* High CVE-2024-2625: Object lifecycle issue in V8 * Medium CVE-2024-2626: Out of bounds read in Swiftshader * Medium CVE-2024-2627: Use after free in Canvas * Medium CVE-2024-2628: Inappropriate implementation in Downloads * Medium CVE-2024-2629: Incorrect security UI in iOS * Medium CVE-2024-2630: Inappropriate implementation in iOS * Low CVE-2024-2631: Inappropriate implementation in iOSepel8 imports/epel9/chromium-123.0.6312.58-1.el9
parent
11f6e46ef2
commit
1ee06aa55f
@ -1,12 +0,0 @@
|
||||
diff -up chromium-119.0.6045.199/build/config/compiler/BUILD.gn.me chromium-119.0.6045.199/build/config/compiler/BUILD.gn
|
||||
--- chromium-119.0.6045.199/build/config/compiler/BUILD.gn.me 2023-12-02 12:19:01.138079722 +0100
|
||||
+++ chromium-119.0.6045.199/build/config/compiler/BUILD.gn 2023-12-02 12:21:05.835322037 +0100
|
||||
@@ -379,7 +379,7 @@ config("compiler") {
|
||||
cflags += [ "-fno-stack-protector" ]
|
||||
} else if (current_os != "aix") {
|
||||
# Not available on aix.
|
||||
- cflags += [ "-fstack-protector" ]
|
||||
+ cflags += [ "-fstack-protector-strong" ]
|
||||
}
|
||||
}
|
||||
}
|
@ -1,230 +0,0 @@
|
||||
commit 57526b8dc45b2e6c67bba7306f1dde73b1f2910c
|
||||
Author: sisidovski <sisidovski@chromium.org>
|
||||
Date: Tue Oct 24 09:32:49 2023 +0000
|
||||
|
||||
Remove unused items from the RaceNetworkRequest hashmap
|
||||
|
||||
When the AutoPreload or the race-network-and-fetch-handler option in the
|
||||
static routing API is enabled, network requests are dispatched and
|
||||
URLLoaderFactories are held in a hashmap in ServiceWorkerGlobalScope.
|
||||
Those are consumed inside the fetch handler when fetch(e.request) is
|
||||
called. But if the fetch handler doesn't call fetch() e.g. fallback,
|
||||
those hashmap items does not have a chance to be removed.
|
||||
|
||||
This CL changes the hashmap items to be removed when the fetch event
|
||||
finishes, and the URLLoaderFactory is still not consumed at that time.
|
||||
This may loose the dedupe capability if fetch() is called later e.g.
|
||||
setTimeout(() => fetch()), but it makes sense to prioritize keeping the
|
||||
hashmap small.
|
||||
|
||||
Change-Id: I51bdc9d5eb5185f2b5b4df6ee785715b1180c848
|
||||
Bug: 1492640
|
||||
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4964840
|
||||
Reviewed-by: Minoru Chikamune <chikamune@chromium.org>
|
||||
Commit-Queue: Yoshisato Yanagisawa <yyanagisawa@chromium.org>
|
||||
Reviewed-by: Yoshisato Yanagisawa <yyanagisawa@chromium.org>
|
||||
Cr-Commit-Position: refs/heads/main@{#1214064}
|
||||
|
||||
diff --git a/third_party/blink/renderer/modules/service_worker/service_worker_global_scope.cc b/third_party/blink/renderer/modules/service_worker/service_worker_global_scope.cc
|
||||
index 02887edc10883..b3624fc0162df 100644
|
||||
--- a/third_party/blink/renderer/modules/service_worker/service_worker_global_scope.cc
|
||||
+++ b/third_party/blink/renderer/modules/service_worker/service_worker_global_scope.cc
|
||||
@@ -46,6 +46,7 @@
|
||||
#include "services/network/public/cpp/cross_origin_embedder_policy.h"
|
||||
#include "services/network/public/mojom/cookie_manager.mojom-blink.h"
|
||||
#include "services/network/public/mojom/cross_origin_embedder_policy.mojom.h"
|
||||
+#include "services/network/public/mojom/url_loader_factory.mojom-blink.h"
|
||||
#include "third_party/blink/public/common/features.h"
|
||||
#include "third_party/blink/public/mojom/fetch/fetch_api_request.mojom-blink.h"
|
||||
#include "third_party/blink/public/mojom/notifications/notification.mojom-blink.h"
|
||||
@@ -1096,6 +1097,10 @@ void ServiceWorkerGlobalScope::DidHandleFetchEvent(
|
||||
TRACE_ID_WITH_SCOPE(kServiceWorkerGlobalScopeTraceScope,
|
||||
TRACE_ID_LOCAL(event_id)),
|
||||
TRACE_EVENT_FLAG_FLOW_IN, "status", MojoEnumToString(status));
|
||||
+
|
||||
+ // Delete the URLLoaderFactory for the RaceNetworkRequest if it's not used.
|
||||
+ RemoveItemFromRaceNetworkRequests(event_id);
|
||||
+
|
||||
if (!RunEventCallback(&fetch_event_callbacks_, event_queue_.get(), event_id,
|
||||
status)) {
|
||||
// The event may have been aborted. Its response callback also needs to be
|
||||
@@ -1495,6 +1500,7 @@ void ServiceWorkerGlobalScope::AbortCallbackForFetchEvent(
|
||||
response_callback_iter->value->TakeValue().reset();
|
||||
fetch_response_callbacks_.erase(response_callback_iter);
|
||||
}
|
||||
+ RemoveItemFromRaceNetworkRequests(event_id);
|
||||
|
||||
// Run the event callback with the error code.
|
||||
auto event_callback_iter = fetch_event_callbacks_.find(event_id);
|
||||
@@ -1551,52 +1557,11 @@ void ServiceWorkerGlobalScope::StartFetchEvent(
|
||||
|
||||
if (params->race_network_request_loader_factory &&
|
||||
params->request->service_worker_race_network_request_token) {
|
||||
- auto insert_result = race_network_request_loader_factories_.insert(
|
||||
- String(params->request->service_worker_race_network_request_token
|
||||
- ->ToString()),
|
||||
- std::move(params->race_network_request_loader_factory));
|
||||
-
|
||||
- // DumpWithoutCrashing if the token is empty, or not inserted as a new entry
|
||||
- // to |race_network_request_loader_factories_|.
