The accessor returns an unbounded void* which is dangerous to use.
Callers should instead use GetMemoryAsSpan() or GetMemoryAs(). To ease
this we introduce `uint8_t* data()` which allows SharedMemoryMappings
to convert implicitly or explicitly to base::span<uint8_t>.
We enable unsafe-buffer-usage warning in the shared memory unit tests,
which mostly required changing tests to use span apis instead of
working with the unbounded pointer accessor. The span apis
return the same pointer but with a length attached.
Other code is changed to span(mapping), GetMemoryAsSpan() or
GetMemoryAs(). These require the types being pulled out of shared
memory are trivially copyable. However a couple classes used in this
way in devices were _not_ trivially copyable. This can cause UB.
These classes wanted to be trivially copyable but could not be
because of the out-of-line ctor requirements of the chromium clang
plugin. So we template these and use a type alias to avoid rewriting
1000 LOC with useless template arguments. This works around the clang
plugin for now.
R=lukasza@chromium.org
Bug: 40284755, 355003174
Change-Id: Id7fd4c9bcf0b86b8109134c18740453bb24aa5de
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5734584
Reviewed-by: James Cook <jamescook@chromium.org>
Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org>
Reviewed-by: Khushal Sagar <khushalsagar@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Owners-Override: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: danakj <danakj@chromium.org>
Reviewed-by: Reilly Grant <reillyg@chromium.org>
Code-Coverage: findit-for-me@appspot.gserviceaccount.com <findit-for-me@appspot.gserviceaccount.com>
Reviewed-by: Jonathan Ross <jonross@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1333755}
Suppress unsafe buffer usage on a file-by-file basis. Out of
approximately 5850 .cc and .h files only roughly 160 files fail
compilation with the unsafe buffers warning.
Suppress only, by inserting boilerplate into affected files. Do not
re-write any code to work around the issues. Properly fixing each file
will be done in follow-up CLs.
//content/ is not removed from unsafe_bufers_paths.txt file and will be
also done as a follow-up, so it makes potential reverts simpler.
Bug: 342213636
Change-Id: I4a936e63dea95a78951f7bfae6d5487708ae3c0b
AX-Relnotes: n/a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5608913
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Owners-Override: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Nasko Oskov <nasko@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1312393}
The canonical bug format is TODO(crbug.com/<id>). TODOs of the
following forms will all be migrated to the new format:
- TODO(crbug.com/<old id>)
- TODO(https://crbug.com/<old id>)
- TODO(crbug/<old id>)
- TODO(crbug/monorail/<old id>)
- TODO(<old id>)
- TODO(issues.chromium.org/<old id>)
- TODO(https://issues.chromium.org/<old id>)
- TODO(https://issues.chromium.org/u/1/issues/<old id>)
- TODO(bugs.chromium.org/<old id>)
Bug id mapping is sourced from go/chrome-on-buganizer-prod-issues.
See go/crbug-todo-migration for details.
#crbug-todo-migration
Bug: b/321899722
Change-Id: Ib028de8bb63c99e5a81d90e24e422cf88061ad05
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5469583
Owners-Override: Alison Gale <agale@chromium.org>
Reviewed-by: Darryl James <dljames@chromium.org>
Commit-Queue: Alison Gale <agale@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1290952}
Implicit unwrapping of a scoper to its underlying pointer is dangerous
and that capability is being removed. This converts uses of implicit
conversion to be explicit in preparation for its removal, and performs
other cleanup and modernization.
Bug: 1495439
Low-Coverage-Reason: LARGE_SCALE_REFACTOR Switching from implicit to explicit
Change-Id: I455cff8584d3842ed51384aa21be1a5e2d032590
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4980069
Commit-Queue: Avi Drissman <avi@chromium.org>
Reviewed-by: Leonard Grey <lgrey@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1216299}
This moves these two types into the base:🍎: namespace.
This also rolls Crashpad:
Update Crashpad to a736f7d070c872a4cc786c31755fd769fb2e50b3
50ce1550a1ca [fuchsia] Move //zircon/public/lib/zx to
//zircon/system/ulib/zx
a736f7d070c8 Roll mini_chromium putting /base/apple files into
base:🍎:
Fixed: 1474628
Change-Id: I3d529e6b6f4a6e48bc9edc2df830f9c2418ca678
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4799213
Owners-Override: Avi Drissman <avi@chromium.org>
Commit-Queue: Avi Drissman <avi@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Auto-Submit: Avi Drissman <avi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1186262}
Crashpad is not yet updated for the new location, so leave a
forwarding header to be removed later.
Skipping trybots. This is a Mac change, and it’s passing all
trybots except for android_optional_gpu_tests_rel that is
repeatedly failing on an unrelated issue.
