chore: [29-x-y] cherry-pick 3 changes from 0-M125

* 6503a987d966 from v8
* 2a434fd0af6b from DirectXShaderCompiler
* 03609e39be8c from chromium

patches/DirectXShaderCompiler/.patches

@@ -1,3 +1,4 @@
 cherry-pick-a65e511a14b4.patch
 cherry-pick-bc18aec94c82.patch
 cherry-pick-bd7aa9779873.patch
+cherry-pick-2a434fd0af6b.patch

patches/chromium/.patches

@@ -142,3 +142,4 @@ cherry-pick-013961609785.patch
 a11y_avoid_clearing_resetting_focus_on_an_already_focus_event.patch
 cherry-pick-b2cc7b7ac538.patch
 feat_add_support_for_missing_dialog_features_to_shell_dialogs.patch
+cherry-pick-03609e39be8c.patch

patches/chromium/cherry-pick-03609e39be8c.patch

@@ -0,0 +1,118 @@
+From 03609e39be8cd01fd020ef482cbee269e851bcbe Mon Sep 17 00:00:00 2001
+From: David Benjamin <davidben@chromium.org>
+Date: Fri, 10 May 2024 15:10:48 +0000
+Subject: [PATCH] Fix size calculations in V8StringToUTF8
+
+While I'm here, remove the unnecessary use of base::WriteInto, which is
+a remnant of C++03 copy-on-write strings. Also ask V8 not to write a
+NUL terminator because std::(u16)string already owns that byte.
+
+(cherry picked from commit f414dc31032a453f4a6c88977d7894fcb3cba44e)
+
+Bug: 338574384
+Change-Id: I5c6eaa99093925db799736f321eab92d35f5acbb
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5515743
+Reviewed-by: mmenke <mmenke@chromium.org>
+Commit-Queue: David Benjamin <davidben@chromium.org>
+Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
+Cr-Original-Commit-Position: refs/heads/main@{#1297196}
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5527764
+Auto-Submit: David Benjamin <davidben@chromium.org>
+Commit-Queue: mmenke <mmenke@chromium.org>
+Cr-Commit-Position: refs/branch-heads/6367@{#1148}
+Cr-Branched-From: d158c6dc6e3604e6f899041972edf26087a49740-refs/heads/main@{#1274542}
+---
+
+diff --git a/services/proxy_resolver/proxy_resolver_v8.cc b/services/proxy_resolver/proxy_resolver_v8.cc
+index eca80143..da8232b 100644
+--- a/services/proxy_resolver/proxy_resolver_v8.cc
++++ b/services/proxy_resolver/proxy_resolver_v8.cc
+@@ -17,6 +17,7 @@
+ #include "base/memory/raw_ptr.h"
+ #include "base/memory/raw_ptr_exclusion.h"
+ #include "base/notreached.h"
++#include "base/numerics/safe_conversions.h"
+ #include "base/strings/string_tokenizer.h"
+ #include "base/strings/string_util.h"
+ #include "base/strings/utf_string_conversions.h"
+@@ -148,25 +149,22 @@
+
+ // Converts a V8 String to a UTF8 std::string.
+ std::string V8StringToUTF8(v8::Isolate* isolate, v8::Local<v8::String> s) {
+-  int len = s->Length();
+-  std::string result;
+-  if (len > 0)
+-    s->WriteUtf8(isolate, base::WriteInto(&result, len + 1));
+-  return result;
++  int len = s->Utf8Length(isolate);
++  std::string str(base::checked_cast<size_t>(len), '\0');
++  s->WriteUtf8(isolate, str.data(), len, /*nchars_ref=*/nullptr,
++               v8::String::NO_NULL_TERMINATION);
++  return str;
+ }
+
+ // Converts a V8 String to a UTF16 std::u16string.
+ std::u16string V8StringToUTF16(v8::Isolate* isolate, v8::Local<v8::String> s) {
+   int len = s->Length();
+-  std::u16string result;
+-  // Note that the reinterpret cast is because on Windows string16 is an alias
+-  // to wstring, and hence has character type wchar_t not uint16_t.
+-  if (len > 0) {
+-    s->Write(isolate,
+-             reinterpret_cast<uint16_t*>(base::WriteInto(&result, len + 1)), 0,
+-             len);
+-  }
+-  return result;
++  std::u16string str(base::checked_cast<size_t>(len), '\0');
++  // `char16_t` and `uint16_t` are not the same type, but we build with strict
++  // aliasing off. See https://crbug.com/42209752.
++  s->Write(isolate, reinterpret_cast<uint16_t*>(str.data()), /*start=*/0, len,
++           v8::String::NO_NULL_TERMINATION);
++  return str;
+ }
+
+ // Converts an ASCII std::string to a V8 string.
+diff --git a/services/proxy_resolver/test/data/proxy_resolver_v8_unittest/pac_library_unittest.js b/services/proxy_resolver/test/data/proxy_resolver_v8_unittest/pac_library_unittest.js
+index 3414dc0..1b8bc17 100644
+--- a/services/proxy_resolver/test/data/proxy_resolver_v8_unittest/pac_library_unittest.js
++++ b/services/proxy_resolver/test/data/proxy_resolver_v8_unittest/pac_library_unittest.js
+@@ -69,6 +69,11 @@
+   t.expectFalse(isPlainHostName("."));
+   t.expectFalse(isPlainHostName(".:"));
+
++  // These are not really hostnames, but `isPlainHostName` accepts any dotless,
++  // non-IP string.
++  t.expectTrue(isPlainHostName("\uffff".repeat(256)));
++  t.expectTrue(isPlainHostName(""));
++
+   // Valid IPv6 address
+   t.expectFalse(isPlainHostName("::1"));
+
+@@ -178,6 +183,7 @@
+   t.expectEquals(null, sortIpAddressList());
+   t.expectEquals(null, sortIpAddressList(null));
+   t.expectEquals(null, sortIpAddressList(null, null));
++  t.expectEquals(null, sortIpAddressList("\uffff".repeat(256)));
+ };
+
+ Tests.testIsInNetEx = function(t) {
+@@ -223,10 +229,14 @@
+   // Invalid IP address.
+   t.expectFalse(isInNetEx("256.0.0.1", "198.95.249.79"));
+   t.expectFalse(isInNetEx("127.0.0.1 ", "127.0.0.1/32"));  // Extra space.
++  t.expectFalse(isInNetEx("\uffff".repeat(256), "127.0.0.1/32"));
++  t.expectFalse(isInNetEx("", "127.0.0.1/32"));
+
+   // Invalid prefix.
+   t.expectFalse(isInNetEx("198.95.115.10", "198.95.0.0/34"));
+   t.expectFalse(isInNetEx("127.0.0.1", "127.0.0.1"));  // Missing '/' in prefix.
++  t.expectFalse(isInNetEx("127.0.0.1", "\uffff".repeat(256)));
++  t.expectFalse(isInNetEx("127.0.0.1", ""));
+ };
+
+ Tests.testWeekdayRange = function(t) {
+@@ -465,4 +475,3 @@
+
+ // Bind the methods to proxy requests to the wrapped Date().
+ MockDate.init();
+-