|
||||
- // TODO(crbug.com/1492640) Remove DumpWithoutCrashing once we collect data
|
||||
- // and identify the cause.
|
||||
- static bool has_dumped_without_crashing_for_empty_token = false;
|
||||
- static bool has_dumped_without_crashing_for_not_new_entry = false;
|
||||
- if (!has_dumped_without_crashing_for_empty_token &&
|
||||
- params->request->service_worker_race_network_request_token
|
||||
- ->is_empty()) {
|
||||
- has_dumped_without_crashing_for_empty_token = true;
|
||||
- SCOPED_CRASH_KEY_BOOL(
|
||||
- "SWGlobalScope", "empty_race_token",
|
||||
- params->request->service_worker_race_network_request_token
|
||||
- ->is_empty());
|
||||
- SCOPED_CRASH_KEY_STRING64(
|
||||
- "SWGlobalScope", "race_token_string",
|
||||
- params->request->service_worker_race_network_request_token
|
||||
- ->ToString());
|
||||
- SCOPED_CRASH_KEY_BOOL("SWGlobalScope", "race_insert_new_entry",
|
||||
- insert_result.is_new_entry);
|
||||
- SCOPED_CRASH_KEY_STRING256("SWGlobalScope", "race_request_url",
|
||||
- params->request->url.GetString().Utf8());
|
||||
- base::debug::DumpWithoutCrashing();
|
||||
- }
|
||||
- if (!has_dumped_without_crashing_for_not_new_entry &&
|
||||
- !insert_result.is_new_entry) {
|
||||
- has_dumped_without_crashing_for_not_new_entry = true;
|
||||
- SCOPED_CRASH_KEY_BOOL(
|
||||
- "SWGlobalScope", "empty_race_token",
|
||||
- params->request->service_worker_race_network_request_token
|
||||
- ->is_empty());
|
||||
- SCOPED_CRASH_KEY_STRING64(
|
||||
- "SWGlobalScope", "race_token_string",
|
||||
- params->request->service_worker_race_network_request_token
|
||||
- ->ToString());
|
||||
- SCOPED_CRASH_KEY_BOOL("SWGlobalScope", "race_insert_new_entry",
|
||||
- insert_result.is_new_entry);
|
||||
- SCOPED_CRASH_KEY_STRING256("SWGlobalScope", "race_request_url",
|
||||
- params->request->url.GetString().Utf8());
|
||||
- base::debug::DumpWithoutCrashing();
|
||||
- }
|
||||
+ InsertNewItemToRaceNetworkRequests(
|
||||
+ event_id,
|
||||
+ params->request->service_worker_race_network_request_token.value(),
|
||||
+ std::move(params->race_network_request_loader_factory),
|
||||
+ params->request->url);
|
||||
}
|
||||
|
||||
Request* request = Request::Create(
|
||||
@@ -2808,12 +2773,71 @@ bool ServiceWorkerGlobalScope::SetAttributeEventListener(
|
||||
absl::optional<mojo::PendingRemote<network::mojom::blink::URLLoaderFactory>>
|
||||
ServiceWorkerGlobalScope::FindRaceNetworkRequestURLLoaderFactory(
|
||||
const base::UnguessableToken& token) {
|
||||
- mojo::PendingRemote<network::mojom::blink::URLLoaderFactory> result =
|
||||
- race_network_request_loader_factories_.Take(String(token.ToString()));
|
||||
+ std::unique_ptr<RaceNetworkRequestInfo> result =
|
||||
+ race_network_requests_.Take(String(token.ToString()));
|
||||
if (result) {
|
||||
- return result;
|
||||
+ race_network_request_fetch_event_ids_.erase(result->fetch_event_id);
|
||||
+ return absl::optional<
|
||||
+ mojo::PendingRemote<network::mojom::blink::URLLoaderFactory>>(
|
||||
+ std::move(result->url_loader_factory));
|
||||
}
|
||||
return absl::nullopt;
|
||||
}
|
||||
|
||||
+void ServiceWorkerGlobalScope::InsertNewItemToRaceNetworkRequests(
|
||||
+ int fetch_event_id,
|
||||
+ const base::UnguessableToken& token,
|
||||
+ mojo::PendingRemote<network::mojom::blink::URLLoaderFactory>
|
||||
+ url_loader_factory,
|
||||
+ const KURL& request_url) {
|
||||
+ auto race_network_request_token = String(token.ToString());
|
||||
+ auto info = std::make_unique<RaceNetworkRequestInfo>(
|
||||
+ fetch_event_id, race_network_request_token,
|
||||
+ std::move(url_loader_factory));
|
||||
+ race_network_request_fetch_event_ids_.insert(fetch_event_id, info.get());
|
||||
+ auto insert_result = race_network_requests_.insert(race_network_request_token,
|
||||
+ std::move(info));
|
||||
+
|
||||
+ // DumpWithoutCrashing if the token is empty, or not inserted as a new entry
|
||||
+ // to |race_network_request_loader_factories_|.
|
||||
+ // TODO(crbug.com/1492640) Remove DumpWithoutCrashing once we collect data
|
||||
+ // and identify the cause.
