chore: cherry-pick 8 changes from Release-1-M113 #38329
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
VerteDinde
added
security 馃敀
semver/patch
electron-cation
bot
added
new-pr 馃尡
* 91fce3345668 from v8 * 2c8a019f39d2 from v8 * b8020e1973d7 from v8 * d6272b794cbb from chromium * 48785f698b1c from chromium * d0ee0197ddff from angle * 9b6ca211234b from chromium * 675562695049 from chromium
VerteDinde
force-pushed
the
cherry-pick/security/25-x-y/release-1-m113
branch
from
33c2395
to
21ea816
Compare
codebytere
approved these changes
May 22, 2023
zcbenz
approved these changes
May 22, 2023
|
Release Notes Persisted
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
electron/security#346 - 91fce3345668 from v8
[regexp] Handle empty ranges in unicode setsIf a unicode set operation contains only an empty range, we generated a
set expression without operands. However the expression should match
nothing, so add the special operand not matching anything instead.
Bug: chromium:1437346
Change-Id: I8dd58884aaf6915277c80effbda43ea715049146
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4474547
Commit-Queue: Patrick Thier pthier@chromium.org
Reviewed-by: Jakob Linke jgruber@chromium.org
Cr-Commit-Position: refs/heads/main@{#87257}
electron/security#345 - 2c8a019f39d2 from v8
[regexp] Fix clobbered register in global Unicode special caseBug: chromium:1439691
Change-Id: I53f22f484b226b5ad3eb9ffef8a9f44fe962beba
Fixed: chromium:1439691
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4477629
Reviewed-by: Jakob Linke jgruber@chromium.org
Commit-Queue: Shu-yu Guo syg@chromium.org
Cr-Commit-Position: refs/heads/main@{#87288}
electron/security#348 - b8020e1973d7 from v8
[api] Fix v8::Object::SetAccessorProperty... by using JavaScript spec compliant JSReceiver::DefineOwnProperty.
Drive-by:
respective pages of https://tc39.es/ecma262/ when referencing spec,
JSObject::DefineOwnAccessorIgnoreAttributes().
Bug: chromium:1433211
Change-Id: Ia9edaadd68f1986f18581156ad8f79c438b77744
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4458947
Commit-Queue: Igor Sheludko ishell@chromium.org
Reviewed-by: Toon Verwaest verwaest@chromium.org
Cr-Commit-Position: refs/heads/main@{#87302}
electron/security#347 - d6272b794cbb from chromium
[devtools] Delete PendingRequest first in DevToolsDataSourceThe way URLDataSources are used in Chromium, it can happen that the
"content::URLDataSource::GotDataCallback" closure is the last shared
owner of the data source itself. This means that the URLDataSource
is deleted after the callback is done running.
This CL fixes an invalid access to DevToolsDataSource, where we
access
thisin the OnLoadComplete method after we call theGotDataCallback.
R=dsv@chromium.org
Fixed: 1435166
Change-Id: I32e4a717ca27bc011449c8f8efeaffe70aaa8898
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4487280
Reviewed-by: Andrey Kosyakov caseq@chromium.org
Commit-Queue: Simon Z眉nd szuend@chromium.org
Reviewed-by: Danil Somsikov dsv@chromium.org
Cr-Commit-Position: refs/heads/main@{#1138173}
electron/security#350 - 48785f698b1c from chromium
Avoid buffer overflow read in HFSReadNextNonIgnorableCodePointUnicode codepoints goes beyond 0xFFFF.
It exists upper and lower case characters there:
馂ぁvs馂.The buffer overflow occurred when using the lookup table:
Bug: 1425115
Fixed: 1425115
Change-Id: I679da02dbe570283a68176fbd3c0c620caa4f9ce
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4481260
Reviewed-by: Alexander Timin altimin@chromium.org
Commit-Queue: Arthur Sonzogni arthursonzogni@chromium.org
Cr-Commit-Position: refs/heads/main@{#1138234}
electron/security#349 - d0ee0197ddff from angle
WebGL: Limit total size of private data... not just individual arrays.
Bug: chromium:1431761
Change-Id: I721e29aeceeaf12c3f6a67b668abffb8dfbc89b0
Reviewed-on: https://chromium-review.googlesource.com/c/angle/angle/+/4503753
Reviewed-by: Kenneth Russell kbr@chromium.org
Commit-Queue: Shahbaz Youssefi syoussefi@chromium.org
electron/security#343 - 9b6ca211234b from chromium
M114: Store BrowserPluginGuestDelegate as a weak ptrStore BrowserPluginGuestDelegate as a weak ptr
In the case where a webview creates a popup window, the opener web
contents temporarily owns the new guest web contents between the
renderer creating and showing the window. If the opener is destroyed at
this time, the new guest (WebViewGuest) is destroyed as well. Due to
the ordering of the destruction of the new guest web contents, it may
attempt to access the destroyed WebViewGuest through the delegate
interface. We now access this delegate through a weak ptr.
(cherry picked from commit db32d6929cf3177b52b034541e5bd6d3e19e18ca)
Low-Coverage-Reason: NOTREACHED
Bug: 1442516
Change-Id: I417431ad487bc9db0551c1e0363379c5ff455d59
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4515455
Reviewed-by: Alex Moshchuk alexmos@chromium.org
Reviewed-by: James Maclean wjmaclean@chromium.org
Commit-Queue: Kevin McNee mcnee@chromium.org
Cr-Original-Commit-Position: refs/heads/main@{#1141602}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4528155
Auto-Submit: Kevin McNee mcnee@chromium.org
Commit-Queue: Alex Moshchuk alexmos@chromium.org
Cr-Commit-Position: refs/branch-heads/5735@{#540}
Cr-Branched-From: 2f562e4ddbaf79a3f3cb338b4d1bd4398d49eb67-refs/heads/main@{#1135570}
electron/security#342 - 675562695049 from chromium
[M114] Return after ReadyCommitNavigation call in CommitErrorPage if it deletes NavigationRequestNavigationRequest::ReadyToCommitNavigation() can cause deletion of the
NavigationRequest, so callers should check for that possibility after
calling the function. A caller in CommitErrorPage is missing that
check, which this CL adds, along with a regression test.
(cherry picked from commit 42db806805ef2be64ee92803d3a784631b2a7df0)
Bug: 1444360
Change-Id: I3964da4909a6709b7730d25d6497b19c098f4f21
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4520493
Commit-Queue: Charlie Reis creis@chromium.org
Reviewed-by: Charlie Reis creis@chromium.org
Cr-Original-Commit-Position: refs/heads/main@{#1143298}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4531446
Reviewed-by: Prudhvikumar Bommana pbommana@google.com
Commit-Queue: Rakina Zata Amni rakina@chromium.org
Commit-Queue: Prudhvikumar Bommana pbommana@google.com
Owners-Override: Prudhvikumar Bommana pbommana@google.com
Cr-Commit-Position: refs/branch-heads/5735@{#607}
Cr-Branched-From: 2f562e4ddbaf79a3f3cb338b4d1bd4398d49eb67-refs/heads/main@{#1135570}
Notes: