[SCM] qt5webkit packaging branch, master, updated. debian/5.3.2+dfsg-2-2-g7a6b5a2
Lisandro Damián Nicanor Pérez
lisandro at moszumanska.debian.org
Tue Oct 14 18:52:03 UTC 2014
Gitweb-URL: http://git.debian.org/?p=pkg-kde/qt/qt5webkit.git;a=commitdiff;h=7a6b5a2
The following commit has been merged in the master branch:
commit 7a6b5a2d25c25fdddbfd667f5c96460d06c8a1b4
Author: Lisandro Damián Nicanor Pérez Meyer <perezmeyer at gmail.com>
Date: Tue Oct 14 15:51:45 2014 -0300
Backport three patches to fix crashes
---
debian/changelog | 6 +
.../do_not_use_jit_on_big_endian_machines.patch | 41 ++++++
.../patches/fix_cloop_on_big_endian_machines.patch | 142 +++++++++++++++++++++
..._request_is_aborted_while_forwarding_data.patch | 38 ++++++
debian/patches/series | 3 +
5 files changed, 230 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 52c2c0a..d1607dc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,11 @@
qtwebkit-opensource-src (5.3.2+dfsg-3) UNRELEASED; urgency=medium
+ [ Lisandro Damián Nicanor Pérez Meyer ]
+ * Backport three patches to fix crashes:
+ - do_not_use_jit_on_big_endian_machines.patch
+ - fix_cloop_on_big_endian_machines.patch
+ - fix_crash_when_a_network_request_is_aborted_while_forwarding_data.patch
+
-- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org> Tue, 14 Oct 2014 15:47:33 -0300
qtwebkit-opensource-src (5.3.2+dfsg-2) unstable; urgency=medium
diff --git a/debian/patches/do_not_use_jit_on_big_endian_machines.patch b/debian/patches/do_not_use_jit_on_big_endian_machines.patch
new file mode 100644
index 0000000..b50fdd7
--- /dev/null
+++ b/debian/patches/do_not_use_jit_on_big_endian_machines.patch
@@ -0,0 +1,41 @@
+From 0b6f959022700ecf9374bdbb13772242d3f7e617 Mon Sep 17 00:00:00 2001
+From: Allan Sandfeld Jensen <allan.jensen at digia.com>
+Date: Fri, 10 Oct 2014 14:50:18 +0200
+Subject: [PATCH] Do not use JIT on big endian architectures
+
+All the JIT implementations targets the little-endian versions of ARM,
+MIPS and SH4 respectively. So in case anyone builds on those platforms
+we should not enable JIT.
+
+Task-number: QTBUG-41896
+Change-Id: I5be167511e2c3eac6c63e603b82da84fb6b29eaa
+Reviewed-by: Julien Brianceau <jbriance at cisco.com>
+Reviewed-by: Michael Bruning <michael.bruning at digia.com>
+---
+ Source/WTF/wtf/Platform.h | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/Source/WTF/wtf/Platform.h
++++ b/Source/WTF/wtf/Platform.h
+@@ -128,6 +128,9 @@
+ /* CPU(SH4) - SuperH SH-4 */
+ #if defined(__SH4__)
+ #define WTF_CPU_SH4 1
++#ifdef __BIG_ENDIAN__
++#define WTF_CPU_BIG_ENDIAN 1
++#endif
+ #endif
+
+ /* CPU(SPARC32) - SPARC 32-bit */
+@@ -759,6 +762,11 @@
+ #define ENABLE_JIT 0
+ #endif
+
++/* All the current JIT implementations target little-endian */
++#if CPU(BIG_ENDIAN)
++#define ENABLE_JIT 0
++#endif
++
+ /* Disable JIT on x32 */
+ #if CPU(X32)
+ #define ENABLE_JIT 0
diff --git a/debian/patches/fix_cloop_on_big_endian_machines.patch b/debian/patches/fix_cloop_on_big_endian_machines.patch
new file mode 100644
index 0000000..45006d7
--- /dev/null
+++ b/debian/patches/fix_cloop_on_big_endian_machines.patch
@@ -0,0 +1,142 @@
+From 0c58a486f551e7e7b63d438e3d32f21f876327d1 Mon Sep 17 00:00:00 2001
+From: Allan Sandfeld Jensen <allan.jensen at digia.com>
+Date: Thu, 9 Oct 2014 17:40:37 +0200
+Subject: [PATCH] Fix CLoop on big-endian machines
+
+Callee and ScopeChain are JSObject pointers and saved in the 64bit
+structure for JS registers. On a 32bit big-endian machine the actual
+pointer is offset by the PayloadOffset of 4 bytes, but on little-endian
+and 64bit architectures there is no offset.