|
||||
+ static bool has_dumped_without_crashing_for_empty_token = false;
|
||||
+ static bool has_dumped_without_crashing_for_not_new_entry = false;
|
||||
+ if (!has_dumped_without_crashing_for_empty_token && token.is_empty()) {
|
||||
+ has_dumped_without_crashing_for_empty_token = true;
|
||||
+ SCOPED_CRASH_KEY_BOOL("SWGlobalScope", "empty_race_token",
|
||||
+ token.is_empty());
|
||||
+ SCOPED_CRASH_KEY_STRING64("SWGlobalScope", "race_token_string",
|
||||
+ token.ToString());
|
||||
+ SCOPED_CRASH_KEY_BOOL("SWGlobalScope", "race_insert_new_entry",
|
||||
+ insert_result.is_new_entry);
|
||||
+ SCOPED_CRASH_KEY_STRING256("SWGlobalScope", "race_request_url",
|
||||
+ request_url.GetString().Utf8());
|
||||
+ base::debug::DumpWithoutCrashing();
|
||||
+ }
|
||||
+ if (!has_dumped_without_crashing_for_not_new_entry &&
|
||||
+ !insert_result.is_new_entry) {
|
||||
+ has_dumped_without_crashing_for_not_new_entry = true;
|
||||
+ SCOPED_CRASH_KEY_BOOL("SWGlobalScope", "empty_race_token",
|
||||
+ token.is_empty());
|
||||
+ SCOPED_CRASH_KEY_STRING64("SWGlobalScope", "race_token_string",
|
||||
+ token.ToString());
|
||||
+ SCOPED_CRASH_KEY_BOOL("SWGlobalScope", "race_insert_new_entry",
|
||||
+ insert_result.is_new_entry);
|
||||
+ SCOPED_CRASH_KEY_STRING256("SWGlobalScope", "race_request_url",
|
||||
+ request_url.GetString().Utf8());
|
||||
+ base::debug::DumpWithoutCrashing();
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+void ServiceWorkerGlobalScope::RemoveItemFromRaceNetworkRequests(
|
||||
+ int fetch_event_id) {
|
||||
+ RaceNetworkRequestInfo* info =
|
||||
+ race_network_request_fetch_event_ids_.Take(fetch_event_id);
|
||||
+ if (info) {
|
||||
+ race_network_requests_.erase(info->token);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
} // namespace blink
|
||||
diff --git a/third_party/blink/renderer/modules/service_worker/service_worker_global_scope.h b/third_party/blink/renderer/modules/service_worker/service_worker_global_scope.h
|
||||
index 46c431b395825..ac4cac0b1d8fb 100644
|
||||
--- a/third_party/blink/renderer/modules/service_worker/service_worker_global_scope.h
|
||||
+++ b/third_party/blink/renderer/modules/service_worker/service_worker_global_scope.h
|
||||
@@ -623,6 +623,14 @@ class MODULES_EXPORT ServiceWorkerGlobalScope final
|
||||
// ServiceWorker.FetchEvent.QueuingTime histogram.
|
||||
void RecordQueuingTime(base::TimeTicks created_time);
|
||||
|
||||
+ void InsertNewItemToRaceNetworkRequests(
|
||||
+ int fetch_event_id,
|
||||
+ const base::UnguessableToken& token,
|
||||
+ mojo::PendingRemote<network::mojom::blink::URLLoaderFactory>
|
||||
+ url_loader_factory,
|
||||
+ const KURL& request_url);
|
||||
+ void RemoveItemFromRaceNetworkRequests(int fetch_event_id);
|
||||
+
|
||||
Member<ServiceWorkerClients> clients_;
|
||||
Member<ServiceWorkerRegistration> registration_;
|
||||
Member<::blink::ServiceWorker> service_worker_;
|
||||
@@ -768,10 +776,17 @@ class MODULES_EXPORT ServiceWorkerGlobalScope final
|
||||
|
||||
blink::BlinkStorageKey storage_key_;
|
||||
|
||||
+ struct RaceNetworkRequestInfo {
|
||||
+ int fetch_event_id;
|
||||
+ String token;
|
||||
+ mojo::PendingRemote<network::mojom::blink::URLLoaderFactory>
|
||||
+ url_loader_factory;
|
||||
+ };
|
||||
// TODO(crbug.com/918702) WTF::HashMap cannot use base::UnguessableToken as a
|
||||
// key. As a workaround uses WTF::String as a key instead.
|
||||
- HashMap<String, mojo::PendingRemote<network::mojom::blink::URLLoaderFactory>>
|
||||
- race_network_request_loader_factories_;
|
||||
+ HashMap<String, std::unique_ptr<RaceNetworkRequestInfo>>
|
||||
+ race_network_requests_;
|
||||
+ HashMap<int, RaceNetworkRequestInfo*> race_network_request_fetch_event_ids_;
|
||||
|
||||
HeapMojoAssociatedRemote<mojom::blink::AssociatedInterfaceProvider>
|
||||
remote_associated_interfaces_{this};
|
@ -1,12 +0,0 @@
|
||||
diff -up chromium-121.0.6167.16/third_party/blink/renderer/core/BUILD.gn.mnemonic-error chromium-121.0.6167.16/third_party/blink/renderer/core/BUILD.gn
|
||||
--- chromium-121.0.6167.16/third_party/blink/renderer/core/BUILD.gn.mnemonic-error 2023-12-19 18:14:43.027723832 +0100
|
||||
+++ chromium-121.0.6167.16/third_party/blink/renderer/core/BUILD.gn 2023-12-19 18:39:47.492384620 +0100
|
||||
@@ -1731,8 +1731,6 @@ action_foreach("element_locator_test_pro
|
||||
python_path_root = "${root_out_dir}/pyproto"
|
||||
python_path_proto = "${python_path_root}/third_party/blink/renderer/core/lcp_critical_path_predictor"
|
||||
|
||||
- mnemonic = "ELOC_PROTO"
|
||||
-
|
||||
source_dir = "lcp_critical_path_predictor/test_proto"
|
||||
sources = rebase_path([ "lcp_image_id.asciipb" ], "", source_dir)
|
||||
sources += rebase_path([ "lcp_image_id_b.asciipb" ], "", source_dir)
|
@ -1,13 +0,0 @@
|
||||
diff -up chromium-122.0.6261.57/tools/json_to_struct/json_to_struct.py.me chromium-122.0.6261.57/tools/json_to_struct/json_to_struct.py
|
||||
--- chromium-122.0.6261.57/tools/json_to_struct/json_to_struct.py.me 2024-02-23 12:04:45.451423995 +0100
|
||||
+++ chromium-122.0.6261.57/tools/json_to_struct/json_to_struct.py 2024-02-23 12:18:04.099824392 +0100
|
||||
@@ -124,7 +124,8 @@ def _GenerateH(basepath, fileroot, head,
|
||||
f.write(u'#include <cstddef>\n')
|
||||
f.write(u'\n')
|
||||
|
||||
- if system_headers := schema.get(u'system-headers', []):
|
||||
+ system_headers = schema.get(u'system-headers', [])
|
||||
+ if system_headers:
|
||||
for header in system_headers:
|
||||
f.write(u'#include <%s>\n' % header)
|
||||
f.write(u'\n')
|
@ -1,32 +0,0 @@
|
||||
commit 04866680f4f9a8475ae3795ad6ed59649ba478d7
|
||||
Author: Jose Dapena Paz <jdapena@igalia.com>
|
||||
Date: Tue Jan 23 12:04:05 2024 +0000
|
||||
|
||||
libstdc++: fix static assertion in NodeUuidEquality
|
||||
|
||||
libstdc++ equality checks in static assertion that it is possible to
|
||||
compare for equality base::Uuid to BookmarkNode*. This was a missing
|
||||
operator in NodeUuidEquality that this changeset adds.
