificateVerification) { - profileForglobalCertificateVerification->m_usedForGlobalCertificateVerification = false; - if (!m_profile->m_profileIOData->isClearHttpCacheInProgress()) - profileForglobalCertificateVerification->m_profile->m_profileIOData->resetNetworkContext(); - for (auto *client : qAsConst(profileForglobalCertificateVerification->m_clients)) + if (s_profileForGlobalCertificateVerification) { + s_profileForGlobalCertificateVerification->m_usedForGlobalCertificateVerification = false; + for (auto *client : qAsConst(s_profileForGlobalCertificateVerification->m_clients)) client->useForGlobalCertificateVerificationChanged(); + } else { + // OCSP enabled + for (auto adapter : qAsConst(WebEngineContext::current()->m_profileAdapters)) + adapter->m_profile->m_profileIOData->resetNetworkContext(); } - profileForglobalCertificateVerification = this; + s_profileForGlobalCertificateVerification = this; } else { - Q_ASSERT(profileForglobalCertificateVerification); - Q_ASSERT(profileForglobalCertificateVerification == this); - profileForglobalCertificateVerification = nullptr; + Q_ASSERT(s_profileForGlobalCertificateVerification); + Q_ASSERT(s_profileForGlobalCertificateVerification == this); + s_profileForGlobalCertificateVerification = nullptr; + // OCSP disabled + for (auto adapter : qAsConst(WebEngineContext::current()->m_profileAdapters)) + adapter->m_profile->m_profileIOData->resetNetworkContext(); } - - if (!m_profile->m_profileIOData->isClearHttpCacheInProgress()) - m_profile->m_profileIOData->resetNetworkContext(); } bool ProfileAdapter::isUsedForGlobalCertificateVerification() const diff -Naur a/src/core/profile_adapter.h b/src/core/profile_adapter.h --- a/src/core/profile_adapter.h 2021-04-01 15:33:27.000000000 +0100 +++ b/src/core/profile_adapter.h 2021-05-04 21:36:53.503981934 +0100 @@ -216,6 +216,7 @@ QString determineDownloadPath(const QString &downloadDirectory, const QString &suggestedFilename, const time_t &startTime); + static QPointer s_profileForGlobalCertificateVerification; private: void updateCustomUrlSchemeHandlers(); void resetVisitedLinksManager(); diff -Naur a/src/core/profile_io_data_qt.cpp b/src/core/profile_io_data_qt.cpp --- a/src/core/profile_io_data_qt.cpp 2021-04-01 15:33:27.000000000 +0100 +++ b/src/core/profile_io_data_qt.cpp 2021-05-04 21:36:53.503981934 +0100 @@ -224,6 +224,9 @@ SystemNetworkContextManager::GetInstance()->ConfigureDefaultNetworkContextParams(network_context_params); + // FIXME: Faking old behavior to allow not enabling OCSP + network_context_params->initial_ssl_config->rev_checking_enabled = !ProfileAdapter::s_profileForGlobalCertificateVerification.isNull(); + network_context_params->context_name = m_storageName.toStdString(); network_context_params->user_agent = m_httpUserAgent.toStdString(); network_context_params->accept_language = m_httpAcceptLanguage.toStdString(); diff -Naur a/src/core/renderer/content_renderer_client_qt.cpp b/src/core/renderer/content_renderer_client_qt.cpp --- a/src/core/renderer/content_renderer_client_qt.cpp 2021-04-01 15:33:27.000000000 +0100 +++ b/src/core/renderer/content_renderer_client_qt.cpp 2021-04-30 21:34:29.148412518 +0100 @@ -97,7 +97,6 @@ #if BUILDFLAG(ENABLE_PLUGINS) #include "plugins/loadable_plugin_placeholder_qt.h" -#include "plugins/plugin_placeholder_qt.h" #include "content/common/frame_messages.h" #endif // ENABLE_PLUGINS @@ -119,6 +118,8 @@ #include "chrome/renderer/media/webrtc_logging_agent_impl.h" #endif +#include "web_engine_library_info.h" + namespace QtWebEngineCore { static const char kHttpErrorDomain[] = "http"; @@ -135,6 +136,7 @@ void ContentRendererClientQt::RenderThreadStarted() { + base::i18n::SetICUDefaultLocale(WebEngineLibraryInfo::getApplicationLocale()); content::RenderThread *renderThread = content::RenderThread::Get(); m_renderConfiguration.reset(new RenderConfiguration()); m_userResourceController.reset(new UserResourceController()); diff -Naur a/src/core/renderer/plugins/loadable_plugin_placeholder_qt.cpp b/src/core/renderer/plugins/loadable_plugin_placeholder_qt.cpp --- a/src/core/renderer/plugins/loadable_plugin_placeholder_qt.cpp 2021-04-01 15:33:27.000000000 +0100 +++ b/src/core/renderer/plugins/loadable_plugin_placeholder_qt.cpp 2021-04-30 21:30:29.356908551 +0100 @@ -77,7 +77,7 @@ LoadablePluginPlaceholderQt* LoadablePluginPlaceholderQt::CreateLoadableMissingPlugin(content::RenderFrame* render_frame, const