Title: [206019] trunk/Source/WebCore
Revision
206019
Author
carlo...@webkit.org
Date
2016-09-16 02:59:52 -0700 (Fri, 16 Sep 2016)

Log Message

[TextureMapper] Scrolling through 01.org/dleyna crashes WebKitWebProcess
https://bugs.webkit.org/show_bug.cgi?id=162020

Reviewed by Žan Doberšek.

The problem is that we are trying to clone a ReferenceFilterOperation, which is not expected to be cloned, from
FilterAnimationValue copy constructor, and FilterOperations are never expected to be nullptr, so we end up
crashing. We just need to validate the filters before setting then and before creating a TextureMapperAnimation
for them.

* platform/graphics/texmap/GraphicsLayerTextureMapper.cpp:
(WebCore::GraphicsLayerTextureMapper::filtersCanBeComposited): Return false if there are reference filters or no
filters at all. I don't know if we really support other filters, but at least we won't crash for the others.
(WebCore::GraphicsLayerTextureMapper::addAnimation): Check if filters can be composited before creating a
TextureMapperAnimation.
(WebCore::GraphicsLayerTextureMapper::setFilters): Check if filters can be composited before setting them.
* platform/graphics/texmap/GraphicsLayerTextureMapper.h:
* platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
(WebCore::CoordinatedGraphicsLayer::filtersCanBeComposited): Return false if there are reference filters or no
filters at all. I don't know if we really support other filters, but at least we won't crash for the others.
(WebCore::CoordinatedGraphicsLayer::setFilters): Check if filters can be composited before setting them.
(WebCore::CoordinatedGraphicsLayer::addAnimation): Check if filters can be composited before creating a
TextureMapperAnimation.
* platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (206018 => 206019)


--- trunk/Source/WebCore/ChangeLog	2016-09-16 09:47:46 UTC (rev 206018)
+++ trunk/Source/WebCore/ChangeLog	2016-09-16 09:59:52 UTC (rev 206019)
@@ -1,3 +1,30 @@
+2016-09-16  Carlos Garcia Campos  <cgar...@igalia.com>
+
+        [TextureMapper] Scrolling through 01.org/dleyna crashes WebKitWebProcess
+        https://bugs.webkit.org/show_bug.cgi?id=162020
+
+        Reviewed by Žan Doberšek.
+
+        The problem is that we are trying to clone a ReferenceFilterOperation, which is not expected to be cloned, from
+        FilterAnimationValue copy constructor, and FilterOperations are never expected to be nullptr, so we end up
+        crashing. We just need to validate the filters before setting then and before creating a TextureMapperAnimation
+        for them.
+
+        * platform/graphics/texmap/GraphicsLayerTextureMapper.cpp:
+        (WebCore::GraphicsLayerTextureMapper::filtersCanBeComposited): Return false if there are reference filters or no
+        filters at all. I don't know if we really support other filters, but at least we won't crash for the others.
+        (WebCore::GraphicsLayerTextureMapper::addAnimation): Check if filters can be composited before creating a
+        TextureMapperAnimation.
+        (WebCore::GraphicsLayerTextureMapper::setFilters): Check if filters can be composited before setting them.
+        * platform/graphics/texmap/GraphicsLayerTextureMapper.h:
+        * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
+        (WebCore::CoordinatedGraphicsLayer::filtersCanBeComposited): Return false if there are reference filters or no
+        filters at all. I don't know if we really support other filters, but at least we won't crash for the others.
+        (WebCore::CoordinatedGraphicsLayer::setFilters): Check if filters can be composited before setting them.
+        (WebCore::CoordinatedGraphicsLayer::addAnimation): Check if filters can be composited before creating a
+        TextureMapperAnimation.
+        * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
+
 2016-09-16  Youenn Fablet  <you...@apple.com>
 
         CachedFont do not need to be updated according Origin/Fetch mode

Modified: trunk/Source/WebCore/platform/graphics/texmap/GraphicsLayerTextureMapper.cpp (206018 => 206019)


--- trunk/Source/WebCore/platform/graphics/texmap/GraphicsLayerTextureMapper.cpp	2016-09-16 09:47:46 UTC (rev 206018)
+++ trunk/Source/WebCore/platform/graphics/texmap/GraphicsLayerTextureMapper.cpp	2016-09-16 09:59:52 UTC (rev 206019)
@@ -560,6 +560,19 @@
     return drawsContent() && contentsAreVisible() && !m_size.isEmpty();
 }
 
+bool GraphicsLayerTextureMapper::filtersCanBeComposited(const FilterOperations& filters) const
+{
+    if (!filters.size())
+        return false;
+
+    for (const auto& filterOperation : filters.operations()) {
+        if (filterOperation->type() == FilterOperation::REFERENCE)
+            return false;
+    }
+
+    return true;
+}
+
 bool GraphicsLayerTextureMapper::addAnimation(const KeyframeValueList& valueList, const FloatSize& boxSize, const Animation* anim, const String& keyframesName, double timeOffset)
 {
     ASSERT(!keyframesName.isEmpty());
@@ -567,6 +580,16 @@
     if (!anim || anim->isEmptyOrZeroDuration() || valueList.size() < 2 || (valueList.property() != AnimatedPropertyTransform && valueList.property() != AnimatedPropertyOpacity))
         return false;
 
