-
Notifications
You must be signed in to change notification settings - Fork 64
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Backport] Fix High Resolution touchpad scrolling in XWayland #1
Open
satmandu
wants to merge
1
commit into
qt:80-based
Choose a base branch
from
satmandu:patch-1
base: 80-based
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This reversion is in upstream as per https://chromium.googlesource.com/chromium/src.git/+/48632c246b958ebde3f144fad428f3a38f3ea70f%5E%21/#F0 Please see discussion here: https://crbug.com/712737 https://www.reddit.com/r/linux/comments/geq19d/upstream_chromium_is_finally_fixing_pixelprecise/ https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1811219
satmandu
changed the title
Fix High Resolution touchpad scrolling in XWayland
[Backport] Fix High Resolution touchpad scrolling in XWayland
May 7, 2020
qtprojectorg
pushed a commit
that referenced
this pull request
Feb 19, 2021
Partial cherry-pick (leaving out tests) of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/2674008: Merged: [interpreter] Store accumulator to callee after optional chain checks Revision: df98901c19ce17ca995ee6750379b0f004210d68 BUG=chromium:1171954 NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true R=rmcilroy@chromium.org Change-Id: If09e1503ca07b47a112362495ec0bb9d502118c9 Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/branch-heads/8.9@{#33} Cr-Branched-From: 16b9bbbd581c25391981aa03180b76aa60463a3e-refs/heads/8.9.255@{#1} Cr-Branched-From: d16a2a688498bd1c3e6a49edb25d8c4ca56232dc-refs/heads/master@{#72039} Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Apr 1, 2021
Partial cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/2780300: Merged: [deoptimizer] Fix bug in OptimizedFrame::Summarize Revision: 3353a7d0b017146d543434be4036a81aaf7d25ae BUG=chromium:1182647 NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true R=bmeurer@chromium.org Change-Id: I86abd6a3f34169be5f99aa9f54bb7bb3706fa85a Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/branch-heads/8.9@{#49} Cr-Branched-From: 16b9bbbd581c25391981aa03180b76aa60463a3e-refs/heads/8.9.255@{#1} Cr-Branched-From: d16a2a688498bd1c3e6a49edb25d8c4ca56232dc-refs/heads/master@{#72039} Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Apr 1, 2021
Partial cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/2748077: Merged: Squashed multiple commits. Merged: [const-tracking] Mark const field as mutable when reconfiguring Revision: 7535b91f7cb22274de734d5da7d0324d8653d626 Merged: [const-tracking] Fix incorrect DCHECK in MapUpdater Revision: f95db8916a731e6e5ccc0282616bc907ce06012f BUG=chromium:1161847,chromium:1185463,v8:9233 NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true R=ishell@chromium.org Change-Id: I4a34bafb3b072f2e788b47949947c76110f1b85c Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/branch-heads/9.0@{#18} Cr-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1} Cr-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001} Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Apr 6, 2021
Manual backport of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/2674169: [Merged ][wasm] PostMessage of Memory.buffer should throw PostMessage of an ArrayBuffer that is not detachable should result in a DataCloneError. TBR=gdeepti@chromium.org (cherry picked from commit dfcf1e86fac0a7b067caf8fdfc13eaf3e3f445e4) Bug: chromium:1170176, chromium:961059 No-Try: true No-Presubmit: true No-Tree-Checks: true Change-Id: Ife852df032841b7001375acd5e101d614c4b0771 Reviewed-by: Zhi An Ng <zhin@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/branch-heads/8.8@{#30} Cr-Branched-From: 2dbcdc105b963ee2501c82139eef7e0603977ff0-refs/heads/8.8.278@{#1} Cr-Branched-From: 366d30c99049b3f1c673f8a93deb9f879d0fa9f0-refs/heads/master@{#71094} Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Apr 9, 2021
Partial cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/2780300: Merged: [deoptimizer] Fix bug in OptimizedFrame::Summarize Revision: 3353a7d0b017146d543434be4036a81aaf7d25ae BUG=chromium:1182647 NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true R=bmeurer@chromium.org Change-Id: I86abd6a3f34169be5f99aa9f54bb7bb3706fa85a Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/branch-heads/8.9@{#49} Cr-Branched-From: 16b9bbbd581c25391981aa03180b76aa60463a3e-refs/heads/8.9.255@{#1} Cr-Branched-From: d16a2a688498bd1c3e6a49edb25d8c4ca56232dc-refs/heads/master@{#72039} Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Apr 9, 2021
Partial cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/2748077: Merged: Squashed multiple commits. Merged: [const-tracking] Mark const field as mutable when reconfiguring Revision: 7535b91f7cb22274de734d5da7d0324d8653d626 Merged: [const-tracking] Fix incorrect DCHECK in MapUpdater Revision: f95db8916a731e6e5ccc0282616bc907ce06012f BUG=chromium:1161847,chromium:1185463,v8:9233 NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true R=ishell@chromium.org Change-Id: I4a34bafb3b072f2e788b47949947c76110f1b85c Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/branch-heads/9.0@{#18} Cr-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1} Cr-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001} Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Apr 14, 2021
… in V8 for x86_64 Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/2821959: Fix bug in InstructionSelector::ChangeInt32ToInt64 (cherry picked from commit 02f84c745fc0cae5927a66dc4a3e81334e8f60a6) No-Try: true No-Presubmit: true No-Tree-Checks: true Bug: chromium:1196683 Change-Id: Ib4ea738b47b64edc81450583be4c80a41698c3d1 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#73903} Commit-Queue: Jana Grill <janagrill@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Victor-Gabriel Savu <vsavu@google.com> Cr-Commit-Position: refs/branch-heads/8.6@{#75} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Apr 21, 2021
Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/2838235: M86-LTS: [compiler] Fix bug in RepresentationChanger::GetWord32RepresentationFor We have to respect the TypeCheckKind. (cherry picked from commit fd29e246f65a7cee130e72cd10f618f3b82af232) No-Try: true No-Presubmit: true No-Tree-Checks: true Bug: chromium:1195777 Change-Id: If1eed719fef79b7c61d99c29ba869ddd7985c413 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#73909} Owners-Override: Achuith Bhandarkar <achuith@chromium.org> Reviewed-by: Artem Sumaneev <asumaneev@google.com> Commit-Queue: Achuith Bhandarkar <achuith@chromium.org> Cr-Commit-Position: refs/branch-heads/8.6@{#79} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Apr 21, 2021
Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/2823829: [LTS-M86][builtins] Fix Array.prototype.concat with @@species (cherry picked from commit 7989e04979c3195e60a6814e8263063eb91f7b47) No-Try: true No-Presubmit: true No-Tree-Checks: true Bug: chromium:1195977 Change-Id: I16843bce2e9f776abca0f2b943b898ab5e597e42 Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#73842} Commit-Queue: Jana Grill <janagrill@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Victor-Gabriel Savu <vsavu@google.com> Cr-Commit-Position: refs/branch-heads/8.6@{#77} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Apr 21, 2021
Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/2821961: [LTS-M86][builtins] Harden Array.prototype.concat. Defence in depth patch to prevent JavaScript from executing from within IterateElements. R=ishell@chromium.org R=cbruni@chromium.org (cherry picked from commit 8284359ed0607e452a4dda2ce89811fb019b4aaa) No-Try: true No-Presubmit: true No-Tree-Checks: true Bug: chromium:1195977 Change-Id: Ie59d468b73b94818cea986a3ded0804f6dddd10b Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#73898} Commit-Queue: Jana Grill <janagrill@chromium.org> Reviewed-by: Victor-Gabriel Savu <vsavu@google.com> Cr-Commit-Position: refs/branch-heads/8.6@{#76} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Apr 27, 2021
Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/2839559: Merged: [compiler] Fix a bug in VisitSpeculativeIntegerAdditiveOp Revision: 9313c4ce3f32ad81df1c65becccec7e129181ce3 BUG=chromium:1199345 NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true R=nicohartmann@chromium.org Change-Id: I0ee9f13815b1a7d248d4caa506c6930697e1866c Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/branch-heads/9.0@{#41} Cr-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1} Cr-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001} Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Apr 27, 2021
Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/2833911: Merged: [turbofan] Harden ArrayPrototypePop and ArrayPrototypeShift Revision: d4aafa4022b718596b3deadcc3cdcb9209896154 TBR=glazunov@chromium.org BUG=chromium:1198696 NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true Change-Id: I1840ffabbed3a3caab75b0abea1d37d9ed446d3f Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/branch-heads/9.0@{#39} Cr-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1} Cr-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001} Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Apr 27, 2021
Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/2827899: Merged: [TurboFan] Fix SpeculativeNumberEqual[Number] with undefined (cherry picked from commit 7c7cdec5373127ad24e75edb2d2d75b25d604850) Bug: chromium:1198309, v8:5660 No-Try: true No-Presubmit: true No-Tree-Checks: true Change-Id: I9cb5f66643c0c0ab9b18ca953cf85d2f6aa84b42 Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#74038} Cr-Commit-Position: refs/branch-heads/9.0@{#45} Cr-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1} Cr-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001} Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
May 7, 2021
Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/2839559: Merged: [compiler] Fix a bug in VisitSpeculativeIntegerAdditiveOp Revision: 9313c4ce3f32ad81df1c65becccec7e129181ce3 BUG=chromium:1199345 NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true R=nicohartmann@chromium.org Change-Id: I0ee9f13815b1a7d248d4caa506c6930697e1866c Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/branch-heads/9.0@{#41} Cr-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1} Cr-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001} Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
May 7, 2021
Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/2833911: Merged: [turbofan] Harden ArrayPrototypePop and ArrayPrototypeShift Revision: d4aafa4022b718596b3deadcc3cdcb9209896154 TBR=glazunov@chromium.org BUG=chromium:1198696 NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true Change-Id: I1840ffabbed3a3caab75b0abea1d37d9ed446d3f Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/branch-heads/9.0@{#39} Cr-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1} Cr-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001} Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
May 26, 2021
Cherry-pick of commit originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/2883780: Reland "[compiler] Fix more truncation bugs in SimplifiedLowering" This is a reland of 47077d94492cb604e3a7f02c0d7c3c495ff6b713 without changes. The revert was false alarm. [M86]: Resolved simple conflicts. Original change's description: > [compiler] Fix more truncation bugs in SimplifiedLowering > > Bug: chromium:1200490 > Change-Id: I3555b6d99bdb4b4e7c302a43a82c17e8bff84ebe > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2840452 > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Commit-Queue: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#74097} (cherry picked from commit e4a580c9104e42968e8e13b8c7d933f0b2eda2a3) (cherry picked from commit 97ad04543438f7b235b21346fdd198f81028cd5e) Bug: chromium:1200490 Tbr: nicohartmann@chromium.org No-Try: true No-Presubmit: true No-Tree-Checks: true Change-Id: Iedddcf2d0117fa59dc9d7a3604ef203808ad2903 Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Original-Commit-Position: refs/branch-heads/9.0@{#47} Cr-Original-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1} Cr-Original-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001} Reviewed-by: Jana Grill <janagrill@google.com> Commit-Queue: Victor-Gabriel Savu <vsavu@google.com> Cr-Commit-Position: refs/branch-heads/8.6@{#95} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
May 28, 2021
Reland "M86-LTS: [const-tracking] Ensure map is updated before generalizing constness" This reverts commit 4b4ad58888faf938a76e0d792c3c3a639c79e2e4. M86 merge conflicts and resolution: * src/objects/map-updater.cc Map::instance_descriptor with kRelaxedLoad dispatcher was introduced after 8.6 branch: https://crrev.com/c/2424130. Before the patch Map::instance_descriptor without distpacher was used. Do the same here. * test/mjsunit/regress/regress-crbug-1195331.js HasOwnConstDataProperty did not exist in 8.6. Add it from https://crrev.com/c/2566757. Original change's description: > Revert "M86-LTS: [const-tracking] Ensure map is updated before generalizing constness" > > This reverts commit 69a043b410ff83f31ceba23eab410163403c1db0. > > Reason for revert: causes compilation errors. kRelaxedLoad is missing. > > Original change's description: > > M86-LTS: [const-tracking] Ensure map is updated before generalizing constness > > > > Revision: db2acd7a046d42a8013da76c3f47d2970cef5447 > > > > BUG=chromium:1195331 > > NOTRY=true > > NOPRESUBMIT=true > > NOTREECHECKS=true > > R=leszeks@chromium.org > > > > (cherry picked from commit 5a0dd788cdae65bbfa37fbbd47a5e5dde15dd894) > > > > Change-Id: I7ce1b36b8860a49838d208bc7857021e03f83916 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2831474 > > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > > Cr-Original-Commit-Position: refs/branch-heads/9.0@{#37} > > Cr-Original-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1} > > Cr-Original-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001} > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2850705 > > Reviewed-by: Igor Sheludko <ishell@chromium.org> > > Reviewed-by: Victor-Gabriel Savu <vsavu@google.com> > > Commit-Queue: Artem Sumaneev <asumaneev@google.com> > > Cr-Commit-Position: refs/branch-heads/8.6@{#82} > > Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} > > Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} > > Bug: chromium:1195331 > Change-Id: Id7170c30d67329b784e9a283c0171fed010970dc > No-Presubmit: true > No-Tree-Checks: true > No-Try: true > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2853588 > Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> > Commit-Queue: Artem Sumaneev <asumaneev@google.com> > Cr-Commit-Position: refs/branch-heads/8.6@{#84} > Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} > Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:1195331 Change-Id: Ie103a7795893860c4c4834eefe9dc327c5c46d19 Reviewed-by: Victor-Gabriel Savu <vsavu@google.com> Commit-Queue: Victor-Gabriel Savu <vsavu@google.com> Cr-Commit-Position: refs/branch-heads/8.6@{#93} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
May 28, 2021
Manual cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/2875210: Merged: [liftoff] Fix >=2GB memory accesses on 32-bit We were inconsistent in handling offsets >= 2GB on 32-bit systems. The code was still relying on this being detected as statically out of bounds, but with the increase of {kV8MaxWasmMemoryPages} to support 4GB memories, this is not the case any more. This CL fixes this by again detecting such situations as statically OOB. We do not expect to be able to allocate memories of size >2GB on such systems. If this assumptions turns out to be wrong, we will erroneously trap. If that happens, we will have to explicitly disallow memories of such size on 32-bit systems. Tbr: jkummerow@chromium.org (cherry picked from commit 7ad5b961553d7d9bc30da1bb839726be2b92bb51) Bug: v8:7881, chromium:1201340 Change-Id: I8a91dd067a1c63a6d1caacb874a27b44b0983774 No-Try: true No-Presubmit: true No-Tree-Checks: true Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/branch-heads/9.0@{#51} Cr-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1} Cr-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001} Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
May 28, 2021
Manual cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/2880214: Merged: [const-tracking] Generalize constness when delete properties Revision: d570bbe0c74ec4ae40d1abc34bea617ff2d63f26 BUG=chromium:1201938 NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true R=leszeks@chromium.org Change-Id: I2745bd574d9f971b3f1e41d5084ec9e9fbbeef07 Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/branch-heads/9.0@{#55} Cr-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1} Cr-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001} Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Aug 2, 2021
Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/2940882: M86-LTS: [debugger] Return ServerError if debugger agent is disabled This returns a server error on setting breakpoints if the agent is disabled. (cherry picked from commit 5aa2de8128f885c44df79d38fb4aa5c6a5d94306) Also-by: bmeurer@chromium.org Fixed: chromium:1202534 No-Try: true No-Presubmit: true No-Tree-Checks: true Change-Id: I87c80a4bd785fa5c59a8dd0d5ac5f4b31b015ed8 Commit-Queue: Kim-Anh Tran <kimanh@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Auto-Submit: Kim-Anh Tran <kimanh@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#74399} Reviewed-by: Achuith Bhandarkar <achuith@chromium.org> Commit-Queue: Artem Sumaneev <asumaneev@google.com> Cr-Commit-Position: refs/branch-heads/8.6@{#105} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Aug 2, 2021
Manual cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/2948652: M86-LTS] Reland "Merged: [compiler] Always record constness dependency for FastDataConstant" This is a reland of 638d1b238d510a349bdd38648add8d5c85bc5f7d after a one-character change. A local variable still has a non-optional type in this version of V8. Original change's description: > Merged: [compiler] Always record constness dependency for FastDataConstant > > Revision: 1bfa5139966fe0c9e8036fe6362b61c483675775 > > BUG=chromium:1209558 > NOTRY=true > NOPRESUBMIT=true > NOTREECHECKS=true > > Change-Id: If4f7243647bcc12ed482796c1353f0717630f6b9 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919823 > Commit-Queue: Georg Neis <neis@chromium.org> > Reviewed-by: Igor Sheludko <ishell@chromium.org> > Cr-Commit-Position: refs/branch-heads/9.1@{#59} > Cr-Branched-From: 0e4ac64a8cf298b14034a22f9fe7b085d2cb238d-refs/heads/9.1.269@{#1} > Cr-Branched-From: f565e72d5ba88daae35a59d0f978643e2343e912-refs/heads/master@{#73847} NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true (cherry picked from commit 73666e3f6d6bdbc93ab81cf8b3803dd04930e293) Bug: chromium:1209558 Change-Id: I0c81353882b0f17942fd92ad4181732f941bcb1d Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Original-Commit-Position: refs/branch-heads/9.1@{#63} Cr-Original-Branched-From: 0e4ac64a8cf298b14034a22f9fe7b085d2cb238d-refs/heads/9.1.269@{#1} Cr-Original-Branched-From: f565e72d5ba88daae35a59d0f978643e2343e912-refs/heads/master@{#73847} Reviewed-by: Artem Sumaneev <asumaneev@google.com> Commit-Queue: Victor-Gabriel Savu <vsavu@google.com> Cr-Commit-Position: refs/branch-heads/8.6@{#108} Cr-Branched-From: a64aed2333abf49e494d2a5ce24bbd14fff19f60-refs/heads/8.6.395@{#1} Cr-Branched-From: a626bc036236c9bf92ac7b87dc40c9e538b087e3-refs/heads/master@{#69472} Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Aug 2, 2021
Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/2940899: Merged: Squashed multiple commits. Merged: Disable left-trimming when optimizing compile jobs exist Revision: ac0605a1a486b8d074f116cc365de9d2b6d7c9e5 Merged: [heap] Don't assume that optimizing-compile-dispatcher exists Revision: 022b312d55e75935cfa99cca7729ae2d3f795bd0 BUG=chromium:1211215,chromium:1215514 NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true R=dinfuehr@chromium.org Change-Id: I3b3a37d64402ea464c8e653517928522a1c5e0da Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/branch-heads/9.1@{#67} Cr-Branched-From: 0e4ac64a8cf298b14034a22f9fe7b085d2cb238d-refs/heads/9.1.269@{#1} Cr-Branched-From: f565e72d5ba88daae35a59d0f978643e2343e912-refs/heads/master@{#73847} Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Aug 4, 2021