|
||||
|
||||
Bug: 957519
|
||||
Change-Id: Icc9809cb43d321f0b3e3394ef27ab55672aec5e7
|
||||
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5227686
|
||||
Reviewed-by: Mikel Astiz <mastiz@chromium.org>
|
||||
Commit-Queue: José Dapena Paz <jdapena@igalia.com>
|
||||
Cr-Commit-Position: refs/heads/main@{#1250753}
|
||||
|
||||
diff --git a/components/bookmarks/browser/uuid_index.h b/components/bookmarks/browser/uuid_index.h
|
||||
index 77cb1a1a54dd9..639d6fefcd831 100644
|
||||
--- a/components/bookmarks/browser/uuid_index.h
|
||||
+++ b/components/bookmarks/browser/uuid_index.h
|
||||
@@ -23,6 +23,10 @@ class NodeUuidEquality {
|
||||
bool operator()(const BookmarkNode* n1, const base::Uuid& uuid2) const {
|
||||
return n1->uuid() == uuid2;
|
||||
}
|
||||
+
|
||||
+ bool operator()(const base::Uuid& uuid1, const BookmarkNode* n2) const {
|
||||
+ return uuid1 == n2->uuid();
|
||||
+ }
|
||||
};
|
||||
|
||||
// Used to hash BookmarkNode instances by UUID.
|
@ -1,44 +0,0 @@
|
||||
commit 5517d167c083885847a08a83b96da03b1eb2bc3e
|
||||
Author: Jose Dapena Paz <jdapena@igalia.com>
|
||||
Date: Tue Jan 23 15:34:35 2024 +0000
|
||||
|
||||
libstdc++: do not require including unique_ptr in header
|
||||
|
||||
Including std::unique_ptr declaration initial value requires
|
||||
declaration of contained type.
|
||||
|
||||
Bug: 957519
|
||||
Change-Id: If9b0362b6cea48a395041faa82f83b6f48b98403
|
||||
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5225137
|
||||
Reviewed-by: Caroline Rising <corising@chromium.org>
|
||||
Commit-Queue: José Dapena Paz <jdapena@igalia.com>
|
||||
Cr-Commit-Position: refs/heads/main@{#1250826}
|
||||
|
||||
diff --git a/chrome/browser/ui/views/toolbar/toolbar_view.h b/chrome/browser/ui/views/toolbar/toolbar_view.h
|
||||
index ec3e34a86f4c5..32ca27b6d126b 100644
|
||||
--- a/chrome/browser/ui/views/toolbar/toolbar_view.h
|
||||
+++ b/chrome/browser/ui/views/toolbar/toolbar_view.h
|
||||
@@ -311,8 +311,7 @@ class ToolbarView : public views::AccessiblePaneView,
|
||||
AppMenuIconController app_menu_icon_controller_;
|
||||
|
||||
std::unique_ptr<ChromeLabsModel> chrome_labs_model_;
|
||||
- std::unique_ptr<ExtensionsToolbarCoordinator>
|
||||
- extensions_toolbar_coordinator_ = nullptr;
|
||||
+ std::unique_ptr<ExtensionsToolbarCoordinator> extensions_toolbar_coordinator_;
|
||||
|
||||
// Controls whether or not a home button should be shown on the toolbar.
|
||||
BooleanPrefMember show_home_button_;
|
||||
diff --git a/chrome/browser/ui/views/web_apps/frame_toolbar/web_app_toolbar_button_container.h b/chrome/browser/ui/views/web_apps/frame_toolbar/web_app_toolbar_button_container.h
|
||||
index 3046c543c7c8e..46ff5d40ffad3 100644
|
||||
--- a/chrome/browser/ui/views/web_apps/frame_toolbar/web_app_toolbar_button_container.h
|
||||
+++ b/chrome/browser/ui/views/web_apps/frame_toolbar/web_app_toolbar_button_container.h
|
||||
@@ -150,8 +150,7 @@ class WebAppToolbarButtonContainer : public views::View,
|
||||
std::unique_ptr<PageActionIconController> page_action_icon_controller_;
|
||||
int page_action_insertion_point_ = 0;
|
||||
|
||||
- std::unique_ptr<ExtensionsToolbarCoordinator>
|
||||
- extensions_toolbar_coordinator_ = nullptr;
|
||||
+ std::unique_ptr<ExtensionsToolbarCoordinator> extensions_toolbar_coordinator_;
|
||||
|
||||
// All remaining members are owned by the views hierarchy.
|
||||
raw_ptr<WebAppOriginText> web_app_origin_text_ = nullptr;
|
@ -0,0 +1,228 @@
|
||||
commit 57526b8dc45b2e6c67bba7306f1dde73b1f2910c
|
||||
Author: sisidovski <sisidovski@chromium.org>
|
||||
Date: Tue Oct 24 09:32:49 2023 +0000
|
||||
|
||||
Remove unused items from the RaceNetworkRequest hashmap
|
||||
|
||||
When the AutoPreload or the race-network-and-fetch-handler option in the
|
||||
static routing API is enabled, network requests are dispatched and
|
||||
URLLoaderFactories are held in a hashmap in ServiceWorkerGlobalScope.
|
||||
Those are consumed inside the fetch handler when fetch(e.request) is
|
||||
called. But if the fetch handler doesn't call fetch() e.g. fallback,
|
||||
those hashmap items does not have a chance to be removed.
|
||||
|
||||
This CL changes the hashmap items to be removed when the fetch event
|
||||
finishes, and the URLLoaderFactory is still not consumed at that time.
|
||||
This may loose the dedupe capability if fetch() is called later e.g.