+    if (valueList.property() == AnimatedPropertyFilter) {
+        int listIndex = validateFilterOperations(valueList);
+        if (listIndex < 0)
+            return false;
+
+        const auto& filters = static_cast<const FilterAnimationValue&>(valueList.at(listIndex)).value();
+        if (!filtersCanBeComposited(filters))
+            return false;
+    }
+
     bool listsMatch = false;
     bool hasBigRotation;
 
@@ -604,11 +627,23 @@
 
 bool GraphicsLayerTextureMapper::setFilters(const FilterOperations& filters)
 {
-    TextureMapper* textureMapper = m_layer.textureMapper();
-    if (!textureMapper)
+    if (!m_layer.textureMapper())
         return false;
-    notifyChange(FilterChange);
-    return GraphicsLayer::setFilters(filters);
+
+    bool canCompositeFilters = filtersCanBeComposited(filters);
+    if (GraphicsLayer::filters() == filters)
+        return canCompositeFilters;
+
+    if (canCompositeFilters) {
+        if (!GraphicsLayer::setFilters(filters))
+            return false;
+        notifyChange(FilterChange);
+    } else if (GraphicsLayer::filters().size()) {
+        clearFilters();
+        notifyChange(FilterChange);
+    }
+
+    return canCompositeFilters;
 }
 
 void GraphicsLayerTextureMapper::setFixedToViewport(bool fixed)

Modified: trunk/Source/WebCore/platform/graphics/texmap/GraphicsLayerTextureMapper.h (206018 => 206019)


--- trunk/Source/WebCore/platform/graphics/texmap/GraphicsLayerTextureMapper.h	2016-09-16 09:47:46 UTC (rev 206018)
+++ trunk/Source/WebCore/platform/graphics/texmap/GraphicsLayerTextureMapper.h	2016-09-16 09:59:52 UTC (rev 206019)
@@ -117,6 +117,8 @@
     void prepareBackingStoreIfNeeded();
     bool shouldHaveBackingStore() const;
 
+    bool filtersCanBeComposited(const FilterOperations&) const;
+
     // This set of flags help us defer which properties of the layer have been
     // modified by the compositor, so we can know what to look for in the next flush.
     enum ChangeMask {

Modified: trunk/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp (206018 => 206019)


--- trunk/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp	2016-09-16 09:47:46 UTC (rev 206018)
+++ trunk/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp	2016-09-16 09:59:52 UTC (rev 206019)
@@ -426,16 +426,35 @@
 #endif
 }
 
+bool CoordinatedGraphicsLayer::filtersCanBeComposited(const FilterOperations& filters) const
+{
+    if (!filters.size())
+        return false;
+
+    for (const auto& filterOperation : filters.operations()) {
+        if (filterOperation->type() == FilterOperation::REFERENCE)
+            return false;
+    }
+
+    return true;
+}
+
 bool CoordinatedGraphicsLayer::setFilters(const FilterOperations& newFilters)
 {
+    bool canCompositeFilters = filtersCanBeComposited(newFilters);
     if (filters() == newFilters)
-        return true;
+        return canCompositeFilters;
 
-    if (!GraphicsLayer::setFilters(newFilters))
-        return false;
+    if (canCompositeFilters) {
+        if (!GraphicsLayer::setFilters(newFilters))
+            return false;
+        didChangeFilters();
+    } else if (filters().size()) {
+        clearFilters();
+        didChangeFilters();
+    }
 
-    didChangeFilters();
-    return true;
+    return canCompositeFilters;
 }
 
 void CoordinatedGraphicsLayer::setContentsToSolidColor(const Color& color)
@@ -1163,6 +1182,16 @@
     if (!anim || anim->isEmptyOrZeroDuration() || valueList.size() < 2 || (valueList.property() != AnimatedPropertyTransform && valueList.property() != AnimatedPropertyOpacity && valueList.property() != AnimatedPropertyFilter))
         return false;
 
+    if (valueList.property() == AnimatedPropertyFilter) {
+        int listIndex = validateFilterOperations(valueList);
+        if (listIndex < 0)
+            return false;
+
+        const auto& filters = static_cast<const FilterAnimationValue&>(valueList.at(listIndex)).value();
+        if (!filtersCanBeComposited(filters))
+            return false;
+    }
+
     bool listsMatch = false;
     bool ignoredHasBigRotation;
 

Modified: trunk/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h (206018 => 206019)


--- trunk/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h	2016-09-16 09:47:46 UTC (rev 206018)
+++ trunk/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h	2016-09-16 09:59:52 UTC (rev 206019)
@@ -207,6 +207,8 @@
 
     void animationStartedTimerFired();
 
+    bool filtersCanBeComposited(const FilterOperations&) const;
+
     CoordinatedLayerID m_id;
     CoordinatedGraphicsLayerState m_layerState;
     GraphicsLayerTransform m_layerTransform;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to