blink::WebPluginParams& params) { - const base::StringPiece template_html(ui::ResourceBundle::GetSharedInstance().GetRawDataResource(IDR_BLOCKED_PLUGIN_HTML)); + std::string template_html(ui::ResourceBundle::GetSharedInstance().LoadDataResourceString(IDR_BLOCKED_PLUGIN_HTML)); base::DictionaryValue values; values.SetString("name", ""); diff -Naur a/src/core/renderer/plugins/plugin_placeholder_qt.cpp b/src/core/renderer/plugins/plugin_placeholder_qt.cpp --- a/src/core/renderer/plugins/plugin_placeholder_qt.cpp 2021-04-01 15:33:27.000000000 +0100 +++ b/src/core/renderer/plugins/plugin_placeholder_qt.cpp 1970-01-01 01:00:00.000000000 +0100 @@ -1,75 +0,0 @@ -/**************************************************************************** -** -** Copyright (C) 2020 The Qt Company Ltd. -** Contact: https://www.qt.io/licensing/ -** -** This file is part of the QtWebEngine module of the Qt Toolkit. -** -** $QT_BEGIN_LICENSE:LGPL$ -** Commercial License Usage -** Licensees holding valid commercial Qt licenses may use this file in -** accordance with the commercial license agreement provided with the -** Software or, alternatively, in accordance with the terms contained in -** a written agreement between you and The Qt Company. For licensing terms -** and conditions see https://www.qt.io/terms-conditions. For further -** information use the contact form at https://www.qt.io/contact-us. -** -** GNU Lesser General Public License Usage -** Alternatively, this file may be used under the terms of the GNU Lesser -** General Public License version 3 as published by the Free Software -** Foundation and appearing in the file LICENSE.LGPL3 included in the -** packaging of this file. Please review the following information to -** ensure the GNU Lesser General Public License version 3 requirements -** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. -** -** GNU General Public License Usage -** Alternatively, this file may be used under the terms of the GNU -** General Public License version 2.0 or (at your option) the GNU General -** Public license version 3 or any later version approved by the KDE Free -** Qt Foundation. The licenses are as published by the Free Software -** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 -** included in the packaging of this file. Please review the following -** information to ensure the GNU General Public License requirements will -** be met: https://www.gnu.org/licenses/gpl-2.0.html and -** https://www.gnu.org/licenses/gpl-3.0.html. -** -** $QT_END_LICENSE$ -** -****************************************************************************/ - -// Copyright 2013 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "plugin_placeholder_qt.h" - -#include "content/public/renderer/render_frame.h" -#include "content/public/renderer/v8_value_converter.h" -#include "gin/object_template_builder.h" - -namespace QtWebEngineCore { - -// static -gin::WrapperInfo PluginPlaceholderQt::kWrapperInfo = {gin::kEmbedderNativeGin}; - -PluginPlaceholderQt::PluginPlaceholderQt(content::RenderFrame* render_frame, - const blink::WebPluginParams& params, - const std::string& html_data) - : PluginPlaceholderBase(render_frame, params, html_data) -{} - -PluginPlaceholderQt::~PluginPlaceholderQt() {} - -v8::Local PluginPlaceholderQt::GetV8Handle(v8::Isolate* isolate) -{ - return gin::CreateHandle(isolate, this).ToV8(); -} - -gin::ObjectTemplateBuilder PluginPlaceholderQt::GetObjectTemplateBuilder(v8::Isolate* isolate) -{ - return gin::Wrappable::GetObjectTemplateBuilder(isolate) - .SetMethod( - "hide", &PluginPlaceholderQt::HideCallback); -} - -} // namespace QtWebEngineCore diff -Naur a/src/core/renderer/plugins/plugin_placeholder_qt.h b/src/core/renderer/plugins/plugin_placeholder_qt.h --- a/src/core/renderer/plugins/plugin_placeholder_qt.h 2021-04-01 15:33:27.000000000 +0100 +++ b/src/core/renderer/plugins/plugin_placeholder_qt.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,78 +0,0 @@ -/**************************************************************************** -** -** Copyright (C) 2020 The Qt Company Ltd. -** Contact: https://www.qt.io/licensing/ -** -** This file is part of the QtWebEngine module of the Qt Toolkit. -** -** $QT_BEGIN_LICENSE:LGPL$ -** Commercial License Usage -** Licensees holding valid commercial Qt licenses may use this file in -** accordance with the commercial license agreement provided with the -** Software or, alternatively, in accordance with the terms contained in -** a written agreement between you and The Qt Company. For licensing terms -** and conditions see https://www.qt.io/terms-conditions. For further -** information use the contact form at https://www.qt.io/contact-us. -** -** GNU Lesser General Public License Usage -** Alternatively, this file may be used under the terms of the GNU Lesser -** General Public License version 3 as published by the Free Software -** Foundation and appearing in the file LICENSE.LGPL3 included in the -** packaging of this file. Please review the following information to -** ensure the GNU Lesser General Public License version 3 requirements -** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. -** -** GNU General Public License Usage -** Alternatively, this file may be used under the terms of the GNU -** General Public License version 2.0 or (at your option) the GNU General -** Public license version 3 or any later version approved by the KDE Free -** Qt Foundation. The licenses are as published by the Free Software -** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 -** included in the packaging of this file. Please review the following -** information to ensure the GNU General Public License requirements will -** be met: https://www.gnu.org/licenses/gpl-2.0.html and -** https://www.gnu.org/licenses/gpl-3.0.html. -** -** $QT_END_LICENSE$ -** -****************************************************************************/ - -// Copyright 2013 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef PLUGIN_PLACEHOLDER_QT_H -#define PLUGIN_PLACEHOLDER_QT_H - -#include "base/macros.h" -#include "components/plugins/renderer/plugin_placeholder.h" -#include "gin/handle.h" -#include "gin/wrappable.h" -#include "third_party/blink/public/web/web_plugin_params.h" - -namespace QtWebEngineCore { - -// A basic placeholder that supports only hiding. -class PluginPlaceholderQt final : public plugins::PluginPlaceholderBase - , public gin::Wrappable -{ -public: - static gin::WrapperInfo kWrapperInfo; - - PluginPlaceholderQt(content::RenderFrame* render_frame, - const blink::WebPluginParams& params, - const std::string& html_data); - ~PluginPlaceholderQt() override; - -private: - // WebViewPlugin::Delegate methods: - v8::Local GetV8Handle(v8::Isolate* isolate) final; - - // gin::Wrappable method: - gin::ObjectTemplateBuilder GetObjectTemplateBuilder( - v8::Isolate* isolate) override; -}; - -} // namespace QtWebEngineCore - -#endif // PLUGIN_PLACEHOLDER_QT_H diff -Naur a/src/core/resource_bundle_qt.cpp b/src/core/resource_bundle_qt.cpp --- a/src/core/resource_bundle_qt.cpp 2021-04-01 15:33:27.000000000 +0100 +++ b/src/core/resource_bundle_qt.cpp 2021-04-30 21:34:29.148412518 +0100 @@ -98,7 +98,7 @@ { DCHECK(!locale_resources_data_.get()) << "locale.pak already loaded"; - std::string app_locale = l10n_util::GetApplicationLocale(pref_locale); + std::string app_locale = l10n_util::GetApplicationLocale(pref_locale, false /* set_icu_locale */); #if defined(OS_LINUX) int locale_fd = base::GlobalDescriptors::GetInstance()->MaybeGet(kWebEngineLocale); diff -Naur a/src/core/web_engine_library_info.cpp b/src/core/web_engine_library_info.cpp --- a/src/core/web_engine_library_info.cpp 2021-04-01 15:33:27.000000000 +0100 +++ b/src/core/web_engine_library_info.cpp 2021-04-30 21:34:29.148412518 +0100 @@ -351,7 +351,7 @@ return toString16(qApp->applicationName()); } -std::string WebEngineLibraryInfo::getApplicationLocale() +std::string WebEngineLibraryInfo::getResolvedLocale() { base::CommandLine *parsedCommandLine = base::CommandLine::ForCurrentProcess(); if (parsedCommandLine->HasSwitch(switches::kLang)) { @@ -365,6 +365,14 @@ return "en-US"; } +std::string WebEngineLibraryInfo::getApplicationLocale() +{ + base::CommandLine *parsedCommandLine = base::CommandLine::ForCurrentProcess(); + return parsedCommandLine->HasSwitch(switches::kLang) + ? parsedCommandLine->GetSwitchValueASCII(switches::kLang) + : QLocale().bcp47Name().toStdString(); +} + #if defined(OS_WIN) bool WebEngineLibraryInfo::isRemoteDrivePath(const QString &path) { diff -Naur a/src/core/web_engine_library_info.h b/src/core/web_engine_library_info.h --- a/src/core/web_engine_library_info.h 2021-04-01 15:33:27.000000000 +0100 +++ b/src/core/web_engine_library_info.h 2021-04-30 21:34:29.148412518 +0100 @@ -57,6 +57,7 @@ static base::FilePath getPath(int key); // Called by localized_error in our custom chrome layer static base::string16 getApplicationName(); + static std::string getResolvedLocale(); static std::string getApplicationLocale(); #if defined(OS_WIN) static bool isRemoteDrivePath(const QString &path); diff -Naur a/src/pdf/config/common.pri b/src/pdf/config/common.pri --- a/src/pdf/config/common.pri 2021-04-01 15:33:27.000000000 +0100 +++ b/src/pdf/config/common.pri 2021-04-30 21:29:36.461473421 +0100 @@ -24,12 +24,21 @@ } qtConfig(webengine-qt-zlib) { + win32 { + CONFIG(debug, debug|release) { + qtzlib = Qt5Cored.lib + } else { + qtzlib = Qt5Core.lib + } + + } else { qtzlib = libQt5Core.a + } gn_args += use_qt_zlib = true gn_args += "qt_zlib_includes=\["\ "\"$$system_path($$[QT_INSTALL_HEADERS])\"," \ "\"$$system_path($$[QT_INSTALL_HEADERS]/QtCore)\"," \ "\"$$system_path($$[QT_INSTALL_HEADERS]/QtZlib)\"\]" - gn_args += "qt_zlib=\"$$system_path($$[QT_INSTALL_LIBS]/libQt5Core.a)\"" + gn_args += "qt_zlib=\"$$system_path($$[QT_INSTALL_LIBS]/$$qtzlib)\"" } qtConfig(pdf-v8) { diff -Naur a/src/pdf/pdfcore.pro b/src/pdf/pdfcore.pro --- a/src/pdf/pdfcore.pro 2021-04-01 15:33:27.000000000 +0100 +++ b/src/pdf/pdfcore.pro 2021-04-30 21:29:55.852993637 +0100 @@ -78,10 +78,10 @@ api/qpdfselection_p.h \ -qtConfig(webengine-qt-freetype): QMAKE_USE_PRIVATE+= freetype -qtConfig(webengine-qt-png): QMAKE_USE_PRIVATE+= libpng -qtConfig(webengine-qt-harfbuzz): QMAKE_USE_PRIVATE+= harfbuzz -qtConfig(webengine-qt-jpeg): QMAKE_USE_PRIVATE+= libjpeg +qtConfig(webengine-qt-freetype): QMAKE_USE += freetype +qtConfig(webengine-qt-png): QMAKE_USE += libpng +qtConfig(webengine-qt-harfbuzz): QMAKE_USE += harfbuzz +qtConfig(webengine-qt-jpeg): QMAKE_USE += libjpeg qtConfig(webengine-qt-zlib){} #qtzlib is a part of QtCore load(qt_module) diff -Naur a/src/pdf/quick/qquickpdfsearchmodel.cpp b/src/pdf/quick/qquickpdfsearchmodel.cpp --- a/src/pdf/quick/qquickpdfsearchmodel.cpp 2021-04-01 15:33:27.000000000 +0100 +++ b/src/pdf/quick/qquickpdfsearchmodel.cpp 2021-04-30 21:29:11.852935068 +0100 @@ -39,7 +39,7 @@ QT_BEGIN_NAMESPACE -Q_LOGGING_CATEGORY(qLcS, "qt.pdf.search") +Q_LOGGING_CATEGORY(qLcSearch, "qt.pdf.search") /*! \qmltype PdfSearchModel @@ -282,7 +282,7 @@ currentResult = 0; } } - qCDebug(qLcS) << "currentResult was" << m_currentResult + qCDebug(qLcSearch) << "currentResult was" << m_currentResult << "requested" << currentResultWas << "on page" << currentPageWas << "->" << currentResult << "on page" << m_currentPage; diff -Naur a/src/webengine/api/qtwebengineglobal.cpp b/src/webengine/api/qtwebengineglobal.cpp --- a/src/webengine/api/qtwebengineglobal.cpp 2021-04-01 15:33:27.000000000 +0100 +++ b/src/webengine/api/qtwebengineglobal.cpp 2021-04-30 21:31:15.772141998 +0100 @@ -72,8 +72,7 @@ */ void initialize() { - QCoreApplication *app = QCoreApplication::instance(); - if (app) { + if (!QCoreApplication::startingUp()) { qWarning("QtWebEngine::initialize() called with QCoreApplication object already created and should be call before. "\ "This is depreciated and may fail in the future."); QtWebEngineCore::initialize(); diff -Naur a/src/webengine/doc/src/qtwebengine-platform-notes.qdoc b/src/webengine/doc/src/qtwebengine-platform-notes.qdoc --- a/src/webengine/doc/src/qtwebengine-platform-notes.qdoc 2021-04-01 15:33:27.000000000 +0100 +++ b/src/webengine/doc/src/qtwebengine-platform-notes.qdoc 2021-04-30 21:31:52.563740010 +0100 @@ -65,7 +65,7 @@ \li \l Python 2.7.5 or later. Python 3 is not supported. \li Bison, Flex \li GPerf - \li Node.js for a full featured Dev Tools. + \li Node.js version 8 or later (version 12 or later is recommended) \endlist \section2 Windows @@ -73,7 +73,7 @@ On Windows, the following additional tools are required: \list - \li Visual Studio 2017 version 15.8 or later + \li Visual Studio 2017 version 15.8 or later, or clang-cl version 8 or later \li Active Template Library (ATL), usually included in the Visual Studio installation \li Windows 10 SDK version 10.0.19041 or later diff -Naur a/src/webenginewidgets/api/qwebenginepage.cpp b/src/webenginewidgets/api/qwebenginepage.cpp --- a/src/webenginewidgets/api/qwebenginepage.cpp 2021-04-01 15:33:27.000000000 +0100 +++ b/src/webenginewidgets/api/qwebenginepage.cpp 2021-04-30 21:34:49.539660859 +0100 @@ -2526,6 +2526,10 @@ during page destruction. When QWebEnginePage is