|
||||
setTimeout(() => fetch()), but it makes sense to prioritize keeping the
|
||||
hashmap small.
|
||||
|
||||
Change-Id: I51bdc9d5eb5185f2b5b4df6ee785715b1180c848
|
||||
Bug: 1492640
|
||||
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4964840
|
||||
Reviewed-by: Minoru Chikamune <chikamune@chromium.org>
|
||||
Commit-Queue: Yoshisato Yanagisawa <yyanagisawa@chromium.org>
|
||||
Reviewed-by: Yoshisato Yanagisawa <yyanagisawa@chromium.org>
|
||||
Cr-Commit-Position: refs/heads/main@{#1214064}
|
||||
|
||||
diff -up chromium-123.0.6312.46/third_party/blink/renderer/modules/service_worker/service_worker_global_scope.cc.me chromium-123.0.6312.46/third_party/blink/renderer/modules/service_worker/service_worker_global_scope.cc
|
||||
--- chromium-123.0.6312.46/third_party/blink/renderer/modules/service_worker/service_worker_global_scope.cc.me 2024-03-18 10:34:27.604707632 +0100
|
||||
+++ chromium-123.0.6312.46/third_party/blink/renderer/modules/service_worker/service_worker_global_scope.cc 2024-03-18 11:52:14.309983505 +0100
|
||||
@@ -46,7 +46,6 @@
|
||||
#include "services/network/public/cpp/cross_origin_embedder_policy.h"
|
||||
#include "services/network/public/mojom/cookie_manager.mojom-blink.h"
|
||||
#include "services/network/public/mojom/cross_origin_embedder_policy.mojom.h"
|
||||
-#include "services/network/public/mojom/url_loader_factory.mojom-blink.h"
|
||||
#include "third_party/blink/public/common/features.h"
|
||||
#include "third_party/blink/public/mojom/fetch/fetch_api_request.mojom-blink.h"
|
||||
#include "third_party/blink/public/mojom/notifications/notification.mojom-blink.h"
|
||||
@@ -1097,10 +1096,6 @@ void ServiceWorkerGlobalScope::DidHandle
|
||||
TRACE_ID_WITH_SCOPE(kServiceWorkerGlobalScopeTraceScope,
|
||||
TRACE_ID_LOCAL(event_id)),
|
||||
TRACE_EVENT_FLAG_FLOW_IN, "status", MojoEnumToString(status));
|
||||
-
|
||||
- // Delete the URLLoaderFactory for the RaceNetworkRequest if it's not used.
|
||||
- RemoveItemFromRaceNetworkRequests(event_id);
|
||||
-
|
||||
if (!RunEventCallback(&fetch_event_callbacks_, event_queue_.get(), event_id,
|
||||
status)) {
|
||||
// The event may have been aborted. Its response callback also needs to be
|
||||
@@ -1500,7 +1495,6 @@ void ServiceWorkerGlobalScope::AbortCall
|
||||
response_callback_iter->value->TakeValue().reset();
|
||||
fetch_response_callbacks_.erase(response_callback_iter);
|
||||
}
|
||||
- RemoveItemFromRaceNetworkRequests(event_id);
|
||||
|
||||
// Run the event callback with the error code.
|
||||
auto event_callback_iter = fetch_event_callbacks_.find(event_id);
|
||||
@@ -1588,11 +1582,52 @@ void ServiceWorkerGlobalScope::StartFetc
|
||||
|
||||
if (params->race_network_request_loader_factory &&
|
||||
params->request->service_worker_race_network_request_token) {
|
||||
- InsertNewItemToRaceNetworkRequests(
|
||||
- event_id,
|
||||
- params->request->service_worker_race_network_request_token.value(),
|
||||
- std::move(params->race_network_request_loader_factory),
|
||||
- params->request->url);
|
||||
+ auto insert_result = race_network_request_loader_factories_.insert(
|
||||
+ String(params->request->service_worker_race_network_request_token
|
||||
+ ->ToString()),
|
||||
+ std::move(params->race_network_request_loader_factory));
|
||||
+
|
||||
+ // DumpWithoutCrashing if the token is empty, or not inserted as a new entry
|
||||
+ // to |race_network_request_loader_factories_|.
|
||||
+ // TODO(crbug.com/1492640) Remove DumpWithoutCrashing once we collect data
|
||||
+ // and identify the cause.
|
||||
+ static bool has_dumped_without_crashing_for_empty_token = false;
|
||||
+ static bool has_dumped_without_crashing_for_not_new_entry = false;
|
||||
+ if (!has_dumped_without_crashing_for_empty_token &&
|
||||
+ params->request->service_worker_race_network_request_token
|
||||
+ ->is_empty()) {
|
||||
+ has_dumped_without_crashing_for_empty_token = true;
|
||||
+ SCOPED_CRASH_KEY_BOOL(
|
||||
+ "SWGlobalScope", "empty_race_token",
|
||||
+ params->request->service_worker_race_network_request_token
|
||||
+ ->is_empty());
|
||||
+ SCOPED_CRASH_KEY_STRING64(
|
||||
+ "SWGlobalScope", "race_token_string",
|
||||
+ params->request->service_worker_race_network_request_token
|
||||
+ ->ToString());
|
||||
+ SCOPED_CRASH_KEY_BOOL("SWGlobalScope", "race_insert_new_entry",
|
||||
+ insert_result.is_new_entry);
|
||||
+ SCOPED_CRASH_KEY_STRING256("SWGlobalScope", "race_request_url",
|
||||
+ params->request->url.GetString().Utf8());
|
||||
+ base::debug::DumpWithoutCrashing();
|
||||
+ }
|
||||
+ if (!has_dumped_without_crashing_for_not_new_entry &&
|
||||
+ !insert_result.is_new_entry) {
|
||||
+ has_dumped_without_crashing_for_not_new_entry = true;
|
||||
+ SCOPED_CRASH_KEY_BOOL(
|
||||
+ "SWGlobalScope", "empty_race_token",
|
||||
+ params->request->service_worker_race_network_request_token
