diff --git a/chromium-130-size-assertions.patch b/chromium-130-size-assertions.patch new file mode 100644 index 00000000..cc75fb36 --- /dev/null +++ b/chromium-130-size-assertions.patch @@ -0,0 +1,90 @@ +commit f457e3c32b8170a39ead84ceaf9f0fdbe0696649 +Author: Michael Lippautz +Date: Tue Oct 15 19:27:32 2024 +0000 + + Fix size assertions across Blink + + The ASSERT_SIZE() macro is used to check that certain object sizes do + not grow unexpectedly. Fix a few occurrences that assumed that Member + is always the same size as debug builds may blow up the pointer size + to allow verifying some conditions. + + Bug: 373485798 + Change-Id: I243dd7d75810e2cfda0141817986a6c4a03c6392 + Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5934877 + Commit-Queue: Michael Lippautz + Reviewed-by: Steinar H Gunderson + Cr-Commit-Position: refs/heads/main@{#1368939} + +diff --git a/third_party/blink/renderer/core/css/css_selector.cc b/third_party/blink/renderer/core/css/css_selector.cc +index e9cd483e0ce13..3d99eab57489e 100644 +--- a/third_party/blink/renderer/core/css/css_selector.cc ++++ b/third_party/blink/renderer/core/css/css_selector.cc +@@ -88,7 +88,11 @@ unsigned MaximumSpecificity( + + struct SameSizeAsCSSSelector { + unsigned bitfields; +- void* pointers[1]; ++ union { ++ AtomicString value_; ++ QualifiedName tag_q_name_or_attribute_; ++ Member rare_data_; ++ } pointers; + }; + + ASSERT_SIZE(CSSSelector, SameSizeAsCSSSelector); +diff --git a/third_party/blink/renderer/core/css/resolver/match_result.h b/third_party/blink/renderer/core/css/resolver/match_result.h +index c99bae9777094..210ef8610b808 100644 +--- a/third_party/blink/renderer/core/css/resolver/match_result.h ++++ b/third_party/blink/renderer/core/css/resolver/match_result.h +@@ -34,6 +34,7 @@ + #include "third_party/blink/renderer/core/dom/tree_scope.h" + #include "third_party/blink/renderer/platform/heap/collection_support/heap_vector.h" + #include "third_party/blink/renderer/platform/heap/garbage_collected.h" ++#include "third_party/blink/renderer/platform/wtf/size_assertions.h" + #include "third_party/blink/renderer/platform/wtf/vector.h" + + namespace blink { +@@ -88,8 +89,13 @@ struct CORE_EXPORT MatchedProperties { + Member properties; + Data data_; + }; +-static_assert(sizeof(MatchedProperties) <= 12, +- "MatchedProperties should not grow without thinking"); ++ ++struct SameSizeAsMatchedProperties { ++ Member properties; ++ uint8_t data_[8]; ++}; ++ ++ASSERT_SIZE(MatchedProperties, SameSizeAsMatchedProperties); + + } // namespace blink + +diff --git a/third_party/blink/renderer/core/dom/element_data.cc b/third_party/blink/renderer/core/dom/element_data.cc +index 0e616444cbf92..6f3592bfa907b 100644 +--- a/third_party/blink/renderer/core/dom/element_data.cc ++++ b/third_party/blink/renderer/core/dom/element_data.cc +@@ -46,7 +46,8 @@ struct SameSizeAsElementData final + : public GarbageCollected { + unsigned bitfield; + Member willbe_member; +- void* pointers[2]; ++ SpaceSplitString class_names_; ++ void* pointers[1]; + }; + + ASSERT_SIZE(ElementData, SameSizeAsElementData); +diff --git a/third_party/blink/renderer/platform/fonts/shaping/shape_result.cc b/third_party/blink/renderer/platform/fonts/shaping/shape_result.cc +index 98a9f6988ae3d..68b3c922cb362 100644 +--- a/third_party/blink/renderer/platform/fonts/shaping/shape_result.cc ++++ b/third_party/blink/renderer/platform/fonts/shaping/shape_result.cc +@@ -75,7 +75,7 @@ struct SameSizeAsRunInfo { + void* pointers[2]; + unsigned integer; + } glyph_data; +- void* pointer; ++ Member pointer; + Vector vector; + int integers[6]; + }; diff --git a/chromium.spec b/chromium.spec index a087c694..85afbcf3 100644 --- a/chromium.spec +++ b/chromium.spec @@ -354,6 +354,10 @@ Patch354: chromium-126-split-threshold-for-reg-with-hint.patch # fix build error: no member named 'hardware_destructive_interference_size' in namespace 'std' Patch355: chromium-130-hardware_destructive_interference_size.patch +# fix build error on ppc64le +# error: static assertion failed due to requirement 'sizeof(blink::MatchedProperties) <= 12': MatchedProperties should not grow without thinking +Patch356: chromium-130-size-assertions.patch + # set clang_lib path Patch358: chromium-127-rust-clanglib.patch @@ -1058,6 +1062,7 @@ Qt6 UI for chromium. %endif %patch -P355 -p1 -b .hardware_destructive_interference_size +%patch -P356 -p1 -b .size-assertions %patch -P358 -p1 -b .rust-clang_lib %ifarch ppc64le @@ -2200,10 +2205,13 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt * Wed Mar 06 2024 Than Ngo - 122.0.6261.111-1 - upstream security release 122.0.6261.111 - * High CVE-2024-2173: Out of bounds memory access in V8 + * High CVE-2024-2173: Out of bounds memory access in V8 * High CVE-2024-2174: Inappropriate implementation in V8 * High CVE-2024-2176: Use after free in FedCM +* Sat Mar 02 2024 Jiri Vanek - 122.0.6261.94-2 +- Rebuilt for java-21-openjdk as system jdk + * Wed Feb 28 2024 Than Ngo - 122.0.6261.94-1 - upstream security release 122.0.6261.94 * High : Type Confusion in V8