deleted, the callback is triggered with an invalid value and it is not safe to use the corresponding QWebEnginePage or QWebEngineView instance inside it. + \note This function rasterizes the result when rendering onto \a printer. Please consider raising + the default resolution of \a printer to at least 300 DPI or using printToPdf() to produce + PDF file output more effectively. + \since 5.8 */ void QWebEnginePage::print(QPrinter *printer, const QWebEngineCallback &resultCallback) diff -Naur a/tests/auto/core/qwebenginecookiestore/tst_qwebenginecookiestore.cpp b/tests/auto/core/qwebenginecookiestore/tst_qwebenginecookiestore.cpp --- a/tests/auto/core/qwebenginecookiestore/tst_qwebenginecookiestore.cpp 2021-04-01 15:33:27.000000000 +0100 +++ b/tests/auto/core/qwebenginecookiestore/tst_qwebenginecookiestore.cpp 2021-04-30 21:32:42.356812394 +0100 @@ -249,22 +249,27 @@ QWebEngineCookieStore *client = m_profile->cookieStore(); QAtomicInt accessTested = 0; - client->setCookieFilter([&](const QWebEngineCookieStore::FilterRequest &) { ++accessTested; return true; }); + QList> resourceFirstParty; + client->setCookieFilter([&](const QWebEngineCookieStore::FilterRequest &request) { + resourceFirstParty.append(qMakePair(request.origin, request.firstPartyUrl)); + ++accessTested; + return true; + }); HttpServer httpServer; - - if (!httpServer.start()) - QSKIP("Failed to start http server"); + httpServer.setHostDomain(QString("sub.test.localhost")); + QVERIFY(httpServer.start()); QByteArray cookieRequestHeader; connect(&httpServer, &HttpServer::newRequest, [&cookieRequestHeader](HttpReqRep *rr) { - if (rr->requestPath().size() <= 1) { + if (rr->requestMethod() == "GET" && rr->requestPath() == "/test.html") { cookieRequestHeader = rr->requestHeader(QByteArrayLiteral("Cookie")); if (cookieRequestHeader.isEmpty()) rr->setResponseHeader(QByteArrayLiteral("Set-Cookie"), QByteArrayLiteral("Test=test")); + rr->setResponseBody("" + "Page with a favicon and an icon" + ""); rr->sendResponse(); - } else { - rr->sendResponse(404); } }); @@ -273,12 +278,13 @@ QSignalSpy cookieRemovedSpy(client, SIGNAL(cookieRemoved(const QNetworkCookie &))); QSignalSpy serverSpy(&httpServer, SIGNAL(newRequest(HttpReqRep *))); - page.load(httpServer.url()); + QUrl firstPartyUrl = httpServer.url("/test.html"); + page.load(firstPartyUrl); QTRY_COMPARE_WITH_TIMEOUT(loadSpy.count(), 1, 30000); QVERIFY(loadSpy.takeFirst().takeFirst().toBool()); QTRY_COMPARE(cookieAddedSpy.count(), 1); - QTRY_COMPARE(accessTested.loadAcquire(), 3); + QTRY_COMPARE(accessTested.loadAcquire(), 4); QVERIFY(cookieRequestHeader.isEmpty()); page.triggerAction(QWebEnginePage::Reload); @@ -286,12 +292,16 @@ QVERIFY(loadSpy.takeFirst().takeFirst().toBool()); QVERIFY(!cookieRequestHeader.isEmpty()); QTRY_COMPARE(cookieAddedSpy.count(), 1); - QTRY_COMPARE(accessTested.loadAcquire(), 5); + QTRY_COMPARE(accessTested.loadAcquire(), 7); client->deleteAllCookies(); QTRY_COMPARE(cookieRemovedSpy.count(), 1); - client->setCookieFilter([&](const QWebEngineCookieStore::FilterRequest &) { ++accessTested; return false; }); + client->setCookieFilter([&](const QWebEngineCookieStore::FilterRequest &request) { + resourceFirstParty.append(qMakePair(request.origin, request.firstPartyUrl)); + ++accessTested; + return false; + }); page.triggerAction(QWebEnginePage::ReloadAndBypassCache); QTRY_COMPARE(loadSpy.count(), 1); QVERIFY(loadSpy.takeFirst().takeFirst().toBool()); @@ -299,8 +309,7 @@ // Test cookies are NOT added: QTest::qWait(100); QCOMPARE(cookieAddedSpy.count(), 1); - QTRY_COMPARE(accessTested.loadAcquire(), 8); - + QTRY_COMPARE(accessTested.loadAcquire(), 11); page.triggerAction(QWebEnginePage::Reload); QTRY_COMPARE(loadSpy.count(), 1); QVERIFY(loadSpy.takeFirst().takeFirst().toBool()); @@ -308,8 +317,13 @@ QCOMPARE(cookieAddedSpy.count(), 1); // Wait for last GET /favicon.ico - QTRY_COMPARE(serverSpy.count(), 8); + QTRY_COMPARE(serverSpy.count(), 12); (void) httpServer.stop(); + + QCOMPARE(resourceFirstParty.size(), accessTested.loadAcquire()); + for (auto &&p : qAsConst(resourceFirstParty)) + QVERIFY2(p.second == firstPartyUrl, + qPrintable(QString("Resource [%1] has wrong firstPartyUrl: %2").arg(p.first.toString(), p.second.toString()))); } void tst_QWebEngineCookieStore::html5featureFilter() diff -Naur a/tests/auto/core/qwebengineurlrequestinterceptor/tst_qwebengineurlrequestinterceptor.cpp