diff --git a/VERSION b/VERSION
index ec87108d821a5..74ecad8a34195 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-4.2.3
\ No newline at end of file
+4.2.4
\ No newline at end of file
diff --git a/atom/browser/resources/mac/Info.plist b/atom/browser/resources/mac/Info.plist
index 780b51afab054..5a68987ba7d9d 100644
--- a/atom/browser/resources/mac/Info.plist
+++ b/atom/browser/resources/mac/Info.plist
@@ -17,9 +17,9 @@
CFBundleIconFile
electron.icns
CFBundleVersion
- 4.2.3
+ 4.2.4
CFBundleShortVersionString
- 4.2.3
+ 4.2.4
LSApplicationCategoryType
public.app-category.developer-tools
LSMinimumSystemVersion
diff --git a/atom/browser/resources/win/atom.rc b/atom/browser/resources/win/atom.rc
index c25892947bc9a..f9ecc0b890de0 100644
--- a/atom/browser/resources/win/atom.rc
+++ b/atom/browser/resources/win/atom.rc
@@ -50,8 +50,8 @@ END
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 4,2,3,0
- PRODUCTVERSION 4,2,3,0
+ FILEVERSION 4,2,4,0
+ PRODUCTVERSION 4,2,4,0
FILEFLAGSMASK 0x3fL
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -68,12 +68,12 @@ BEGIN
BEGIN
VALUE "CompanyName", "GitHub, Inc."
VALUE "FileDescription", "Electron"
- VALUE "FileVersion", "4.2.3"
+ VALUE "FileVersion", "4.2.4"
VALUE "InternalName", "electron.exe"
VALUE "LegalCopyright", "Copyright (C) 2015 GitHub, Inc. All rights reserved."
VALUE "OriginalFilename", "electron.exe"
VALUE "ProductName", "Electron"
- VALUE "ProductVersion", "4.2.3"
+ VALUE "ProductVersion", "4.2.4"
VALUE "SquirrelAwareVersion", "1"
END
END
diff --git a/atom/common/atom_version.h b/atom/common/atom_version.h
index ea8400bf30864..dbf5f4a208319 100644
--- a/atom/common/atom_version.h
+++ b/atom/common/atom_version.h
@@ -7,7 +7,7 @@
#define ATOM_MAJOR_VERSION 4
#define ATOM_MINOR_VERSION 2
-#define ATOM_PATCH_VERSION 3
+#define ATOM_PATCH_VERSION 4
// clang-format off
// #define ATOM_PRE_RELEASE_VERSION
// clang-format on
diff --git a/package-lock.json b/package-lock.json
index 7d62b9e84dbb3..8efe856191c47 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
{
"name": "electron",
- "version": "4.2.3",
+ "version": "4.2.4",
"lockfileVersion": 1,
"requires": true,
"dependencies": {
diff --git a/package.json b/package.json
index f7c7d507bf9fd..aafd0eaa34579 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "electron",
- "version": "4.2.3",
+ "version": "4.2.4",
"repository": "https://github.com/electron/electron",
"description": "Build cross platform desktop apps with JavaScript, HTML, and CSS",
"devDependencies": {
diff --git a/patches/common/chromium/.patches b/patches/common/chromium/.patches
index e18d46f0b274c..b5664d459ace1 100644
--- a/patches/common/chromium/.patches
+++ b/patches/common/chromium/.patches
@@ -105,3 +105,4 @@ restore_live_region_changed_events_for_processing_by_jaws_focus_mode.patch
enable_quic_proxies_for_https_urls.patch
fix_svg_crash_for_v0_distribution_into_foreignobject.patch
filesystem_harden_against_overflows_of_operationid_a_bit_better.patch
+fix_uap_in_imagebitmaploader_filereaderloader.patch
diff --git a/patches/common/chromium/fix_uap_in_imagebitmaploader_filereaderloader.patch b/patches/common/chromium/fix_uap_in_imagebitmaploader_filereaderloader.patch
new file mode 100644
index 0000000000000..005022990975a
--- /dev/null
+++ b/patches/common/chromium/fix_uap_in_imagebitmaploader_filereaderloader.patch
@@ -0,0 +1,134 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Marijn Kruisselbrink
+Date: Thu, 13 Dec 2018 17:09:55 +0000
+Subject: Fix UAP in ImageBitmapLoader/FileReaderLoader
+
+FileReaderLoader stores its client as a raw pointer, so in cases like
+ImageBitmapLoader where the FileReaderLoaderClient really is garbage
+collected we have to make sure to destroy the FileReaderLoader when
+the ExecutionContext that owns it is destroyed.
