Title: [206073] releases/WebKitGTK/webkit-2.14/Source/WebCore
- Revision
- 206073
- Author
- [email protected]
- Date
- 2016-09-17 03:53:08 -0700 (Sat, 17 Sep 2016)
Log Message
Merge r206019 - [TextureMapper] Scrolling through 01.org/dleyna crashes WebKitWebProcess
https://bugs.webkit.org/show_bug.cgi?id=162020
Reviewed by Žan Doberšek.
The problem is that we are trying to clone a ReferenceFilterOperation, which is not expected to be cloned, from
FilterAnimationValue copy constructor, and FilterOperations are never expected to be nullptr, so we end up
crashing. We just need to validate the filters before setting then and before creating a TextureMapperAnimation
for them.
* platform/graphics/texmap/GraphicsLayerTextureMapper.cpp:
(WebCore::GraphicsLayerTextureMapper::filtersCanBeComposited): Return false if there are reference filters or no
filters at all. I don't know if we really support other filters, but at least we won't crash for the others.
(WebCore::GraphicsLayerTextureMapper::addAnimation): Check if filters can be composited before creating a
TextureMapperAnimation.
(WebCore::GraphicsLayerTextureMapper::setFilters): Check if filters can be composited before setting them.
* platform/graphics/texmap/GraphicsLayerTextureMapper.h:
* platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
(WebCore::CoordinatedGraphicsLayer::filtersCanBeComposited): Return false if there are reference filters or no
filters at all. I don't know if we really support other filters, but at least we won't crash for the others.
(WebCore::CoordinatedGraphicsLayer::setFilters): Check if filters can be composited before setting them.
(WebCore::CoordinatedGraphicsLayer::addAnimation): Check if filters can be composited before creating a
TextureMapperAnimation.
* platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog (206072 => 206073)
--- releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog 2016-09-17 10:52:16 UTC (rev 206072)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog 2016-09-17 10:53:08 UTC (rev 206073)
@@ -1,3 +1,30 @@
+2016-09-16 Carlos Garcia Campos <[email protected]>
+
+ [TextureMapper] Scrolling through 01.org/dleyna crashes WebKitWebProcess
+ https://bugs.webkit.org/show_bug.cgi?id=162020
+
+ Reviewed by Žan Doberšek.
+
+ The problem is that we are trying to clone a ReferenceFilterOperation, which is not expected to be cloned, from
+ FilterAnimationValue copy constructor, and FilterOperations are never expected to be nullptr, so we end up
+ crashing. We just need to validate the filters before setting then and before creating a TextureMapperAnimation
+ for them.
+
+ * platform/graphics/texmap/GraphicsLayerTextureMapper.cpp:
+ (WebCore::GraphicsLayerTextureMapper::filtersCanBeComposited): Return false if there are reference filters or no
+ filters at all. I don't know if we really support other filters, but at least we won't crash for the others.
+ (WebCore::GraphicsLayerTextureMapper::addAnimation): Check if filters can be composited before creating a
+ TextureMapperAnimation.
+ (WebCore::GraphicsLayerTextureMapper::setFilters): Check if filters can be composited before setting them.
+ * platform/graphics/texmap/GraphicsLayerTextureMapper.h:
+ * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
+ (WebCore::CoordinatedGraphicsLayer::filtersCanBeComposited): Return false if there are reference filters or no
+ filters at all. I don't know if we really support other filters, but at least we won't crash for the others.
+ (WebCore::CoordinatedGraphicsLayer::setFilters): Check if filters can be composited before setting them.
+ (WebCore::CoordinatedGraphicsLayer::addAnimation): Check if filters can be composited before creating a
+ TextureMapperAnimation.
+ * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
+
2016-09-14 Carlos Garnacho <[email protected]>
[GTK][Wayland] Implement clipboard support
Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/platform/graphics/texmap/GraphicsLayerTextureMapper.cpp (206072 => 206073)
--- releases/WebKitGTK/webkit-2.14/Source/WebCore/platform/graphics/texmap/GraphicsLayerTextureMapper.cpp 2016-09-17 10:52:16 UTC (rev 206072)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/platform/graphics/texmap/GraphicsLayerTextureMapper.cpp 2016-09-17 10:53:08 UTC (rev 206073)
@@ -560,6 +560,19 @@
return drawsContent() && contentsAreVisible() && !m_size.isEmpty();
}
+bool GraphicsLayerTextureMapper::filtersCanBeComposited(const FilterOperations& filters) const
+{
+ if (!filters.size())
+ return false;
+
+ for (const auto& filterOperation : filters.operations()) {
+ if (filterOperation->type() == FilterOperation::REFERENCE)
+ return false;
+ }
+
+ return true;
+}
+
bool GraphicsLayerTextureMapper::addAnimation(const KeyframeValueList& valueList, const FloatSize& boxSize, const Animation* anim, const String& keyframesName, double timeOffset)
{
ASSERT(!keyframesName.isEmpty());
@@ -567,6 +580,16 @@
if (!anim || anim->isEmptyOrZeroDuration() || valueList.size() < 2 || (valueList.property() != AnimatedPropertyTransform && valueList.property() != AnimatedPropertyOpacity))
return false;
+ if (valueList.property() == AnimatedPropertyFilter) {
+ int listIndex = validateFilterOperations(valueList);
+ if (listIndex < 0)
+ return false;
+
+ const auto& filters = static_cast<const FilterAnimationValue&>(valueList.at(listIndex)).value();
+ if (!filtersCanBeComposited(filters))
+ return false;
+ }
+
bool listsMatch = false;
bool hasBigRotation;
@@ -604,11 +627,23 @@
bool GraphicsLayerTextureMapper::setFilters(const FilterOperations& filters)
{
- TextureMapper* textureMapper = m_layer.textureMapper();
- if (!textureMapper)
+ if (!m_layer.textureMapper())
return false;
- notifyChange(FilterChange);
- return GraphicsLayer::setFilters(filters);
+
+ bool canCompositeFilters = filtersCanBeComposited(filters);
+ if (GraphicsLayer::filters() == filters)
+ return canCompositeFilters;
+
+ if (canCompositeFilters) {
+ if (!GraphicsLayer::setFilters(filters))
+ return false;
+ notifyChange(FilterChange);
+ } else if (GraphicsLayer::filters().size()) {
+ clearFilters();
+ notifyChange(FilterChange);
+ }
+
+ return canCompositeFilters;
}
void GraphicsLayerTextureMapper::setFixedToViewport(bool fixed)
Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/platform/graphics/texmap/GraphicsLayerTextureMapper.h (206072 => 206073)
--- releases/WebKitGTK/webkit-2.14/Source/WebCore/platform/graphics/texmap/GraphicsLayerTextureMapper.h 2016-09-17 10:52:16 UTC (rev 206072)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/platform/graphics/texmap/GraphicsLayerTextureMapper.h 2016-09-17 10:53:08 UTC (rev 206073)
@@ -117,6 +117,8 @@
void prepareBackingStoreIfNeeded();
bool shouldHaveBackingStore() const;
+ bool filtersCanBeComposited(const FilterOperations&) const;
+
// This set of flags help us defer which properties of the layer have been
// modified by the compositor, so we can know what to look for in the next flush.
enum ChangeMask {
Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp (206072 => 206073)
--- releases/WebKitGTK/webkit-2.14/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp 2016-09-17 10:52:16 UTC (rev 206072)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp 2016-09-17 10:53:08 UTC (rev 206073)
@@ -426,16 +426,35 @@
#endif
}
+bool CoordinatedGraphicsLayer::filtersCanBeComposited(const FilterOperations& filters) const
+{
+ if (!filters.size())
+ return false;
+
+ for (const auto& filterOperation : filters.operations()) {
+ if (filterOperation->type() == FilterOperation::REFERENCE)
+ return false;
+ }
+
+ return true;
+}
+
bool CoordinatedGraphicsLayer::setFilters(const FilterOperations& newFilters)
{
+ bool canCompositeFilters = filtersCanBeComposited(newFilters);
if (filters() == newFilters)
- return true;
+ return canCompositeFilters;
- if (!GraphicsLayer::setFilters(newFilters))
- return false;
+ if (canCompositeFilters) {
+ if (!GraphicsLayer::setFilters(newFilters))
+ return false;
+ didChangeFilters();
+ } else if (filters().size()) {
+ clearFilters();
+ didChangeFilters();
+ }
- didChangeFilters();
- return true;
+ return canCompositeFilters;
}
void CoordinatedGraphicsLayer::setContentsToSolidColor(const Color& color)
@@ -1163,6 +1182,16 @@
if (!anim || anim->isEmptyOrZeroDuration() || valueList.size() < 2 || (valueList.property() != AnimatedPropertyTransform && valueList.property() != AnimatedPropertyOpacity && valueList.property() != AnimatedPropertyFilter))
return false;
+ if (valueList.property() == AnimatedPropertyFilter) {
+ int listIndex = validateFilterOperations(valueList);
+ if (listIndex < 0)
+ return false;
+
+ const auto& filters = static_cast<const FilterAnimationValue&>(valueList.at(listIndex)).value();
+ if (!filtersCanBeComposited(filters))
+ return false;
+ }
+
bool listsMatch = false;
bool ignoredHasBigRotation;
Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h (206072 => 206073)
--- releases/WebKitGTK/webkit-2.14/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h 2016-09-17 10:52:16 UTC (rev 206072)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h 2016-09-17 10:53:08 UTC (rev 206073)
@@ -207,6 +207,8 @@
void animationStartedTimerFired();
+ bool filtersCanBeComposited(const FilterOperations&) const;
+
CoordinatedLayerID m_id;
CoordinatedGraphicsLayerState m_layerState;
GraphicsLayerTransform m_layerTransform;
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