Manual backport of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/3027260: Merged: [compiler] Fix a bug in CodeGenerator::AddTranslationForOperand (cherry picked from commit 374354bfe4a30740b96936b33e522d6fcd1cda67) Bug: chromium:1228407 No-Try: true No-Presubmit: true No-Tree-Checks: true Change-Id: I358d8736b7b5f87300496cbb39a7689d8207d85f Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/branch-heads/9.1@{#77} Cr-Branched-From: 0e4ac64a8cf298b14034a22f9fe7b085d2cb238d-refs/heads/9.1.269@{#1} Cr-Branched-From: f565e72d5ba88daae35a59d0f978643e2343e912-refs/heads/master@{#73847} Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Aug 12, 2021
Manual backport of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/2993033: Merged: [JSON] Fix GC issue in BuildJsonObject We must ensure that the sweeper is not running or has already swept mutable_double_buffer. Otherwise the GC can add it to the free list. Change-Id: If0fc7617acdb6690f0567215b78f8728e1643ec0 No-Try: true No-Presubmit: true No-Tree-Checks: true Bug: v8:11837, chromium:1214842 Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/branch-heads/9.1@{#75} Cr-Branched-From: 0e4ac64a8cf298b14034a22f9fe7b085d2cb238d-refs/heads/9.1.269@{#1} Cr-Branched-From: f565e72d5ba88daae35a59d0f978643e2343e912-refs/heads/master@{#73847} Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Aug 19, 2021
Manual backport of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/3080564: Merged: [compiler] Fix a bug in MachineOperatorReducer's BitfieldCheck Revision: 574ca6b71c6160d38b5fcf4b8e133bc7f6ba2387 BUG=chromium:1234770 NOTRY=true NOPRESUBMIT=true NOTREECHECKS=true R=nicohartmann@chromium.org Change-Id: I15af5a94e89b54c2a540442c3544ed459b832e0a Reviewed-by: Lutz Vahl <vahl@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/branch-heads/9.3@{#21} Cr-Branched-From: 7744dce208a555494e4a33e24fadc71ea20b3895-refs/heads/9.3.345@{#1} Cr-Branched-From: 4b6b4cabf3b6a20cdfda72b369df49f3311c4344-refs/heads/master@{#75728} Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Sep 3, 2021
Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/3027260: Merged: [compiler] Fix a bug in CodeGenerator::AddTranslationForOperand (cherry picked from commit 374354bfe4a30740b96936b33e522d6fcd1cda67) Bug: chromium:1228407 No-Try: true No-Presubmit: true No-Tree-Checks: true Change-Id: I358d8736b7b5f87300496cbb39a7689d8207d85f Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Reviewed-by: Adam Klein <adamk@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/branch-heads/9.1@{#77} Cr-Branched-From: 0e4ac64a8cf298b14034a22f9fe7b085d2cb238d-refs/heads/9.1.269@{#1} Cr-Branched-From: f565e72d5ba88daae35a59d0f978643e2343e912-refs/heads/master@{#73847} Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Sep 3, 2021
Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/3067222: Fix GC issue in BuildJsonObject We must ensure that the sweeper is not running or has already swept mutable_double_buffer. Otherwise the GC can add it to the free list. (cherry picked from commit 81181a8ad80ac978a6a8732d05f615c645df95d2) Bug: v8:11837 Bug: chromium:1214842 No-Try: true No-Presubmit: true No-Tree-Checks: true Change-Id: Ifd9cf15f1c94f664fd6489c70bb38b59730cdd78 Commit-Queue: Victor Gomes <victorgomes@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#74859} Commit-Queue: Roger Felipe Zanoni da Silva <rzanoni@google.com> Reviewed-by: Achuith Bhandarkar <achuith@chromium.org> Reviewed-by: Jana Grill <janagrill@google.com> Cr-Commit-Position: refs/branch-heads/9.0@{#68} Cr-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1} Cr-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001} Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Sep 3, 2021
Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/3101487: [M90-LTS] [deoptimizer] Finish concurrent sweeping before overwriting ByteArrays (cherry picked from commit b63a59619530cb26bf5d51f39ef4cb4c20952d5f) Bug: chromium:1228036 No-Try: true No-Presubmit: true No-Tree-Checks: true Change-Id: I5abe7009920d2c8f81f024c9ae7bb6b13607da1a Commit-Queue: Georg Neis <neis@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#75932} Commit-Queue: Zakhar Voit <voit@google.com> Reviewed-by: Achuith Bhandarkar <achuith@chromium.org> Cr-Commit-Position: refs/branch-heads/9.0@{#75} Cr-Branched-From: bd0108b4c88e0d6f2350cb79b5f363fbd02f3eb7-refs/heads/9.0.257@{#1} Cr-Branched-From: 349bcc6a075411f1a7ce2d866c3dfeefc2efa39d-refs/heads/master@{#73001} Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Jun 15, 2023
Partial manual backport of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/4567879: [M108-LTS][runtime] Fix handling of interceptors Drive-by: simplify creation of LookupIterator copies. (cherry picked from commit d125c7329f6e22af4523de3c55de3a22f168acc9) Bug: chromium:1440695 Change-Id: Icadab9c8b682f87524eed4c508e27be3a8c5b2d7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4537324 Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Original-Commit-Position: refs/heads/main@{#87701} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4567879 Commit-Queue: Roger Felipe Zanoni da Silva <rzanoni@google.com> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/branch-heads/10.8@{#60} Cr-Branched-From: f1bc03fd6b4c201abd9f0fd9d51fb989150f97b9-refs/heads/10.8.168@{#1} Cr-Branched-From: 237de893e1c0a0628a57d0f5797483d3add7f005-refs/heads/main@{#83672} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/481571 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Jun 20, 2023
Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/4590637: Fix store handler selection for arguments objects M108 merge issues: src/diagnostics/objects-printer.cc: Type conflicts for the handler variable on and the IsWeakFixedArray() check isn't present in 108; kept the code changes from the fix. Drive-by: fix printing of handlers in --trace-feedback-updates mode. (cherry picked from commit e144f3b71e64e01d6ffd247eb15ca1ff56f6287b) Bug: chromium:1450481 Change-Id: I1c0084701f7f8959da508481cab7a81a2bca3c8d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4584248 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Original-Commit-Position: refs/heads/main@{#88021} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4590637 Commit-Queue: Roger Felipe Zanoni da Silva <rzanoni@google.com> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/branch-heads/10.8@{#66} Cr-Branched-From: f1bc03fd6b4c201abd9f0fd9d51fb989150f97b9-refs/heads/10.8.168@{#1} Cr-Branched-From: 237de893e1c0a0628a57d0f5797483d3add7f005-refs/heads/main@{#83672} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/486078 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Jun 22, 2023
