Branch: refs/heads/webkitglib/2.50
Home: https://github.com/WebKit/WebKit
Commit: d35a201233ab03f23b1b0ec7db8f5a5825be1288
https://github.com/WebKit/WebKit/commit/d35a201233ab03f23b1b0ec7db8f5a5825be1288
Author: Brent Fulgham <[email protected]>
Date: 2025-12-09 (Tue, 09 Dec 2025)
Changed paths:
M Source/WebCore/page/LocalFrameView.cpp
Log Message:
-----------
Cherry-pick 303933@main (def2f7e17e6c).
https://bugs.webkit.org/show_bug.cgi?id=303494
[Intel] Clang x86 optimizer needs help with std::optional::value_or branch
prediction
https://bugs.webkit.org/show_bug.cgi?id=303494
<rdar://problem/164102621>
Reviewed by Matthieu Dubet.
The code change in Bug 301103 introduced a mysterious performance
regression on Intel.
Prior to that patch: usedZoom always held the value of style.usedZoom() (a
float), and
used it. After the patch: usedZoom never holds a value, and so the code
does a
std::forward of m_frame->pageZoomFactor() which is also just returning a
float.
The difference is we always take the false branch for has_value(), when
previously we
took the true branch. PGO would have captured this, so we always take the
wrong path and
fail branch prediction.
Apple Silicon recovered performance after updating PGO, but Intel did not.
This patch helps the Intel optimizer with this branch prediction.
* Source/WebCore/page/LocalFrameView.cpp:
(WebCore::LocalFrameView::documentToAbsoluteScaleFactor const):
Canonical link: https://commits.webkit.org/303933@main
Canonical link: https://commits.webkit.org/298234.314@webkitglib/2.50
Commit: e69cc2a84b0300635db126e92d6adbc05ac7d72e
https://github.com/WebKit/WebKit/commit/e69cc2a84b0300635db126e92d6adbc05ac7d72e
Author: Roberto Rodriguez <[email protected]>
Date: 2025-12-09 (Tue, 09 Dec 2025)
Changed paths:
A LayoutTests/fast/encoding/meta-charset-whitespace-only-expected.txt
A LayoutTests/fast/encoding/meta-charset-whitespace-only.html
A LayoutTests/fast/encoding/meta-charset-whitespace-variations-expected.txt
A LayoutTests/fast/encoding/meta-charset-whitespace-variations.html
M Source/WebCore/html/parser/HTMLMetaCharsetParser.cpp
Log Message:
-----------
Cherry-pick 304132@main (e85dcb7a35a7).
https://bugs.webkit.org/show_bug.cgi?id=303520
Fix out-of-bounds read in HTMLMetaCharsetParser.cpp
https://bugs.webkit.org/show_bug.cgi?id=303520
rdar://163574708
Reviewed by David Kilzer.
A potential out-of-bounds read vulnerability in HTMLMetaCharsetParser.cpp
caused a crash
when processing malformed meta tags containing "charset" followed by
whitespace
(e.g., <meta content="charset ">). The extractCharset() function skipped
whitespace
after finding "charset" but failed to verify the position was still within
bounds before
accessing the next character to check for '=', triggering a hardening check
failure due
to an out of range index.
The fix adds a simple bounds check (if (pos >= length) break;) after the
whitespace-skipping
loop to prevent the attempted out-of-bounds access.
Tests: fast/encoding/meta-charset-whitespace-only.html
fast/encoding/meta-charset-whitespace-variations.html
* LayoutTests/fast/encoding/meta-charset-whitespace-only-expected.txt:
Added.
* LayoutTests/fast/encoding/meta-charset-whitespace-only.html: Added.
*
LayoutTests/fast/encoding/meta-charset-whitespace-variations-expected.txt:
Added.
* LayoutTests/fast/encoding/meta-charset-whitespace-variations.html: Added.
* Source/WebCore/html/parser/HTMLMetaCharsetParser.cpp:
(WebCore::extractCharset):
Originally-landed-as: 301765.353@safari-7623-branch (0bdd687a5d22).
rdar://163574708
Canonical link: https://commits.webkit.org/304132@main
Canonical link: https://commits.webkit.org/298234.315@webkitglib/2.50
Compare: https://github.com/WebKit/WebKit/compare/c4e389b7b052...e69cc2a84b03
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