+
+This patch fixes four places the payloadOffset was not correctly added
+on 32bit big-endian, and six places it was added on 64big big-endian
+when it shouldn't.
+
+Task-number: QTBUG-41896
+Change-Id: I46b474bee9822b8040d1b7b2e8f31ce42e0adefe
+Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte at digia.com>
+---
+ .../JavaScriptCore/llint/LowLevelInterpreter.asm | 25 +++++++++++++---------
+ .../llint/LowLevelInterpreter32_64.asm | 2 +-
+ 2 files changed, 16 insertions(+), 11 deletions(-)
+
+diff --git a/Source/JavaScriptCore/llint/LowLevelInterpreter.asm b/Source/JavaScriptCore/llint/LowLevelInterpreter.asm
+index 2b5a23c..c4d86ee 100644
+--- a/Source/JavaScriptCore/llint/LowLevelInterpreter.asm
++++ b/Source/JavaScriptCore/llint/LowLevelInterpreter.asm
+@@ -87,6 +87,12 @@ else
+ const PayloadOffset = 0
+ end
+
++if JSVALUE64
++ const JSCellPayloadOffset = 0
++else
++ const JSCellPayloadOffset = PayloadOffset
++end
++
+ # Constant for reasoning about butterflies.
+ const IsArray = 1
+ const IndexingShapeMask = 30
+@@ -161,7 +167,6 @@ else
+ const VectorSizeOffset = 8
+ end
+
+-
+ # Some common utilities.
+ macro crash()
+ if C_LOOP
+@@ -267,13 +272,13 @@ macro assertNotConstant(index)
+ end
+
+ macro functionForCallCodeBlockGetter(targetRegister)
+- loadp Callee[cfr], targetRegister
++ loadp Callee + JSCellPayloadOffset[cfr], targetRegister
+ loadp JSFunction::m_executable[targetRegister], targetRegister
+ loadp FunctionExecutable::m_codeBlockForCall[targetRegister], targetRegister
+ end
+
+ macro functionForConstructCodeBlockGetter(targetRegister)
+- loadp Callee[cfr], targetRegister
++ loadp Callee + JSCellPayloadOffset[cfr], targetRegister
+ loadp JSFunction::m_executable[targetRegister], targetRegister
+ loadp FunctionExecutable::m_codeBlockForConstruct[targetRegister], targetRegister
+ end
+@@ -671,7 +676,7 @@ _llint_op_resolve_global_var:
+ macro resolveScopedVarBody(resolveOperations)
+ # First ResolveOperation is to skip scope chain nodes
+ getScope(macro(dest)
+- loadp ScopeChain + PayloadOffset[cfr], dest
++ loadp ScopeChain + JSCellPayloadOffset[cfr], dest
+ end,
+ ResolveOperation::m_scopesToSkip[resolveOperations], t1, t2)
+ loadp JSVariableObject::m_registers[t1], t1 # t1 now contains the activation registers
+@@ -696,7 +701,7 @@ _llint_op_resolve_scoped_var_on_top_scope:
+ loadisFromInstruction(1, t3)
+
+ # We know we want the top scope chain entry
+- loadp ScopeChain + PayloadOffset[cfr], t1
++ loadp ScopeChain + JSCellPayloadOffset[cfr], t1
+ loadp JSVariableObject::m_registers[t1], t1 # t1 now contains the activation registers
+
+ # Second ResolveOperation tells us what offset to use
+@@ -718,7 +723,7 @@ _llint_op_resolve_scoped_var_with_top_scope_check:
+ loadp JSScope::m_next[t1], dest
+ jmp .done
+ .scopeChainNotCreated:
+- loadp ScopeChain + PayloadOffset[cfr], dest
++ loadp ScopeChain + JSCellPayloadOffset[cfr], dest
+ .done:
+ end,
+ # Second ResolveOperation tells us how many more nodes to skip
+@@ -773,7 +778,7 @@ _llint_op_resolve_base_to_scope:
+ getResolveOperation(4, t0)
+ # First ResolveOperation is to skip scope chain nodes
+ getScope(macro(dest)
+- loadp ScopeChain + PayloadOffset[cfr], dest
++ loadp ScopeChain + JSCellPayloadOffset[cfr], dest
+ end,
+ ResolveOperation::m_scopesToSkip[t0], t1, t2)
+ loadisFromInstruction(1, t3)
+@@ -798,7 +803,7 @@ _llint_op_resolve_base_to_scope_with_top_scope_check:
+ loadp JSScope::m_next[t1], dest
+ jmp .done
+ .scopeChainNotCreated:
+- loadp ScopeChain + PayloadOffset[cfr], dest