NOTRY=true
Bug: 1444927
Cq-Include-Trybots: luci.chrome.try:mac-chrome
Change-Id: Iad0c903187b0e1e5584c68f2eb00b5b026085596
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4790744
Owners-Override: Avi Drissman <avi@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Avi Drissman <avi@chromium.org>
Auto-Submit: Avi Drissman <avi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1185029}
It seems Mac OS allows installing fonts with invalid attributes although
the font verification during install detects it. Updated the local font
access code on Mac to skip such fonts during enumeration when Chrome
receives null for the attributes from Mac OS.
Bug: 1422669
Change-Id: Idbf164ccfb2306de2705b5f8eca4a68efb312d30
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4596377
Commit-Queue: Hakan Isbiliroglu <hisbilir@chromium.org>
Reviewed-by: Ayu Ishii <ayui@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1159032}
Turns out there's a lot of includes, so these will have to be removed
before deleting the implementation of the task runner handles.
To allow the deletion of the task runner handle headers, add
the sequenced/thread task runner handles where they are used in
the codebase with scripts.
This was done with an automated change, with a few touchups afterwards.
The code for the mass-refactor changes are here:
python:
https://paste.googleplex.com/5534570878337024
shell:
https://paste.googleplex.com/6466750748033024
In terms of touchups:
- add sequenced/thread task runner handles to
the third_party/blink/public/DEPS, because multiple files were using
it transitively anyways.
- rewrite certain parts of the codebase which used
ThreadTaskRunnerHandles instead of CurrentDefaultHandles.
- fix a compile issue with forward-declaration in
extensions/browser/extension_file_task_runner.h.
AX-Relnotes: n/a.
Bug: 1026641
Change-Id: I737ef32aee4e77c21eaa3a2bdc403a28322cf1b7
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4133323
Owners-Override: Gabriel Charette <gab@chromium.org>
Commit-Queue: Sean Maher <spvw@chromium.org>
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Gabriel Charette <gab@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1090532}
A base::Feature should not be copyable; a feature is intended to have a
single global instance, as it caches internal mutable state.
Feature vectors in conjunction with `base::test::ScopedFeatureList` are
by far the most common use of the base::Feature copy constructor. This
is a mostly automated replacement of `std::vector<base::Feature>` with
`std::vector<base::test::FeatureRef>` to remove that dependency.
This CL was uploaded by git cl split.
R=nasko@chromium.org
Bug: 1370572
Change-Id: Iecfb813c08c475e042234aab91577cff999b4101
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3933905
Commit-Queue: Daniel Cheng <dcheng@chromium.org>
Auto-Submit: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1055143}
browsing_context_state.h includes browsing_instance.h but would be fine
with just BrowsingInstanceId. This include is used unknowingly
by other files that construct BrowserContext's sometimes without even
importing browsing_context_state.h in the first place.
Replace browsing_instance.h import by browsing_instance_id.h and
add explicit dependencies where needed.
Change-Id: I629af039b886aa0ce37a3faab1007aca24ffbfbe
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3926070
Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org>
Commit-Queue: Arthur Hemery <ahemery@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1054176}
PermissionManager contains duplicated methods that differentiate by permissions type enum (ContentSettingsType vs PermissionType). This CL removed most of the ContentSettingsType-related methods, because they had limited usage, mostly in tests.
Methods removed from PermissionManager:
* RequestPermission(ContentSettingsType)
* RequestPermissions(ContentSettingsType)
* RequestPermissionFromCurrentDocument
(ContentSettingsType)
* PermissionManager::RequestPermissionsFromCurrentDocument
(ContentSettingsType)
* GetPermissionStatusForFrame(ContentSettingsType)
* GetPermissionStatusForWorker(ContentSettingsType)
* GetPermissionStatusForFrame(PermissionType)
Methods removed from PermissionControllerDelegate:
* GetPermissionStatusForFrame(PermissionType)
Methods added to PermissionControllerDelegate:
* RequestPermissionsFromCurrentDocument(PermissionType)
Methods added to PermissionManager:
* RequestPermissionsFromCurrentDocument(PermissionType)
Bug: 1271543
Change-Id: I7c718e3a1a390cd5be6f143ad8f7a07477473e3a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3599030
Reviewed-by: Sergey Ulanov <sergeyu@chromium.org>
Commit-Queue: Peter Kvitek <kvitekp@chromium.org>
Reviewed-by: Ravjit Uppal <ravjit@chromium.org>
Reviewed-by: Sean Topping <seantopping@chromium.org>
Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org>
Commit-Queue: Illia Klimov <elklm@google.com>
Reviewed-by: Michael Bai <michaelbai@chromium.org>
Reviewed-by: Florent Castelli <orphis@chromium.org>
Reviewed-by: Peter Kvitek <kvitekp@chromium.org>
Quick-Run: Peter Kvitek <kvitekp@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1002151}
This change partially reverts crrev/c/3547299, as the new decision is to hide the API on Android instead of returning an empty set.