Manual backport of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/4590637: Fix store handler selection for arguments objects M108 merge issues: src/diagnostics/objects-printer.cc: Type conflicts for the handler variable on and the IsWeakFixedArray() check isn't present in 108; kept the code changes from the fix. Drive-by: fix printing of handlers in --trace-feedback-updates mode. (cherry picked from commit e144f3b71e64e01d6ffd247eb15ca1ff56f6287b) Bug: chromium:1450481 Change-Id: I1c0084701f7f8959da508481cab7a81a2bca3c8d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4584248 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Original-Commit-Position: refs/heads/main@{#88021} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4590637 Commit-Queue: Roger Felipe Zanoni da Silva <rzanoni@google.com> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/branch-heads/10.8@{#66} Cr-Branched-From: f1bc03fd6b4c201abd9f0fd9d51fb989150f97b9-refs/heads/10.8.168@{#1} Cr-Branched-From: 237de893e1c0a0628a57d0f5797483d3add7f005-refs/heads/main@{#83672} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/487335 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Jul 11, 2023
Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/4637129: Merged: [compiler] StackCheck can have side effects Bug: chromium:1452137 (cherry picked from commit e548943e473b020fdc1de6e5543ca31b24d8b7f9) Change-Id: Ibd7c9b02efd12341b452e4c34a635a58a817649f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4637129 Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Auto-Submit: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/branch-heads/11.4@{#49} Cr-Branched-From: 8a8a1e7086dacc426965d3875914efa66663c431-refs/heads/11.4.183@{#1} Cr-Branched-From: 5483d8e816e0bbce865cbbc3fa0ab357e6330bab-refs/heads/main@{#87241} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/489358 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Aug 25, 2023
Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/webm/libwebp/+/4634862: EncodeAlphaInternal: add missing error check VP8LBitWriterFinish() may cause the VP8LBitWriter's buffer to be grown. If that allocation fails, VP8LBitWriterNumBytes() will return a size larger than the current allocation resulting in a heap overwrite of the missing bytes. ==13==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61900005b880 at pc 0x00000049ffc1 bp 0x7fff144f5b40 sp 0x7fff144f5310 READ of size 1028 at 0x61900005b880 thread T0 #0 0x49ffc0 in __asan_memcpy #1 0x695861 in VP8BitWriterAppend src/utils/bit_writer_utils.c:186:3 #2 0x65acf9 in EncodeAlphaInternal src/enc/alpha_enc.c:169:14 Found by Nallocfuzz (https://github.com/catenacyber/nallocfuzz). This is the same issue that was fixed in the non-alpha lossless path in: d49cfbb3 vp8l_enc,WriteImage: add missing error check Bug: chromium:1455619 Change-Id: I6bd10de213707d3d6b7ce3d0d2b3942af45d317f (cherry picked from commit c3bd7cff2e57b4bf1b744e70dd379570d83fb0e4) Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/499078 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Sep 1, 2023
Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/webm/libwebp/+/4634862: EncodeAlphaInternal: add missing error check VP8LBitWriterFinish() may cause the VP8LBitWriter's buffer to be grown. If that allocation fails, VP8LBitWriterNumBytes() will return a size larger than the current allocation resulting in a heap overwrite of the missing bytes. ==13==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61900005b880 at pc 0x00000049ffc1 bp 0x7fff144f5b40 sp 0x7fff144f5310 READ of size 1028 at 0x61900005b880 thread T0 #0 0x49ffc0 in __asan_memcpy #1 0x695861 in VP8BitWriterAppend src/utils/bit_writer_utils.c:186:3 #2 0x65acf9 in EncodeAlphaInternal src/enc/alpha_enc.c:169:14 Found by Nallocfuzz (https://github.com/catenacyber/nallocfuzz). This is the same issue that was fixed in the non-alpha lossless path in: d49cfbb3 vp8l_enc,WriteImage: add missing error check Bug: chromium:1455619 Change-Id: I6bd10de213707d3d6b7ce3d0d2b3942af45d317f (cherry picked from commit c3bd7cff2e57b4bf1b744e70dd379570d83fb0e4) Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/500280 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Jan 8, 2024
Manual cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/5110982: Merged: [promises, async stack traces] Fix the case when the closure has run We were using the closure pointing to NativeContext as a marker that the closure has run, but async stack trace code was confused about it. (cherry picked from commit bde3d360097607f36cd1d17cbe8412b84eae0a7f) Bug: chromium:1501326 Change-Id: I30d438f3b2e3fdd7562ea9a79dde4561ce9b0083 Cr-Original-Commit-Position: refs/heads/main@{#90949} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5110982 Commit-Queue: Marja Hölttä <marja@chromium.org> Reviewed-by: Shu-yu Guo <syg@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Auto-Submit: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/branch-heads/12.0@{#18} Cr-Branched-From: ed7b4caf1fb8184ad9e24346c84424055d4d430a-refs/heads/12.0.267@{#1} Cr-Branched-From: 210e75b19db4352c9b78dce0bae11c2dc3077df4-refs/heads/main@{#90651} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/526277 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Jan 8, 2024
Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/5110982: Fix the case when the closure has run M114 changes: - replace IsNativeContext(*context) by context->IsNativeContext() We were using the closure pointing to NativeContext as a marker that the closure has run, but async stack trace code was confused about it. (cherry picked from commit bde3d360097607f36cd1d17cbe8412b84eae0a7f) Bug: chromium:1501326 Change-Id: I30d438f3b2e3fdd7562ea9a79dde4561ce9b0083 Cr-Original-Commit-Position: refs/heads/main@{#90949} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5110982 Commit-Queue: Marja Hölttä <marja@chromium.org> Auto-Submit: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/branch-heads/12.0@{#18} Cr-Branched-From: ed7b4caf1fb8184ad9e24346c84424055d4d430a-refs/heads/12.0.267@{#1} Cr-Branched-From: 210e75b19db4352c9b78dce0bae11c2dc3077df4-refs/heads/main@{#90651} (cherry picked from commit cbd09b2ca928f1fd929ef52e173aa81213e38cb8) Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/526344 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Jan 8, 2024
Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/5110982: Fix the case when the closure has run M114 changes: - replace IsNativeContext(*context) by context->IsNativeContext() We were using the closure pointing to NativeContext as a marker that the closure has run, but async stack trace code was confused about it. (cherry picked from commit bde3d360097607f36cd1d17cbe8412b84eae0a7f) Bug: chromium:1501326 Change-Id: I30d438f3b2e3fdd7562ea9a79dde4561ce9b0083 Cr-Original-Commit-Position: refs/heads/main@{#90949} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5110982 Commit-Queue: Marja Hölttä <marja@chromium.org> Auto-Submit: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/branch-heads/12.0@{#18} Cr-Branched-From: ed7b4caf1fb8184ad9e24346c84424055d4d430a-refs/heads/12.0.267@{#1} Cr-Branched-From: 210e75b19db4352c9b78dce0bae11c2dc3077df4-refs/heads/main@{#90651} (cherry picked from commit cbd09b2ca928f1fd929ef52e173aa81213e38cb8) Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/526350 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Jan 8, 2024