b/tests/auto/core/qwebengineurlrequestinterceptor/tst_qwebengineurlrequestinterceptor.cpp --- a/tests/auto/core/qwebengineurlrequestinterceptor/tst_qwebengineurlrequestinterceptor.cpp 2021-04-01 15:33:27.000000000 +0100 +++ b/tests/auto/core/qwebengineurlrequestinterceptor/tst_qwebengineurlrequestinterceptor.cpp 2021-04-30 21:32:42.356812394 +0100 @@ -796,7 +796,7 @@ QTRY_COMPARE(page->messages.count(), 1); QCOMPARE(page->levels.at(0), QWebEnginePage::InfoMessageLevel); - QUrl firstPartyUrl = QUrl(server.url().toString(QUrl::RemovePort)); + QUrl firstPartyUrl = QUrl(server.url().toString() + "sw.js"); QList infos; // Service Worker QTRY_VERIFY(interceptor.hasUrlRequestForType(QWebEngineUrlRequestInfo::ResourceTypeServiceWorker)); diff -Naur a/tests/auto/quick/qmltests/BLACKLIST b/tests/auto/quick/qmltests/BLACKLIST --- a/tests/auto/quick/qmltests/BLACKLIST 1970-01-01 01:00:00.000000000 +0100 +++ b/tests/auto/quick/qmltests/BLACKLIST 2021-04-30 21:35:17.828561095 +0100 @@ -0,0 +1,2 @@ +[NewViewRequest::test_loadNewViewRequest] +macos diff -Naur a/tests/auto/quick/qmltests/data/tst_navigationHistory.qml b/tests/auto/quick/qmltests/data/tst_navigationHistory.qml --- a/tests/auto/quick/qmltests/data/tst_navigationHistory.qml 2021-04-01 15:33:27.000000000 +0100 +++ b/tests/auto/quick/qmltests/data/tst_navigationHistory.qml 2021-04-30 21:30:52.324610558 +0100 @@ -78,7 +78,7 @@ name: "WebEngineViewNavigationHistory" function test_navigationHistory() { - compare(webEngineView.loadProgress, 0) + webEngineView.navigationHistory.clear() webEngineView.url = Qt.resolvedUrl("test1.html") verify(webEngineView.waitForLoadSucceeded()) @@ -159,7 +159,7 @@ } function test_navigationButtons() { - compare(webEngineView.loadProgress, 0) + webEngineView.navigationHistory.clear() webEngineView.url = Qt.resolvedUrl("test1.html") verify(webEngineView.waitForLoadSucceeded()) diff -Naur a/tests/auto/quick/qmltests/data/tst_newViewRequest.qml b/tests/auto/quick/qmltests/data/tst_newViewRequest.qml --- a/tests/auto/quick/qmltests/data/tst_newViewRequest.qml 2021-04-01 15:33:27.000000000 +0100 +++ b/tests/auto/quick/qmltests/data/tst_newViewRequest.qml 2021-04-30 21:35:17.828561095 +0100 @@ -77,7 +77,6 @@ } TestCase { - id: test name: "NewViewRequest" when: windowShown diff -Naur a/tests/auto/quick/qmltests_ssl/data/tst_certificateError.qml b/tests/auto/quick/qmltests_ssl/data/tst_certificateError.qml --- a/tests/auto/quick/qmltests_ssl/data/tst_certificateError.qml 2021-04-01 15:33:27.000000000 +0100 +++ b/tests/auto/quick/qmltests_ssl/data/tst_certificateError.qml 2021-05-04 21:36:53.503981934 +0100 @@ -55,6 +55,7 @@ request.sendResponse() }) view.settings.errorPageEnabled = false + view.profile.useForGlobalCertificateVerification = true } function init() { diff -Naur a/tests/auto/quick/qquickwebengineprofile/qquickwebengineprofile.pro b/tests/auto/quick/qquickwebengineprofile/qquickwebengineprofile.pro --- a/tests/auto/quick/qquickwebengineprofile/qquickwebengineprofile.pro 2021-04-01 15:33:27.000000000 +0100 +++ b/tests/auto/quick/qquickwebengineprofile/qquickwebengineprofile.pro 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -include(../tests.pri) diff -Naur a/tests/auto/quick/qquickwebengineprofile/tst_qquickwebengineprofile.cpp b/tests/auto/quick/qquickwebengineprofile/tst_qquickwebengineprofile.cpp --- a/tests/auto/quick/qquickwebengineprofile/tst_qquickwebengineprofile.cpp 2021-04-01 15:33:27.000000000 +0100 +++ b/tests/auto/quick/qquickwebengineprofile/tst_qquickwebengineprofile.cpp 1970-01-01 01:00:00.000000000 +0100 @@ -1,73 +0,0 @@ -/**************************************************************************** -** -** Copyright (C) 2018 The Qt Company Ltd. -** Contact: https://www.qt.io/licensing/ -** -** This file is part of the QtWebEngine module of the Qt Toolkit. -** -** $QT_BEGIN_LICENSE:GPL-EXCEPT$ -** Commercial License Usage -** Licensees holding valid commercial Qt licenses may use this file in -** accordance with the commercial license agreement provided with the -** Software or, alternatively, in accordance with the terms contained in -** a written agreement between you and The Qt Company. For licensing terms -** and conditions see https://www.qt.io/terms-conditions. For further -** information use the contact form at https://www.qt.io/contact-us. -** -** GNU General Public License Usage -** Alternatively, this file may be used