+
+Bug: 913970
+Change-Id: I40b02115367cf7bf5bbbbb8e9b57874d2510f861
+Reviewed-on: https://chromium-review.googlesource.com/c/1374511
+Reviewed-by: Jeremy Roman
+Commit-Queue: Marijn Kruisselbrink
+Cr-Commit-Position: refs/heads/master@{#616342}
+
+diff --git a/third_party/blink/renderer/core/imagebitmap/image_bitmap_factories.cc b/third_party/blink/renderer/core/imagebitmap/image_bitmap_factories.cc
+index 076b9beeaa6675c5e858a1c7f5a321ab57c606fb..40898b704891c3723574d3afa4aebf72f5cdce5c 100644
+--- a/third_party/blink/renderer/core/imagebitmap/image_bitmap_factories.cc
++++ b/third_party/blink/renderer/core/imagebitmap/image_bitmap_factories.cc
+@@ -238,27 +238,31 @@ void ImageBitmapFactories::DidFinishLoading(ImageBitmapLoader* loader) {
+ pending_loaders_.erase(loader);
+ }
+
++void ImageBitmapFactories::Trace(blink::Visitor* visitor) {
++ visitor->Trace(pending_loaders_);
++ Supplement::Trace(visitor);
++ Supplement::Trace(visitor);
++}
++
+ ImageBitmapFactories::ImageBitmapLoader::ImageBitmapLoader(
+ ImageBitmapFactories& factory,
+ base::Optional crop_rect,
+ ScriptState* script_state,
+ const ImageBitmapOptions& options)
+- : loader_(
++ : ContextLifecycleObserver(ExecutionContext::From(script_state)),
++ loader_(
+ FileReaderLoader::Create(FileReaderLoader::kReadAsArrayBuffer, this)),
+ factory_(&factory),
+ resolver_(ScriptPromiseResolver::Create(script_state)),
+ crop_rect_(crop_rect),
+ options_(options) {}
+
+-void ImageBitmapFactories::ImageBitmapLoader::LoadBlobAsync(
+- Blob* blob) {
++void ImageBitmapFactories::ImageBitmapLoader::LoadBlobAsync(Blob* blob) {
+ loader_->Start(blob->GetBlobDataHandle());
+ }
+
+-void ImageBitmapFactories::Trace(blink::Visitor* visitor) {
+- visitor->Trace(pending_loaders_);
+- Supplement::Trace(visitor);
+- Supplement::Trace(visitor);
++ImageBitmapFactories::ImageBitmapLoader::~ImageBitmapLoader() {
++ DCHECK(!loader_);
+ }
+
+ void ImageBitmapFactories::ImageBitmapLoader::RejectPromise(
+@@ -277,11 +281,20 @@ void ImageBitmapFactories::ImageBitmapLoader::RejectPromise(
+ default:
+ NOTREACHED();
+ }
++ loader_.reset();
+ factory_->DidFinishLoading(this);
+ }
+
++void ImageBitmapFactories::ImageBitmapLoader::ContextDestroyed(
++ ExecutionContext*) {
++ if (loader_)
++ factory_->DidFinishLoading(this);
++ loader_.reset();
++}
++
+ void ImageBitmapFactories::ImageBitmapLoader::DidFinishLoading() {
+ DOMArrayBuffer* array_buffer = loader_->ArrayBufferResult();
++ loader_.reset();
+ if (!array_buffer) {
+ RejectPromise(kAllocationFailureImageBitmapRejectionReason);
+ return;
+@@ -359,6 +372,7 @@ void ImageBitmapFactories::ImageBitmapLoader::ResolvePromiseOnOriginalThread(
+ }
+
+ void ImageBitmapFactories::ImageBitmapLoader::Trace(blink::Visitor* visitor) {
++ ContextLifecycleObserver::Trace(visitor);
+ visitor->Trace(factory_);
+ visitor->Trace(resolver_);
+ }
+diff --git a/third_party/blink/renderer/core/imagebitmap/image_bitmap_factories.h b/third_party/blink/renderer/core/imagebitmap/image_bitmap_factories.h
+index 25bdf1ffd1e85a05ab4ee46aaa81c61294fd7d1a..726012a20f7250ea1166ec03875ebaa10f352a49 100644
+--- a/third_party/blink/renderer/core/imagebitmap/image_bitmap_factories.h
++++ b/third_party/blink/renderer/core/imagebitmap/image_bitmap_factories.h
+@@ -36,6 +36,7 @@
+ #include "third_party/blink/renderer/bindings/core/v8/image_bitmap_source.h"