Manual backport of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/5110982: [M114-LTS][promises, async stack traces] Fix the case when the closure has run M114 changes: - replace IsNativeContext(*context) by context->IsNativeContext() We were using the closure pointing to NativeContext as a marker that the closure has run, but async stack trace code was confused about it. (cherry picked from commit bde3d360097607f36cd1d17cbe8412b84eae0a7f) Bug: chromium:1501326 Change-Id: I30d438f3b2e3fdd7562ea9a79dde4561ce9b0083 Cr-Original-Commit-Position: refs/heads/main@{#90949} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5110982 Commit-Queue: Marja Hölttä <marja@chromium.org> Auto-Submit: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/branch-heads/12.0@{#18} Cr-Branched-From: ed7b4caf1fb8184ad9e24346c84424055d4d430a-refs/heads/12.0.267@{#1} Cr-Branched-From: 210e75b19db4352c9b78dce0bae11c2dc3077df4-refs/heads/main@{#90651} (cherry picked from commit cbd09b2ca928f1fd929ef52e173aa81213e38cb8) Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/526232 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Jan 16, 2024
Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/5114883: Merged: [turboshaft] Fix StructuralOptimization because of ignored side-effects Side-effects in the 1st else block were not taken into account. Drive-by: minor cleanups to StructuralOptimizationReducer. Bug: v8:12783, chromium:1509576 (cherry picked from commit 4a664b390577de3d3572010da0dc1138d78ab2c4) Change-Id: Id4e230ee0fd408c821747d3350d688c8b0098ae3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5114883 Reviewed-by: Matthias Liedtke <mliedtke@chromium.org> Commit-Queue: Matthias Liedtke <mliedtke@chromium.org> Auto-Submit: Darius Mercadier <dmercadier@chromium.org> Cr-Commit-Position: refs/branch-heads/12.0@{#20} Cr-Branched-From: ed7b4caf1fb8184ad9e24346c84424055d4d430a-refs/heads/12.0.267@{#1} Cr-Branched-From: 210e75b19db4352c9b78dce0bae11c2dc3077df4-refs/heads/main@{#90651} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/530060 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Jan 18, 2024
Manual cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/5192447: Merged: [runtime] Drop fast last-property deletion This interacts badly with other optimizations and isn't particularly common. Bug: chromium:1517354 (cherry picked from commit 389ea9be7d68bb189e16da79f6414edbd4f7594f) Change-Id: Ie16aa38e8984c4879491c0d9a0ca9df0e041fd1d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5192447 Auto-Submit: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/branch-heads/12.0@{#32} Cr-Branched-From: ed7b4caf1fb8184ad9e24346c84424055d4d430a-refs/heads/12.0.267@{#1} Cr-Branched-From: 210e75b19db4352c9b78dce0bae11c2dc3077df4-refs/heads/main@{#90651} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/531577 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Jan 22, 2024
Manual cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/5192447: Merged: [runtime] Drop fast last-property deletion This interacts badly with other optimizations and isn't particularly common. Bug: chromium:1517354 (cherry picked from commit 389ea9be7d68bb189e16da79f6414edbd4f7594f) Change-Id: Ie16aa38e8984c4879491c0d9a0ca9df0e041fd1d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5192447 Auto-Submit: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/branch-heads/12.0@{#32} Cr-Branched-From: ed7b4caf1fb8184ad9e24346c84424055d4d430a-refs/heads/12.0.267@{#1} Cr-Branched-From: 210e75b19db4352c9b78dce0bae11c2dc3077df4-refs/heads/main@{#90651} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/532072 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Jan 22, 2024
Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/5185558: Merged: [maglev] Fix allocation folding in derived constructors Bug: v8:7700 Fixed: chromium:1515930 (cherry picked from commit 78dd4b31847ab1f5b06ef3d8742a9f3835fb6919) Change-Id: Ia5d80719f97a6676a778e46698ecd6f6999e90d2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5185558 Auto-Submit: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Reviewed-by: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/branch-heads/12.0@{#30} Cr-Branched-From: ed7b4caf1fb8184ad9e24346c84424055d4d430a-refs/heads/12.0.267@{#1} Cr-Branched-From: 210e75b19db4352c9b78dce0bae11c2dc3077df4-refs/heads/main@{#90651} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/531978 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Jan 22, 2024
Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/5180369: Merged: [codegen] Install BytecodeArray last in SharedFunctionInfo Maglev assumes that when a SharedFunctionInfo has a BytecodeArray, then it should also have FeedbackMetadata. However, this may not hold with concurrent compilation when the SharedFunctionInfo is re-compiled after being flushed. Here the BytecodeArray was installed on the SFI before the FeedbackMetadata and a concurrent thread could observe the BytecodeArray but not the FeedbackMetadata. Drive-by: Reset the age field before setting the BytecodeArray as well. This ensures that the concurrent marker will not observe the old age for the new BytecodeArray. Bug: chromium:1507412 (cherry picked from commit 46cb67e3b296e50d7fda5a58233d18b9f3dab0d5) Change-Id: Ide73ac1c6b0a68a1fcf847c8351ec65016e55762 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5180369 Reviewed-by: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/branch-heads/12.0@{#28} Cr-Branched-From: ed7b4caf1fb8184ad9e24346c84424055d4d430a-refs/heads/12.0.267@{#1} Cr-Branched-From: 210e75b19db4352c9b78dce0bae11c2dc3077df4-refs/heads/main@{#90651} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/531979 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Jan 22, 2024
Manual cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/5192447: Merged: [runtime] Drop fast last-property deletion This interacts badly with other optimizations and isn't particularly common. Bug: chromium:1517354 (cherry picked from commit 389ea9be7d68bb189e16da79f6414edbd4f7594f) Change-Id: Ie16aa38e8984c4879491c0d9a0ca9df0e041fd1d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5192447 Auto-Submit: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/branch-heads/12.0@{#32} Cr-Branched-From: ed7b4caf1fb8184ad9e24346c84424055d4d430a-refs/heads/12.0.267@{#1} Cr-Branched-From: 210e75b19db4352c9b78dce0bae11c2dc3077df4-refs/heads/main@{#90651} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/531980 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Jan 22, 2024