|
||||
+ ->is_empty());
|
||||
+ SCOPED_CRASH_KEY_STRING64(
|
||||
+ "SWGlobalScope", "race_token_string",
|
||||
+ params->request->service_worker_race_network_request_token
|
||||
+ ->ToString());
|
||||
+ SCOPED_CRASH_KEY_BOOL("SWGlobalScope", "race_insert_new_entry",
|
||||
+ insert_result.is_new_entry);
|
||||
+ SCOPED_CRASH_KEY_STRING256("SWGlobalScope", "race_request_url",
|
||||
+ params->request->url.GetString().Utf8());
|
||||
+ base::debug::DumpWithoutCrashing();
|
||||
+ }
|
||||
}
|
||||
|
||||
Request* request = Request::Create(
|
||||
@@ -2805,71 +2840,12 @@ bool ServiceWorkerGlobalScope::SetAttrib
|
||||
std::optional<mojo::PendingRemote<network::mojom::blink::URLLoaderFactory>>
|
||||
ServiceWorkerGlobalScope::FindRaceNetworkRequestURLLoaderFactory(
|
||||
const base::UnguessableToken& token) {
|
||||
- std::unique_ptr<RaceNetworkRequestInfo> result =
|
||||
- race_network_requests_.Take(String(token.ToString()));
|
||||
+ mojo::PendingRemote<network::mojom::blink::URLLoaderFactory> result =
|
||||
+ race_network_request_loader_factories_.Take(String(token.ToString()));
|
||||
if (result) {
|
||||
- race_network_request_fetch_event_ids_.erase(result->fetch_event_id);
|
||||
- return std::optional<
|
||||
- mojo::PendingRemote<network::mojom::blink::URLLoaderFactory>>(
|
||||
- std::move(result->url_loader_factory));
|
||||
+ return result;
|
||||
}
|
||||
return std::nullopt;
|
||||
}
|
||||
|
||||
-void ServiceWorkerGlobalScope::InsertNewItemToRaceNetworkRequests(
|
||||
- int fetch_event_id,
|
||||
- const base::UnguessableToken& token,
|
||||
- mojo::PendingRemote<network::mojom::blink::URLLoaderFactory>
|
||||
- url_loader_factory,
|
||||
- const KURL& request_url) {
|
||||
- auto race_network_request_token = String(token.ToString());
|
||||
- auto info = std::make_unique<RaceNetworkRequestInfo>(
|
||||
- fetch_event_id, race_network_request_token,
|
||||
- std::move(url_loader_factory));
|
||||
- race_network_request_fetch_event_ids_.insert(fetch_event_id, info.get());
|
||||
- auto insert_result = race_network_requests_.insert(race_network_request_token,
|
||||
- std::move(info));
|
||||
-
|
||||
- // DumpWithoutCrashing if the token is empty, or not inserted as a new entry
|
||||
- // to |race_network_request_loader_factories_|.
|
||||
- // TODO(crbug.com/1492640) Remove DumpWithoutCrashing once we collect data
|
||||
- // and identify the cause.
|
||||
- static bool has_dumped_without_crashing_for_empty_token = false;
|
||||
- static bool has_dumped_without_crashing_for_not_new_entry = false;
|
||||
- if (!has_dumped_without_crashing_for_empty_token && token.is_empty()) {
|
||||
- has_dumped_without_crashing_for_empty_token = true;
|
||||
- SCOPED_CRASH_KEY_BOOL("SWGlobalScope", "empty_race_token",
|
||||
- token.is_empty());
|
||||
- SCOPED_CRASH_KEY_STRING64("SWGlobalScope", "race_token_string",
|
||||
- token.ToString());
|
||||
- SCOPED_CRASH_KEY_BOOL("SWGlobalScope", "race_insert_new_entry",
|
||||
- insert_result.is_new_entry);
|
||||
- SCOPED_CRASH_KEY_STRING256("SWGlobalScope", "race_request_url",
|
||||
- request_url.GetString().Utf8());
|
||||
- base::debug::DumpWithoutCrashing();
|
||||
- }
|
||||
- if (!has_dumped_without_crashing_for_not_new_entry &&
|
||||
- !insert_result.is_new_entry) {
|
||||
- has_dumped_without_crashing_for_not_new_entry = true;
|
||||
- SCOPED_CRASH_KEY_BOOL("SWGlobalScope", "empty_race_token",
|
||||
- token.is_empty());
|
||||
- SCOPED_CRASH_KEY_STRING64("SWGlobalScope", "race_token_string",
|
||||
- token.ToString());
|
||||
- SCOPED_CRASH_KEY_BOOL("SWGlobalScope", "race_insert_new_entry",
|
||||
- insert_result.is_new_entry);
|
||||
- SCOPED_CRASH_KEY_STRING256("SWGlobalScope", "race_request_url",
|
||||
- request_url.GetString().Utf8());
|
||||
- base::debug::DumpWithoutCrashing();
|
||||
- }
|
||||
-}
|
||||
-
|
||||
-void ServiceWorkerGlobalScope::RemoveItemFromRaceNetworkRequests(
|
||||
- int fetch_event_id) {
|
||||
- RaceNetworkRequestInfo* info =
|
||||
- race_network_request_fetch_event_ids_.Take(fetch_event_id);
|
||||
- if (info) {
|
||||
- race_network_requests_.erase(info->token);
|
||||
- }
|
||||
-}
|
||||
-
|
||||
} // namespace blink
|
||||
diff -up chromium-123.0.6312.46/third_party/blink/renderer/modules/service_worker/service_worker_global_scope.h.me chromium-123.0.6312.46/third_party/blink/renderer/modules/service_worker/service_worker_global_scope.h
|
||||
--- chromium-123.0.6312.46/third_party/blink/renderer/modules/service_worker/service_worker_global_scope.h.me 2024-03-18 10:26:14.905817501 +0100
|
||||
+++ chromium-123.0.6312.46/third_party/blink/renderer/modules/service_worker/service_worker_global_scope.h 2024-03-18 11:47:58.202198028 +0100
|
||||
@@ -623,14 +623,6 @@ class MODULES_EXPORT ServiceWorkerGlobal
|
||||
// ServiceWorker.FetchEvent.QueuingTime histogram.