+ #include "third_party/blink/renderer/bindings/core/v8/script_promise.h"
+ #include "third_party/blink/renderer/bindings/core/v8/script_promise_resolver.h"
++#include "third_party/blink/renderer/core/dom/context_lifecycle_observer.h"
+ #include "third_party/blink/renderer/core/fileapi/file_reader_loader.h"
+ #include "third_party/blink/renderer/core/fileapi/file_reader_loader_client.h"
+ #include "third_party/blink/renderer/core/frame/local_dom_window.h"
+@@ -103,7 +104,10 @@ class ImageBitmapFactories final
+ private:
+ class ImageBitmapLoader final
+ : public GarbageCollectedFinalized,
++ public ContextLifecycleObserver,
+ public FileReaderLoaderClient {
++ USING_GARBAGE_COLLECTED_MIXIN(ImageBitmapLoader);
++
+ public:
+ static ImageBitmapLoader* Create(ImageBitmapFactories& factory,
+ base::Optional crop_rect,
+@@ -115,9 +119,9 @@ class ImageBitmapFactories final
+ void LoadBlobAsync(Blob*);
+ ScriptPromise Promise() { return resolver_->Promise(); }
+
+- void Trace(blink::Visitor*);
++ void Trace(blink::Visitor*) override;
+
+- ~ImageBitmapLoader() override = default;
++ ~ImageBitmapLoader() override;
+
+ private:
+ ImageBitmapLoader(ImageBitmapFactories&,
+@@ -140,6 +144,9 @@ class ImageBitmapFactories final
+ const String& color_space_conversion_option);
+ void ResolvePromiseOnOriginalThread(sk_sp);
+
++ // ContextLifecycleObserver
++ void ContextDestroyed(ExecutionContext*) override;
++
+ // FileReaderLoaderClient
+ void DidStartLoading() override {}
+ void DidReceiveData() override {}
diff --git a/patches/common/v8/.patches b/patches/common/v8/.patches
index b5be23c8d2e4f..33470867abef4 100644
--- a/patches/common/v8/.patches
+++ b/patches/common/v8/.patches
@@ -23,4 +23,5 @@ do_not_export_private_v8_symbols_on_windows.patch
turbofan_fix_wrong_typing_of_speculativesafeintegersubtract.patch
turbofan_restrict_redundancy_elimination_from_widening_types.patch
parser_literalbuffer_expandbuffer_always_grows.patch
+valueserializer_report_if_buffer_expansion_fails_during.patch
liftoff-correctly-unuse-labels.patch
diff --git a/patches/common/v8/valueserializer_report_if_buffer_expansion_fails_during.patch b/patches/common/v8/valueserializer_report_if_buffer_expansion_fails_during.patch
new file mode 100644
index 0000000000000..d7db992c952a6
--- /dev/null
+++ b/patches/common/v8/valueserializer_report_if_buffer_expansion_fails_during.patch
@@ -0,0 +1,164 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Jeremy Roman
+Date: Thu, 13 Dec 2018 18:43:00 -0500
+Subject: ValueSerializer: Report if buffer expansion fails during
+ WriteHostObject.
+
+Also fail early if we detect that we've previously run out of memory and thus
+corrupted the buffer.
+
+Add a unit test for this kind of case.
+
+Bug: chromium:914731
+Change-Id: Iaaf3927209bffeab6fe8ba462d9dd9dad8cbbe2f
+Reviewed-on: https://chromium-review.googlesource.com/c/1377449
+Reviewed-by: Yang Guo
+Commit-Queue: Jeremy Roman
+Cr-Commit-Position: refs/heads/master@{#58248}
+
+diff --git a/src/value-serializer.cc b/src/value-serializer.cc
+index 4c9c9a9aa2d9ce6017bb02448fa474478c9f6308..8c85bd9f5466612937a71f8bfdcb82120f7fb9c7 100644
+--- a/src/value-serializer.cc
++++ b/src/value-serializer.cc
+@@ -344,7 +344,11 @@ void ValueSerializer::TransferArrayBuffer(uint32_t transfer_id,
+ }
+
+ Maybe ValueSerializer::WriteObject(Handle