Manual cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/5192447: Merged: [runtime] Drop fast last-property deletion This interacts badly with other optimizations and isn't particularly common. Bug: chromium:1517354 (cherry picked from commit 389ea9be7d68bb189e16da79f6414edbd4f7594f) Change-Id: Ie16aa38e8984c4879491c0d9a0ca9df0e041fd1d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5192447 Auto-Submit: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/branch-heads/12.0@{#32} Cr-Branched-From: ed7b4caf1fb8184ad9e24346c84424055d4d430a-refs/heads/12.0.267@{#1} Cr-Branched-From: 210e75b19db4352c9b78dce0bae11c2dc3077df4-refs/heads/main@{#90651} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/532059 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Mar 12, 2024
Manual backport of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/5300311: Merged: [wasm] Use correct signature index for tier-up of wasm-to-js wrapper The wasm-to-js wrapper tierup used the canonicalized signature id lookup for module-independent signatures to look up the canonicalized signature id of module-specific signatures. With this CL the signature id is looked up with the function index of imported functions and from the dispatch table for indirect function calls instead. R=jkummerow@chromium.org Bug: 324596281 (cherry picked from commit 2109613ad4622028778a38fb418956fab8b478b6) Change-Id: I3fb7e4f02596f62e13ffe60015f96bac5efbc598 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5300311 Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/branch-heads/12.2@{#32} Cr-Branched-From: 6eb5a9616aa6f8c705217aeb7c7ab8c037a2f676-refs/heads/12.2.281@{#1} Cr-Branched-From: 44cf56d850167c6988522f8981730462abc04bcc-refs/heads/main@{#91934} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/546082 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io> Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Mar 12, 2024
Manual cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/5323850: Merged: [wasm] Add bounds check in tier-up of wasm-to-js wrapper The entry index in the WasmApiFunctionRef was used to look for the given WasmApiFunctionRef in the indirect function tables, but it was not considered that the indirect function tables can have different lengths. R=clemensb@chromium.org Bug: 325893559 (cherry picked from commit 7330f46163e8a2c10a3d40ecbf554656f0ac55e8) Change-Id: I52355890e21490c75566216985680c64e0b0db75 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5323850 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/branch-heads/12.2@{#38} Cr-Branched-From: 6eb5a9616aa6f8c705217aeb7c7ab8c037a2f676-refs/heads/12.2.281@{#1} Cr-Branched-From: 44cf56d850167c6988522f8981730462abc04bcc-refs/heads/main@{#91934} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/546083 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io> Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Apr 9, 2024
Manual cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/5401859: Merged: [runtime] Recreate enum cache on map update if any previous map had one If any previous map in the transition tree had an enum cache, then we recreate one when updating the map. Bug: 330760873 (cherry picked from commit 807cf7d0b7d96212c98ed2119e07f9b2c6a23f61) Change-Id: Ia9ea4cf17fef60166a0c037318eb539866aac37a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5401859 Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Auto-Submit: Darius Mercadier <dmercadier@chromium.org> Cr-Commit-Position: refs/branch-heads/12.2@{#52} Cr-Branched-From: 6eb5a9616aa6f8c705217aeb7c7ab8c037a2f676-refs/heads/12.2.281@{#1} Cr-Branched-From: 44cf56d850167c6988522f8981730462abc04bcc-refs/heads/main@{#91934} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/553307 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Apr 9, 2024
Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/5380190: Merged: [wasm] Check for type-definition count limit (cherry picked from commit b852ad701db21d6db5b34e66f4ec1cdccd2ec4d4) Bug: chromium:330575498 Change-Id: I395f0ed6d823b7d1e139da6551486e3627d65724 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5378419 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Auto-Submit: Manos Koukoutos <manoskouk@chromium.org> Cr-Original-Commit-Position: refs/heads/main@{#92941} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5380190 Reviewed-by: Francis McCabe <fgm@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/branch-heads/12.2@{#50} Cr-Branched-From: 6eb5a9616aa6f8c705217aeb7c7ab8c037a2f676-refs/heads/12.2.281@{#1} Cr-Branched-From: 44cf56d850167c6988522f8981730462abc04bcc-refs/heads/main@{#91934} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/553292 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Apr 9, 2024
Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/5401859: Merged: [runtime] Recreate enum cache on map update if any previous map had one If any previous map in the transition tree had an enum cache, then we recreate one when updating the map. Bug: 330760873 (cherry picked from commit 807cf7d0b7d96212c98ed2119e07f9b2c6a23f61) Change-Id: Ia9ea4cf17fef60166a0c037318eb539866aac37a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5401859 Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Auto-Submit: Darius Mercadier <dmercadier@chromium.org> Cr-Commit-Position: refs/branch-heads/12.2@{#52} Cr-Branched-From: 6eb5a9616aa6f8c705217aeb7c7ab8c037a2f676-refs/heads/12.2.281@{#1} Cr-Branched-From: 44cf56d850167c6988522f8981730462abc04bcc-refs/heads/main@{#91934} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/553296 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Apr 10, 2024
Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/5380190: Merged: [wasm] Check for type-definition count limit (cherry picked from commit b852ad701db21d6db5b34e66f4ec1cdccd2ec4d4) Bug: chromium:330575498 Change-Id: I395f0ed6d823b7d1e139da6551486e3627d65724 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5378419 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Auto-Submit: Manos Koukoutos <manoskouk@chromium.org> Cr-Original-Commit-Position: refs/heads/main@{#92941} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5380190 Reviewed-by: Francis McCabe <fgm@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/branch-heads/12.2@{#50} Cr-Branched-From: 6eb5a9616aa6f8c705217aeb7c7ab8c037a2f676-refs/heads/12.2.281@{#1} Cr-Branched-From: 44cf56d850167c6988522f8981730462abc04bcc-refs/heads/main@{#91934} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/553298 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Apr 10, 2024