|
||||
void RecordQueuingTime(base::TimeTicks created_time);
|
||||
|
||||
- void InsertNewItemToRaceNetworkRequests(
|
||||
- int fetch_event_id,
|
||||
- const base::UnguessableToken& token,
|
||||
- mojo::PendingRemote<network::mojom::blink::URLLoaderFactory>
|
||||
- url_loader_factory,
|
||||
- const KURL& request_url);
|
||||
- void RemoveItemFromRaceNetworkRequests(int fetch_event_id);
|
||||
-
|
||||
Member<ServiceWorkerClients> clients_;
|
||||
Member<ServiceWorkerRegistration> registration_;
|
||||
Member<::blink::ServiceWorker> service_worker_;
|
||||
@@ -776,17 +768,10 @@ class MODULES_EXPORT ServiceWorkerGlobal
|
||||
|
||||
blink::BlinkStorageKey storage_key_;
|
||||
|
||||
- struct RaceNetworkRequestInfo {
|
||||
- int fetch_event_id;
|
||||
- String token;
|
||||
- mojo::PendingRemote<network::mojom::blink::URLLoaderFactory>
|
||||
- url_loader_factory;
|
||||
- };
|
||||
// TODO(crbug.com/918702) WTF::HashMap cannot use base::UnguessableToken as a
|
||||
// key. As a workaround uses WTF::String as a key instead.
|
||||
- HashMap<String, std::unique_ptr<RaceNetworkRequestInfo>>
|
||||
- race_network_requests_;
|
||||
- HashMap<int, RaceNetworkRequestInfo*> race_network_request_fetch_event_ids_;
|
||||
+ HashMap<String, mojo::PendingRemote<network::mojom::blink::URLLoaderFactory>>
|
||||
+ race_network_request_loader_factories_;
|
||||
|
||||
HeapMojoAssociatedRemote<mojom::blink::AssociatedInterfaceProvider>
|
||||
remote_associated_interfaces_{this};
|
@ -0,0 +1,12 @@
|
||||
diff -up chromium-123.0.6312.46/build/config/compiler/BUILD.gn.fstack-protector-strong chromium-123.0.6312.46/build/config/compiler/BUILD.gn
|
||||
--- chromium-123.0.6312.46/build/config/compiler/BUILD.gn.fstack-protector-strong 2024-03-15 11:46:34.542248116 +0100
|
||||
+++ chromium-123.0.6312.46/build/config/compiler/BUILD.gn 2024-03-15 11:59:02.970849847 +0100
|
||||
@@ -382,7 +382,7 @@ config("compiler") {
|
||||
} else if ((is_posix && !is_chromeos && !is_nacl) || is_fuchsia) {
|
||||
if (current_os != "aix") {
|
||||
# Not available on aix.
|
||||
- cflags += [ "-fstack-protector" ]
|
||||
+ cflags += [ "-fstack-protector-strong" ]
|
||||
}
|
||||
}
|
||||
}
|
@ -0,0 +1,27 @@
|
||||
diff -up chromium-122.0.6261.57/tools/json_to_struct/json_to_struct.py.me chromium-122.0.6261.57/tools/json_to_struct/json_to_struct.py
|
||||
--- chromium-122.0.6261.57/tools/json_to_struct/json_to_struct.py.me 2024-02-23 12:04:45.451423995 +0100
|
||||
+++ chromium-122.0.6261.57/tools/json_to_struct/json_to_struct.py 2024-02-23 12:18:04.099824392 +0100
|
||||
@@ -124,7 +124,8 @@ def _GenerateH(basepath, fileroot, head,
|
||||
f.write(u'#include <cstddef>\n')
|
||||
f.write(u'\n')
|
||||
|
||||
- if system_headers := schema.get(u'system-headers', []):
|
||||
+ system_headers = schema.get(u'system-headers', [])
|
||||
+ if system_headers:
|
||||
for header in system_headers:
|
||||
f.write(u'#include <%s>\n' % header)
|
||||
f.write(u'\n')
|
||||
diff -up chromium-123.0.6312.46/tools/metrics/histograms/expand_owners.py.me chromium-123.0.6312.46/tools/metrics/histograms/expand_owners.py
|
||||
--- chromium-123.0.6312.46/tools/metrics/histograms/expand_owners.py.me 2024-03-18 14:40:57.871904209 +0100
|
||||
+++ chromium-123.0.6312.46/tools/metrics/histograms/expand_owners.py 2024-03-18 14:47:12.238907146 +0100
|
||||
@@ -209,8 +209,8 @@ def _ComponentFromDirmd(json_data, subpa
|
||||
"""
|
||||
dirmd = json_data.get('dirs', {}).get(subpath, {})
|
||||
# If a public Buganizer component is listed, return its component ID.
|
||||
- if buganizer_component := dirmd.get('buganizerPublic',
|
||||
- {}).get('componentId', ''):
|
||||
+ buganizer_component = dirmd.get('buganizerPublic',{}).get('componentId', '')
|
||||
+ if buganizer_component:
|
||||
return buganizer_component
|
||||
# If no component exists for the directory, or if METADATA migration is
|
||||
# incomplete there will be no component information.
|
@ -0,0 +1,133 @@
|
||||
diff -Nur chromium-123.0.6312.46/third_party/rust/chromium_crates_io/vendor/clap_lex-0.7.0/src/ext.rs.me chromium-123.0.6312.46/third_party/rust/chromium_crates_io/vendor/clap_lex-0.7.0/src/ext.rs
|
||||
--- chromium-123.0.6312.46/third_party/rust/chromium_crates_io/vendor/clap_lex-0.7.0/src/ext.rs.me 2024-03-13 20:36:17.000000000 +0100
|
||||
+++ chromium-123.0.6312.46/third_party/rust/chromium_crates_io/vendor/clap_lex-0.7.0/src/ext.rs 2024-03-13 00:38:18.000000000 +0100
|
||||
@@ -2,9 +2,6 @@
|
||||
|
||||
pub trait OsStrExt: private::Sealed {
|
||||
/// Converts to a string slice.
|
||||
- ///
|
||||
- /// The Utf8Error is guaranteed to have a valid UTF8 boundary
|
||||
- /// in its `valid_up_to()`
|
||||
fn try_str(&self) -> Result<&str, std::str::Utf8Error>;
|
||||
/// Returns `true` if the given pattern matches a sub-slice of
|
||||
/// this string slice.