under the terms of the GNU -** General Public License version 3 as published by the Free Software -** Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT -** included in the packaging of this file. Please review the following -** information to ensure the GNU General Public License requirements will -** be met: https://www.gnu.org/licenses/gpl-3.0.html. -** -** $QT_END_LICENSE$ -** -****************************************************************************/ - -#include -#include -#include - -class tst_QQuickWebEngineProfile : public QObject { - Q_OBJECT -public: - tst_QQuickWebEngineProfile(); - - // TODO: Many tests missings - void usedForGlobalCertificateVerification(); - -private Q_SLOTS: - void init(); - void cleanup(); -}; - -tst_QQuickWebEngineProfile::tst_QQuickWebEngineProfile() -{ - QtWebEngine::initialize(); - QQuickWebEngineProfile::defaultProfile()->setOffTheRecord(true); -} - - -void tst_QQuickWebEngineProfile::init() -{ -} - -void tst_QQuickWebEngineProfile::cleanup() -{ -} - -void tst_QQuickWebEngineProfile::usedForGlobalCertificateVerification() -{ - QQuickWebEngineProfile *profile1 = new QQuickWebEngineProfile(); - QQuickWebEngineProfile *profile2 = new QQuickWebEngineProfile(); - QVERIFY(!profile1->isUsedForGlobalVerification()); - QVERIFY(!profile2->isUsedForGlobalVerification()); - - -} - - -QTEST_MAIN(tst_QQuickWebEngineProfile) -#include "tst_qquickwebengineprofile.moc" diff -Naur a/tests/auto/shared/httpserver.h b/tests/auto/shared/httpserver.h --- a/tests/auto/shared/httpserver.h 2021-04-01 15:33:27.000000000 +0100 +++ b/tests/auto/shared/httpserver.h 2021-04-30 21:32:42.356812394 +0100 @@ -78,6 +78,8 @@ Q_INVOKABLE void setResourceDirs(const QStringList &dirs) { m_dirs = dirs; } + Q_INVOKABLE void setHostDomain(const QString &host) { m_url.setHost(host); } + Q_SIGNALS: // Emitted after a HTTP request has been successfully parsed. void newRequest(HttpReqRep *reqRep); diff -Naur a/tests/auto/widgets/certificateerror/tst_certificateerror.cpp b/tests/auto/widgets/certificateerror/tst_certificateerror.cpp --- a/tests/auto/widgets/certificateerror/tst_certificateerror.cpp 2021-04-01 15:33:27.000000000 +0100 +++ b/tests/auto/widgets/certificateerror/tst_certificateerror.cpp 2021-05-04 21:36:53.503981934 +0100 @@ -30,6 +30,7 @@ #include #include +#include #include #include @@ -124,6 +125,7 @@ void tst_CertificateError::fatalError() { PageWithCertificateErrorHandler page(false, false); + page.profile()->setUseForGlobalCertificateVerification(); page.settings()->setAttribute(QWebEngineSettings::ErrorPageEnabled, false); QSignalSpy loadFinishedSpy(&page, &QWebEnginePage::loadFinished); diff -Naur a/tests/auto/widgets/qwebenginepage/resources/redirect.html b/tests/auto/widgets/qwebenginepage/resources/redirect.html --- a/tests/auto/widgets/qwebenginepage/resources/redirect.html 1970-01-01 01:00:00.000000000 +0100 +++ b/tests/auto/widgets/qwebenginepage/resources/redirect.html 2021-04-30 21:33:02.380425244 +0100 @@ -0,0 +1,8 @@ + + + + + diff -Naur a/tests/auto/widgets/qwebenginepage/tst_qwebenginepage.cpp b/tests/auto/widgets/qwebenginepage/tst_qwebenginepage.cpp --- a/tests/auto/widgets/qwebenginepage/tst_qwebenginepage.cpp 2021-04-01 15:33:27.000000000 +0100 +++ b/tests/auto/widgets/qwebenginepage/tst_qwebenginepage.cpp 2021-04-30 21:33:02.381426975 +0100 @@ -596,6 +596,39 @@ << QWebEnginePage::NavigationTypeReload << QWebEnginePage::NavigationTypeTyped << QWebEnginePage::NavigationTypeRedirect; + + // client side redirect + page.load(QUrl("qrc:///resources/redirect.html")); + QTRY_COMPARE_WITH_TIMEOUT(loadSpy.count(), 8, 20000); + QTRY_COMPARE(page.navigations.count(), 8); + expectedList += { QWebEnginePage::NavigationTypeTyped, QWebEnginePage::NavigationTypeRedirect }; + + // server side redirect + HttpServer server; + server.setResourceDirs({ ":/resources" }); + connect(&server, &HttpServer::newRequest, &server, [&] (HttpReqRep *r) { + if (r->requestMethod() == "GET") { + if (r->requestPath() == "/redirect1.html") { + r->setResponseHeader("Location", server.url("/redirect2.html").toEncoded()); + r->setResponseBody("Redirect1"); + r->sendResponse(307); // Internal server redirect + } else if (r->requestPath() == "/redirect2.html") { + r->setResponseHeader("Location", server.url("/content.html").toEncoded()); + r->setResponseBody("Redirect2"); + r->sendResponse(301); // Moved permanently + } + } + }); + QVERIFY(server.start()); + page.load(QUrl(server.url("/redirect1.html"))); + QTRY_COMPARE_WITH_TIMEOUT(loadSpy.count(), 9, 20000); + QTRY_COMPARE(page.navigations.count(), 11); + expectedList += { + QWebEnginePage::NavigationTypeTyped, + QWebEnginePage::NavigationTypeRedirect, + QWebEnginePage::NavigationTypeRedirect + }; + QVERIFY(expectedList.count() == page.navigations.count()); for (int i = 0; i < expectedList.count(); ++i) { QCOMPARE(page.navigations[i].type, expectedList[i]); diff -Naur a/tests/auto/widgets/qwebenginepage/tst_qwebenginepage.qrc b/tests/auto/widgets/qwebenginepage/tst_qwebenginepage.qrc --- a/tests/auto/widgets/qwebenginepage/tst_qwebenginepage.qrc 2021-04-01 15:33:27.000000000 +0100 +++ b/tests/auto/widgets/qwebenginepage/tst_qwebenginepage.qrc 2021-04-30 21:33:02.381426975 +0100 @@ -14,6 +14,7 @@ resources/user.css resources/image.png resources/pasteimage.html + resources/redirect.html resources/reload.html resources/style.css resources/test1.html diff -Naur a/tests/auto/widgets/qwebengineview/BLACKLIST b/tests/auto/widgets/qwebengineview/BLACKLIST --- a/tests/auto/widgets/qwebengineview/BLACKLIST 2021-04-01 15:33:27.000000000 +0100 +++ b/tests/auto/widgets/qwebengineview/BLACKLIST 2021-04-30 21:34:29.148412518 +0100 @@ -6,3 +6,6 @@ [horizontalScrollbarTest] osx + +[mixLangLocale:eu_ES] +* diff -Naur a/tests/auto/widgets/qwebengineview/tst_qwebengineview.cpp b/tests/auto/widgets/qwebengineview/tst_qwebengineview.cpp --- a/tests/auto/widgets/qwebengineview/tst_qwebengineview.cpp 2021-04-01 15:33:27.000000000 +0100 +++ b/tests/auto/widgets/qwebengineview/tst_qwebengineview.cpp 2021-04-30 21:34:29.149414250 +0100 @@ -124,6 +124,7 @@ void doNotBreakLayout(); void changeLocale(); + void mixLangLocale_data(); void mixLangLocale(); void inputMethodsTextFormat_data(); void inputMethodsTextFormat(); @@ -1213,26 +1214,46 @@ QCOMPARE(errorLines.first().toUtf8(), QByteArrayLiteral("Die Website ist nicht erreichbar")); } +void tst_QWebEngineView::mixLangLocale_data() +{ + QTest::addColumn("locale"); + QTest::addColumn("formattedNumber"); + QTest::newRow("en_DK") << "en-DK" << QByteArray("1.234.567.890"); + QTest::newRow("de") << "de" << QByteArray("1.234.567.890"); + QTest::newRow("de_CH") << "de-CH" << QByteArray("1’234’567’890"); + QTest::newRow("eu_ES") << "eu-ES" << QByteArray("1.234.567.890"); + QTest::newRow("hu_HU") << "hu-HU" << QByteArray("1\xC2\xA0""234\xC2\xA0""567\xC2\xA0""890"); // no-break spaces +} + void tst_QWebEngineView::mixLangLocale() { - for (QString locale : { "en_DK", "de_CH", "eu_ES" }) { - QLocale::setDefault(locale); - QWebEngineView view; - QSignalSpy loadSpy(&view, &QWebEngineView::loadFinished); - - bool terminated = false; - auto sc = connect(view.page(), &QWebEnginePage::renderProcessTerminated, [&] () { terminated = true; }); - - view.load(QUrl("qrc:///resources/dummy.html")); - QTRY_VERIFY(terminated || loadSpy.count() == 1); - - QVERIFY2(!terminated, - qPrintable(QString("Locale [%1] terminated: %2, loaded: %3").arg(locale).arg(terminated).arg(loadSpy.count()))); - QVERIFY(loadSpy.first().first().toBool()); + QFETCH(QString, locale); + QFETCH(QByteArray, formattedNumber); + + QLocale::setDefault(locale); + + QWebEngineView view; + QSignalSpy loadSpy(&view, &QWebEngineView::loadFinished); + + bool terminated = false; + auto sc = connect(view.page(), &QWebEnginePage::renderProcessTerminated, [&] () { terminated = true; }); + + view.load(QUrl("qrc:///resources/dummy.html")); + QTRY_VERIFY(terminated || loadSpy.count() == 1); + + QVERIFY2(!terminated, + qPrintable(QString("Locale [%1] terminated: %2, loaded: %3").arg(locale).arg(terminated).arg(loadSpy.count()))); + QVERIFY(loadSpy.first().first().toBool()); + + QString content = toPlainTextSync(view.page()); + QVERIFY2(!content.isEmpty() && content.contains("test content"), qPrintable(content)); + + QCOMPARE(evaluateJavaScriptSync(view.page(), "navigator.language").toString(), QLocale().bcp47Name()); + + if (locale == "eu-ES") + QEXPECT_FAIL("", "Basque number formatting is somehow dependent on environment", Continue); + QCOMPARE(evaluateJavaScriptSync(view.page(), "Number(1234567890).toLocaleString()").toByteArray(), formattedNumber); - QString content = toPlainTextSync(view.page()); - QVERIFY2(!content.isEmpty() && content.contains("test content"), qPrintable(content)); - } QLocale::setDefault(QLocale("en")); }