Manual cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/5401859: Merged: [runtime] Recreate enum cache on map update if any previous map had one If any previous map in the transition tree had an enum cache, then we recreate one when updating the map. Bug: 330760873 (cherry picked from commit 807cf7d0b7d96212c98ed2119e07f9b2c6a23f61) Change-Id: Ia9ea4cf17fef60166a0c037318eb539866aac37a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5401859 Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Auto-Submit: Darius Mercadier <dmercadier@chromium.org> Cr-Commit-Position: refs/branch-heads/12.2@{#52} Cr-Branched-From: 6eb5a9616aa6f8c705217aeb7c7ab8c037a2f676-refs/heads/12.2.281@{#1} Cr-Branched-From: 44cf56d850167c6988522f8981730462abc04bcc-refs/heads/main@{#91934} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/553302 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Jun 11, 2024
Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/5380190: Merged: [wasm] Check for type-definition count limit (cherry picked from commit b852ad701db21d6db5b34e66f4ec1cdccd2ec4d4) Bug: chromium:330575498 Change-Id: I395f0ed6d823b7d1e139da6551486e3627d65724 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5378419 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Auto-Submit: Manos Koukoutos <manoskouk@chromium.org> Cr-Original-Commit-Position: refs/heads/main@{#92941} Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5380190 Reviewed-by: Francis McCabe <fgm@chromium.org> Commit-Queue: Adam Klein <adamk@chromium.org> Reviewed-by: Adam Klein <adamk@chromium.org> Cr-Commit-Position: refs/branch-heads/12.2@{#50} Cr-Branched-From: 6eb5a9616aa6f8c705217aeb7c7ab8c037a2f676-refs/heads/12.2.281@{#1} Cr-Branched-From: 44cf56d850167c6988522f8981730462abc04bcc-refs/heads/main@{#91934} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/554624 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Jun 11, 2024
Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/5410311: Merged: [wasm][gc] Scan the code field of the WasmInternalFunction The code field in the WasmInternalFunction is a code pointer since https://crrev.com/c/5110559, so it has to be scanned explicitly. Bug: 329130358 (cherry picked from commit b93975a48c722c2e5fe9b39437738eb2e23dac74) Change-Id: I0795d2188a8af3480c513d1dbaccfcef1da04473 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5410311 Reviewed-by: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> Auto-Submit: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/branch-heads/12.2@{#54} Cr-Branched-From: 6eb5a9616aa6f8c705217aeb7c7ab8c037a2f676-refs/heads/12.2.281@{#1} Cr-Branched-From: 44cf56d850167c6988522f8981730462abc04bcc-refs/heads/main@{#91934} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/554648 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Jun 11, 2024
Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/5401859: Merged: [runtime] Recreate enum cache on map update if any previous map had one If any previous map in the transition tree had an enum cache, then we recreate one when updating the map. Bug: 330760873 (cherry picked from commit 807cf7d0b7d96212c98ed2119e07f9b2c6a23f61) Change-Id: Ia9ea4cf17fef60166a0c037318eb539866aac37a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5401859 Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Auto-Submit: Darius Mercadier <dmercadier@chromium.org> Cr-Commit-Position: refs/branch-heads/12.2@{#52} Cr-Branched-From: 6eb5a9616aa6f8c705217aeb7c7ab8c037a2f676-refs/heads/12.2.281@{#1} Cr-Branched-From: 44cf56d850167c6988522f8981730462abc04bcc-refs/heads/main@{#91934} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/554649 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Oct 21, 2024
Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/5872631: Merged: [wasm] Do not inline wrappers with 'ref extern' parameter type This was introduced in https://crrev.com/c/4212394. The wrapper would need to test for null and throw a type error but doesn't do that correctly. (The test case added only tested that a null check happens either in the wrapper or in the cast instruction because the test case was trying to test both cases without duplicating too much which was a bad design choice.) For simplicity, just disallow inlining of wrappers with parameters typed 'ref extern'. (Users should use `externref` aka 'ref null extern' instead anyways as the non-nullability doesn't add any benefits.) (cherry picked from commit 3eee872739ac3523af126d7f25a623c18f5bee39) Bug: 366635354 Change-Id: I58deec223e9c01c5292239eebee895febc880215 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5872631 Auto-Submit: Matthias Liedtke <mliedtke@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/branch-heads/13.0@{#2} Cr-Branched-From: 4be854bd71ea878a25b236a27afcecffa2e29360-refs/heads/13.0.245@{#1} Cr-Branched-From: 1f5183f7ad6cca21029fd60653d075730c644432-refs/heads/main@{#96103} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/597922 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
qtprojectorg
pushed a commit
that referenced
this pull request
Oct 21, 2024
Manual cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/5872631: Merged: [wasm] Do not inline wrappers with 'ref extern' parameter type This was introduced in https://crrev.com/c/4212394. The wrapper would need to test for null and throw a type error but doesn't do that correctly. (The test case added only tested that a null check happens either in the wrapper or in the cast instruction because the test case was trying to test both cases without duplicating too much which was a bad design choice.) For simplicity, just disallow inlining of wrappers with parameters typed 'ref extern'. (Users should use `externref` aka 'ref null extern' instead anyways as the non-nullability doesn't add any benefits.) (cherry picked from commit 3eee872739ac3523af126d7f25a623c18f5bee39) Bug: 366635354 Change-Id: I58deec223e9c01c5292239eebee895febc880215 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5872631 Auto-Submit: Matthias Liedtke <mliedtke@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/branch-heads/13.0@{#2} Cr-Branched-From: 4be854bd71ea878a25b236a27afcecffa2e29360-refs/heads/13.0.245@{#1} Cr-Branched-From: 1f5183f7ad6cca21029fd60653d075730c644432-refs/heads/main@{#96103} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/597950 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This reversion is in upstream as per https://chromium.googlesource.com/chromium/src.git/+/48632c246b958ebde3f144fad428f3a38f3ea70f%5E%21/#F0
Please see discussion here:
https://crbug.com/712737
https://www.reddit.com/r/linux/comments/geq19d/upstream_chromium_is_finally_fixing_pixelprecise/
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1811219