patches/v8/.patches

@@ -3,3 +3,4 @@ deps_add_v8_object_setinternalfieldfornodecore.patch
 merged_wasm_gc_scan_the_code_field_of_the_wasminternalfunction.patch
 cherry-pick-f320600cd1f4.patch
 cherry-pick-b3c01ac1e60a.patch
+cherry-pick-6503a987d966.patch

patches/v8/cherry-pick-6503a987d966.patch

@@ -0,0 +1,57 @@
+From 6503a987d9666e0f4f320c222de2683a7dae1e84 Mon Sep 17 00:00:00 2001
+From: Victor Gomes <victorgomes@chromium.org>
+Date: Thu, 21 Mar 2024 09:59:19 +0100
+Subject: [PATCH] [objects] Deal with large strings in NoSideEffectsErrorToString
+
+If name is too big, StringBuilder will fail to even add
+"<a very large string>" suffix.
+
+In this case, we truncate name first.
+
+Bug: 329699609
+Change-Id: I6e4440c07eae84371f44b54f88127e2c70af0db5
+Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5378286
+Commit-Queue: Victor Gomes <victorgomes@chromium.org>
+Reviewed-by: Patrick Thier <pthier@chromium.org>
+Auto-Submit: Victor Gomes <victorgomes@chromium.org>
+Cr-Commit-Position: refs/heads/main@{#92932}
+---
+
+diff --git a/src/objects/objects.cc b/src/objects/objects.cc
+index 9e2ab08..d175ebe 100644
+--- a/src/objects/objects.cc
++++ b/src/objects/objects.cc
+@@ -469,14 +469,27 @@
+   if (name_str->length() == 0) return msg_str;
+   if (msg_str->length() == 0) return name_str;
+
+-  IncrementalStringBuilder builder(isolate);
+-  builder.AppendString(name_str);
+-  builder.AppendCStringLiteral(": ");
++  constexpr const char error_suffix[] = "<a very large string>";
++  constexpr int error_suffix_size = sizeof(error_suffix);
++  int suffix_size = std::min(error_suffix_size, msg_str->length());
+
+-  if (builder.Length() + msg_str->length() <= String::kMaxLength) {
+-    builder.AppendString(msg_str);
++  IncrementalStringBuilder builder(isolate);
++  if (name_str->length() + suffix_size + 2 /* ": " */ > String::kMaxLength) {
++    constexpr const char connector[] = "... : ";
++    int connector_size = sizeof(connector);
++    Handle<String> truncated_name = isolate->factory()->NewProperSubString(
++        name_str, 0, name_str->length() - error_suffix_size - connector_size);
++    builder.AppendString(truncated_name);
++    builder.AppendCStringLiteral(connector);
++    builder.AppendCStringLiteral(error_suffix);
+   } else {
+-    builder.AppendCStringLiteral("<a very large string>");
++    builder.AppendString(name_str);
++    builder.AppendCStringLiteral(": ");
++    if (builder.Length() + msg_str->length() <= String::kMaxLength) {
++      builder.AppendString(msg_str);
++    } else {
++      builder.AppendCStringLiteral(error_suffix);
++    }
+   }
+
+   return builder.Finish().ToHandleChecked();