https://bugs.kde.org/show_bug.cgi?id=508261
[email protected] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDSINFO |CONFIRMED Resolution|WAITINGFORINFO |--- --- Comment #11 from [email protected] --- The situation is as follows. We have a very heavy call to the method KSvg::FrameSvg::setImagePath(). I tried to illustrate the call sequence: KWin └─ DecorationBridge::createDecoration() └─ deco->init() └─ Decoration::instantiateButton() └─ SvgDecorationButton::setImagePath() └─ KSvg::FrameSvg::setImagePath() DecorationBridge::createDecoration() in KWin is called on the main thread. From what I found, the return value of init() doesn’t seem to be used anywhere; I don't know whether this is intentional or not, but it seems to me like a kind of architectural vulnerability. Because KWin fully trusts a third-party plugin. No one knows what the plugin author might execute in the init() method. Moreover, in KDecoration3 it is not stated anywhere that this method will be executed synchronously and will not tolerate heavy operations. As I understand it, this was one of the reasons for the slowness of aurorae v1. Right now, I think it might make sense to consider optimizing the init() method in aurorae, but it seems to me that it would still be necessary to secure DecorationBridge::createDecoration() in KWin as well, at least the call to deco->init(). -- You are receiving this mail because: You are watching all bug changes.