Bug: 1296792
Change-Id: I5ba666d40d2a6ccaf7d33d4420cec37daf8b0e69
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3597990
Reviewed-by: Ayu Ishii <ayui@chromium.org>
Commit-Queue: Daseul Lee <dslee@chromium.org>
Cr-Commit-Position: refs/heads/main@{#995236}
Blink implementation class remains as blink::FontMetadata since there is blink::FontData class already. The class names should be resolved in a future clean-up CL.
Bug: 1311102
Change-Id: Idc070d704f3b0092ed33d652c1dd9c8804b83fe9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3556642
Reviewed-by: Victor Costan <pwnall@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Commit-Queue: Daseul Lee <dslee@chromium.org>
Cr-Commit-Position: refs/heads/main@{#987929}
Previously in the case of unsupported platform, the browser-side code returned FontEnumerationStatus::kUnexpectedError, while the renderer side handled FontEnumerationStatus::kUnimplementedError even though it would never been thrown under any case. We fix that behavior by updating the browser-side to throw an UnimplementedError, which the renderer handles by returning an empty font list. In general, the browser-side will provide specific information about font enumeration status, and the renderer-side will handle how users will receive the response. Similarly for permission denied or not given cases, the renderer-side will process FontEnumerationStatus::kPermissionDenied into an empty font list.
Bug: 1296792
Change-Id: I5c936a176d49453d3494bbc952831f83512c7db4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3547299
Reviewed-by: Victor Costan <pwnall@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Commit-Queue: Daseul Lee <dslee@chromium.org>
Cr-Commit-Position: refs/heads/main@{#985005}
- Add a WPT test case to check for calling blob() from detached frame.
- Add an additional test case for invalid query in font_access_manager_impl_browsertest.
- Check for SharedMemoryMapping validity in font_access_manager_impl_unittest.
Change-Id: Id510aaa6d6e425c40b99ac1d6b7b7b6800f602ec
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3536428
Reviewed-by: Victor Costan <pwnall@chromium.org>
Commit-Queue: Daseul Lee <dslee@chromium.org>
Cr-Commit-Position: refs/heads/main@{#982907}
FontEnumerationCache currently has two responsibilities: retrieving font
information from the underlying operating system, and caching this
information.
This CL extracts retrieving font information into a separate class,
FontEnumerationDataSource. This leaves FontEnumerationCache with the
single responsibility of caching the font data.
While moving font information retrieval into FontEnumerationDataSource,
this CL also removes the PLATFORM_HAS_LOCAL_FONT_ENUMERATION_IMPL macro.
All the OS-specific logic is encapsulated in FontEnumerationDataSource
subclasses.
Bug: 1232812
Change-Id: I667ce296fc49567ebd0b928f9744f2300bbb0f5e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3153688
Reviewed-by: Austin Sullivan <asully@chromium.org>
Commit-Queue: Victor Costan <pwnall@chromium.org>
Auto-Submit: Victor Costan <pwnall@chromium.org>
Cr-Commit-Position: refs/heads/main@{#970294}
Feedback from developers suggests that the font picker model is not a
useful block in building the experiences that folks are aiming to offer.
Therefore, we're consolidating our prototype around the permission
prompt model.
This CL also removes the FontAccessPersistent feature flag, because its
scope is now equivalent to the FontAccess flag.
Bug: 535764
Change-Id: I0e52562b55bbba4ef6d03c43ad2d988f8744f6bb
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3383599
Reviewed-by: Austin Sullivan <asully@chromium.org>
Reviewed-by: enne <enne@chromium.org>
Reviewed-by: Ian Kilpatrick <ikilpatrick@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Commit-Queue: Victor Costan <pwnall@chromium.org>
Cr-Commit-Position: refs/heads/main@{#960722}
After further discussions with potential adopters, the priority to
expose synthetic stretch/weight/italic properties in FontMetadata
during enumeration has dropped, so removing them to reduce the surface
area of the API. Developers seem happy to parse fonts to extract
the details. We can revisit as needed.
This effectively reverts 332823ac67
Change-Id: I1b7f3c71760c105d18644de60507a96e247f66c9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3353631
Reviewed-by: Victor Costan <pwnall@chromium.org>
Reviewed-by: Sam McNally <sammc@chromium.org>
Commit-Queue: Victor Costan <pwnall@chromium.org>
Cr-Commit-Position: refs/heads/main@{#959940}