++ loadp ScopeChain + JSCellPayloadOffset[cfr], dest
+ .done:
+ end,
+ # Second ResolveOperation tells us how many more nodes to skip
+@@ -823,7 +828,7 @@ macro interpretResolveWithBase(opcodeLength, slowPath)
+ getResolveOperation(4, t0)
+ btpz t0, .slowPath
+
+- loadp ScopeChain[cfr], t3
++ loadp ScopeChain + JSCellPayloadOffset[cfr], t3
+ # Get the base
+ loadis ResolveOperation::m_operation[t0], t2
+
+@@ -845,7 +850,7 @@ macro interpretResolveWithBase(opcodeLength, slowPath)
+ loadp JSScope::m_next[t1], dest
+ jmp .done
+ .scopeChainNotCreated:
+- loadp ScopeChain + PayloadOffset[cfr], dest
++ loadp ScopeChain + JSCellPayloadOffset[cfr], dest
+ .done:
+ end,
+ sizeof ResolveOperation + ResolveOperation::m_scopesToSkip[t0], t1, t2)
+diff --git a/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm b/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm
+index 89e40c7..87aa09e 100644
+--- a/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm
++++ b/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm
+@@ -1692,7 +1692,7 @@ _llint_op_next_pname:
+ loadi 20[PC], t2
+ loadi PayloadOffset[cfr, t2, 8], t2
+ loadp JSPropertyNameIterator::m_jsStrings[t2], t3
+- loadi [t3, t0, 8], t3
++ loadi PayloadOffset[t3, t0, 8], t3
+ addi 1, t0
+ storei t0, PayloadOffset[cfr, t1, 8]
+ loadi 4[PC], t1
+--
+2.1.1
+
diff --git a/debian/patches/fix_crash_when_a_network_request_is_aborted_while_forwarding_data.patch b/debian/patches/fix_crash_when_a_network_request_is_aborted_while_forwarding_data.patch
new file mode 100644
index 0000000..19ac009
--- /dev/null
+++ b/debian/patches/fix_crash_when_a_network_request_is_aborted_while_forwarding_data.patch
@@ -0,0 +1,38 @@
+From 13ebee35e169a8b1210851ec494951815c70620c Mon Sep 17 00:00:00 2001
+From: Allan Sandfeld Jensen <allan.jensen at digia.com>
+Date: Mon, 13 Oct 2014 15:32:14 +0200
+Subject: [PATCH] Fix crash when a network-request is aborted while forwarding
+ data
+
+Since we forward data block-wise a network request may be aborted while
+we are still forwarding received data. In that case we should stop the
+forwarding.
+
+Task-number: QTBUG-41877
+Change-Id: Ia34bbdcacdc4eb70a2e814d3b4bada9844abbb83
+Reviewed-by: Michael Bruning <michael.bruning at digia.com>
+---
+ Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp b/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp
+index 5990a40..fc69546 100644
+--- a/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp
++++ b/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp
+@@ -687,9 +687,12 @@ void QNetworkReplyHandler::forwardData()
+ // -1 means we do not provide any data about transfer size to inspector so it would use
+ // Content-Length headers or content size to show transfer size.
+ client->didReceiveData(m_resourceHandle, buffer, readSize, -1);
++ // Check if the request has been aborted or this reply-handler was otherwise released.
++ if (wasAborted() || !m_replyWrapper)
++ break;
+ }
+ delete[] buffer;
+- if (bytesAvailable > 0)
++ if (bytesAvailable > 0 && m_replyWrapper)
+ m_queue.requeue(&QNetworkReplyHandler::forwardData);
+ }
+
+--
+2.1.1
+
diff --git a/debian/patches/series b/debian/patches/series
index 2f363ac..83c64e8 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,4 +1,7 @@
# Upstream patches
+do_not_use_jit_on_big_endian_machines.patch
+fix_cloop_on_big_endian_machines.patch
+fix_crash_when_a_network_request_is_aborted_while_forwarding_data.patch
# debian patches
reduce_memory_usage.patch
--
qt5webkit packaging
More information about the pkg-kde-commits
mailing list