[webkit-changes] [88429] trunk/Source

Wed, 08 Jun 2011 23:41:15 -0700

Title: [88429] trunk/Source
Revision
88429
Author
[email protected]
Date
2011-06-08 23:40:44 -0700 (Wed, 08 Jun 2011)

Log Message

2011-06-08  Justin Novosad  <[email protected]>

        Reviewed by James Robinson.

        [Chromium] Crash when closing a tab with accelerated 2d canvas
        https://bugs.webkit.org/show_bug.cgi?id=62324
        Upon graphics context destruction, it is important to signal skia
        to abandon all of its resource handles.  This prevents a crash caused
        by skia attempting to release resources that were in the destroyed
        graphics context.

        * platform/graphics/gpu/SharedGraphicsContext3D.cpp:
        (WebCore::SharedGraphicsContext3D::~SharedGraphicsContext3D):
2011-06-08  Justin Novosad  <[email protected]>

        Reviewed by James Robinson.

        [Chromium] Crash when closing a tab with accelerated 2d canvas
        https://bugs.webkit.org/show_bug.cgi?id=62324
        In GraphicsContext3DInternal::setContextLostCallback we are passing a
        non-refcounted ptr to a refcounted member. this can cause an access
        violation after the destruction of GraphicsContext3D.  Upon destruction
        a null callback is sent to setContextLostCallback, which is good
        except that it gets placed in a non-null adapter object.  This fix
        prevents the creation of the adapter when the callback is null, thus
        preventing a later crash.

        * src/GraphicsContext3DChromium.cpp:
        (WebCore::GraphicsContextLostCallbackAdapter::create):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (88428 => 88429)


--- trunk/Source/WebCore/ChangeLog	2011-06-09 06:38:08 UTC (rev 88428)
+++ trunk/Source/WebCore/ChangeLog	2011-06-09 06:40:44 UTC (rev 88429)
@@ -1,3 +1,17 @@
+2011-06-08  Justin Novosad  <[email protected]>
+
+        Reviewed by James Robinson.
+
+        [Chromium] Crash when closing a tab with accelerated 2d canvas
+        https://bugs.webkit.org/show_bug.cgi?id=62324
+        Upon graphics context destruction, it is important to signal skia
+        to abandon all of its resource handles.  This prevents a crash caused
+        by skia attempting to release resources that were in the destroyed
+        graphics context.
+
+        * platform/graphics/gpu/SharedGraphicsContext3D.cpp:
+        (WebCore::SharedGraphicsContext3D::~SharedGraphicsContext3D):
+
 2011-06-08  James Robinson  <[email protected]>
 
         Reviewed by Darin Fisher.

Modified: trunk/Source/WebCore/platform/graphics/gpu/SharedGraphicsContext3D.cpp (88428 => 88429)


--- trunk/Source/WebCore/platform/graphics/gpu/SharedGraphicsContext3D.cpp	2011-06-09 06:38:08 UTC (rev 88428)
+++ trunk/Source/WebCore/platform/graphics/gpu/SharedGraphicsContext3D.cpp	2011-06-09 06:40:44 UTC (rev 88429)
@@ -121,7 +121,10 @@
     m_context->deleteBuffer(m_quadVertices);
     allContexts()->remove(this);
 #if USE(SKIA)
-    GrSafeUnref(m_grContext);
+    if (m_grContext) {
+        m_grContext->contextDestroyed();
+        GrSafeUnref(m_grContext);
+    }
 #endif
 }

Modified: trunk/Source/WebKit/chromium/ChangeLog (88428 => 88429)


--- trunk/Source/WebKit/chromium/ChangeLog	2011-06-09 06:38:08 UTC (rev 88428)
+++ trunk/Source/WebKit/chromium/ChangeLog	2011-06-09 06:40:44 UTC (rev 88429)
@@ -1,3 +1,20 @@
+2011-06-08  Justin Novosad  <[email protected]>
+
+        Reviewed by James Robinson.
+
+        [Chromium] Crash when closing a tab with accelerated 2d canvas
+        https://bugs.webkit.org/show_bug.cgi?id=62324
+        In GraphicsContext3DInternal::setContextLostCallback we are passing a
+        non-refcounted ptr to a refcounted member. this can cause an access
+        violation after the destruction of GraphicsContext3D.  Upon destruction
+        a null callback is sent to setContextLostCallback, which is good
+        except that it gets placed in a non-null adapter object.  This fix
+        prevents the creation of the adapter when the callback is null, thus
+        preventing a later crash.
+
+        * src/GraphicsContext3DChromium.cpp:
+        (WebCore::GraphicsContextLostCallbackAdapter::create):
+
 2011-06-08  James Robinson  <[email protected]>
 
         Hopefully last change to features.gypi - set ENABLE_REGISTER_PROTOCOL_HANDLER based off of the the variable set

Modified: trunk/Source/WebKit/chromium/src/GraphicsContext3DChromium.cpp (88428 => 88429)


--- trunk/Source/WebKit/chromium/src/GraphicsContext3DChromium.cpp	2011-06-09 06:38:08 UTC (rev 88428)
+++ trunk/Source/WebKit/chromium/src/GraphicsContext3DChromium.cpp	2011-06-09 06:40:44 UTC (rev 88429)
@@ -1174,7 +1174,7 @@
 
 PassOwnPtr<GraphicsContextLostCallbackAdapter> GraphicsContextLostCallbackAdapter::create(PassOwnPtr<GraphicsContext3D::ContextLostCallback> cb)
 {
-    return adoptPtr(new GraphicsContextLostCallbackAdapter(cb));
+    return adoptPtr(cb.get() ? new GraphicsContextLostCallbackAdapter(cb) : 0);
 }
 
 void GraphicsContext3DInternal::setContextLostCallback(PassOwnPtr<GraphicsContext3D::ContextLostCallback> cb)

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to