|
||||
@@ -183,7 +180,7 @@
|
||||
|
||||
impl OsStrExt for OsStr {
|
||||
fn try_str(&self) -> Result<&str, std::str::Utf8Error> {
|
||||
- let bytes = self.as_encoded_bytes();
|
||||
+ let bytes = to_bytes(self);
|
||||
std::str::from_utf8(bytes)
|
||||
}
|
||||
|
||||
@@ -192,22 +189,22 @@
|
||||
}
|
||||
|
||||
fn find(&self, needle: &str) -> Option<usize> {
|
||||
- let bytes = self.as_encoded_bytes();
|
||||
+ let bytes = to_bytes(self);
|
||||
(0..=self.len().checked_sub(needle.len())?)
|
||||
.find(|&x| bytes[x..].starts_with(needle.as_bytes()))
|
||||
}
|
||||
|
||||
fn strip_prefix(&self, prefix: &str) -> Option<&OsStr> {
|
||||
- let bytes = self.as_encoded_bytes();
|
||||
+ let bytes = to_bytes(self);
|
||||
bytes.strip_prefix(prefix.as_bytes()).map(|s| {
|
||||
// SAFETY:
|
||||
- // - This came from `as_encoded_bytes`
|
||||
- // - Since `prefix` is `&str`, any split will be along UTF-8 boundary
|
||||
- unsafe { OsStr::from_encoded_bytes_unchecked(s) }
|
||||
+ // - This came from `to_bytes`
|
||||
+ // - Since `prefix` is `&str`, any split will be along UTF-8 boundarie
|
||||
+ unsafe { to_os_str_unchecked(s) }
|
||||
})
|
||||
}
|
||||
fn starts_with(&self, prefix: &str) -> bool {
|
||||
- let bytes = self.as_encoded_bytes();
|
||||
+ let bytes = to_bytes(self);
|
||||
bytes.starts_with(prefix.as_bytes())
|
||||
}
|
||||
|
||||
@@ -222,18 +219,13 @@
|
||||
fn split_once(&self, needle: &'_ str) -> Option<(&OsStr, &OsStr)> {
|
||||
let start = self.find(needle)?;
|
||||
let end = start + needle.len();
|
||||
- let haystack = self.as_encoded_bytes();
|
||||
+ let haystack = to_bytes(self);
|
||||
let first = &haystack[0..start];
|
||||
let second = &haystack[end..];
|
||||
// SAFETY:
|
||||
- // - This came from `as_encoded_bytes`
|
||||
- // - Since `needle` is `&str`, any split will be along UTF-8 boundary
|
||||
- unsafe {
|
||||
- Some((
|
||||
- OsStr::from_encoded_bytes_unchecked(first),
|
||||
- OsStr::from_encoded_bytes_unchecked(second),
|
||||
- ))
|
||||
- }
|
||||
+ // - This came from `to_bytes`
|
||||
+ // - Since `needle` is `&str`, any split will be along UTF-8 boundarie
|
||||
+ unsafe { Some((to_os_str_unchecked(first), to_os_str_unchecked(second))) }
|
||||
}
|
||||
}
|
||||
|
||||
@@ -243,6 +235,45 @@
|
||||
impl Sealed for std::ffi::OsStr {}
|
||||
}
|
||||
|
||||
+/// Allow access to raw bytes
|
||||
+///
|
||||
+/// As the non-UTF8 encoding is not defined, the bytes only make sense when compared with
|
||||
+/// 7-bit ASCII or `&str`
|
||||
+///
|
||||
+/// # Compatibility
|
||||
+///
|
||||
+/// There is no guarantee how non-UTF8 bytes will be encoded, even within versions of this crate
|
||||
+/// (since its dependent on rustc)
|
||||
+fn to_bytes(s: &OsStr) -> &[u8] {
|
||||
+ // SAFETY:
|
||||
+ // - Lifetimes are the same
|
||||
+ // - Types are compatible (`OsStr` is effectively a transparent wrapper for `[u8]`)
|
||||
+ // - The primary contract is that the encoding for invalid surrogate code points is not
|
||||
+ // guaranteed which isn't a problem here
|
||||
+ //
|
||||
+ // There is a proposal to support this natively (https://github.com/rust-lang/rust/pull/95290)
|
||||
+ // but its in limbo
|
||||
+ unsafe { std::mem::transmute(s) }
|
||||
+}
|
||||
+
|
||||
+/// Restore raw bytes as `OsStr`
|
||||
+///
|
||||
+/// # Safety
|
||||
+///
|
||||
+/// - `&[u8]` must either by a `&str` or originated with `to_bytes` within the same binary
|
||||
+/// - Any splits of the original `&[u8]` must be done along UTF-8 boundaries
|
||||
+unsafe fn to_os_str_unchecked(s: &[u8]) -> &OsStr {
|
||||
+ // SAFETY:
|
||||
+ // - Lifetimes are the same
|
||||
+ // - Types are compatible (`OsStr` is effectively a transparent wrapper for `[u8]`)
|
||||
+ // - The primary contract is that the encoding for invalid surrogate code points is not
|
||||
+ // guaranteed which isn't a problem here
|
||||
+ //
|
||||
+ // There is a proposal to support this natively (https://github.com/rust-lang/rust/pull/95290)
|
||||
+ // but its in limbo
|
||||
+ std::mem::transmute(s)
|
||||
+}
|
||||
+
|
||||
pub struct Split<'s, 'n> {
|
||||
haystack: Option<&'s OsStr>,
|
||||
needle: &'n str,
|
||||
@@ -275,10 +306,7 @@
|
||||
///
|
||||
/// `index` must be at a valid UTF-8 boundary
|
||||
pub(crate) unsafe fn split_at(os: &OsStr, index: usize) -> (&OsStr, &OsStr) {
|
||||
- let bytes = os.as_encoded_bytes();
|
||||
+ let bytes = to_bytes(os);
|
||||
let (first, second) = bytes.split_at(index);
|
||||
- (
|
||||
- OsStr::from_encoded_bytes_unchecked(first),
|
||||
- OsStr::from_encoded_bytes_unchecked(second),
|
||||
- )
|
||||
+ (to_os_str_unchecked(first), to_os_str_unchecked(second))
|
||||
}
|
Loading…
Reference in new issue