Title: [208881] trunk/Source/WebCore
- Revision
- 208881
- Author
- [email protected]
- Date
- 2016-11-17 23:25:42 -0800 (Thu, 17 Nov 2016)
Log Message
REGRESSION(r208511): ImageDecoders: Crash decoding GIF images since r208511
https://bugs.webkit.org/show_bug.cgi?id=164864
Reviewed by Simon Fraser.
This happens sometimes since r208511 because the same decoder is used by more than one thread at the same
time and the decoders are not thread-safe. Several methods in ImageDecoder need to decode partially the image,
so it's possible that one method calls frameBufferAtIndex at the same times as createFrameImageAtIndex that now
can be called from the image decoder thread. Use a Lock in ImageDecoder to protect calls to frameBufferAtIndex.
* platform/image-decoders/ImageDecoder.cpp:
(WebCore::ImageDecoder::frameIsCompleteAtIndex):
(WebCore::ImageDecoder::frameDurationAtIndex):
(WebCore::ImageDecoder::createFrameImageAtIndex):
* platform/image-decoders/ImageDecoder.h:
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (208880 => 208881)
--- trunk/Source/WebCore/ChangeLog 2016-11-18 07:21:37 UTC (rev 208880)
+++ trunk/Source/WebCore/ChangeLog 2016-11-18 07:25:42 UTC (rev 208881)
@@ -1,3 +1,21 @@
+2016-11-17 Carlos Garcia Campos <[email protected]>
+
+ REGRESSION(r208511): ImageDecoders: Crash decoding GIF images since r208511
+ https://bugs.webkit.org/show_bug.cgi?id=164864
+
+ Reviewed by Simon Fraser.
+
+ This happens sometimes since r208511 because the same decoder is used by more than one thread at the same
+ time and the decoders are not thread-safe. Several methods in ImageDecoder need to decode partially the image,
+ so it's possible that one method calls frameBufferAtIndex at the same times as createFrameImageAtIndex that now
+ can be called from the image decoder thread. Use a Lock in ImageDecoder to protect calls to frameBufferAtIndex.
+
+ * platform/image-decoders/ImageDecoder.cpp:
+ (WebCore::ImageDecoder::frameIsCompleteAtIndex):
+ (WebCore::ImageDecoder::frameDurationAtIndex):
+ (WebCore::ImageDecoder::createFrameImageAtIndex):
+ * platform/image-decoders/ImageDecoder.h:
+
2016-11-17 Ryosuke Niwa <[email protected]>
Add an experimental API to find elements across shadow boundaries
Modified: trunk/Source/WebCore/platform/image-decoders/ImageDecoder.cpp (208880 => 208881)
--- trunk/Source/WebCore/platform/image-decoders/ImageDecoder.cpp 2016-11-18 07:21:37 UTC (rev 208880)
+++ trunk/Source/WebCore/platform/image-decoders/ImageDecoder.cpp 2016-11-18 07:25:42 UTC (rev 208881)
@@ -170,6 +170,7 @@
bool ImageDecoder::frameIsCompleteAtIndex(size_t index)
{
+ LockHolder locker(m_lock);
ImageFrame* buffer = frameBufferAtIndex(index);
return buffer && buffer->isComplete();
}
@@ -193,6 +194,7 @@
float ImageDecoder::frameDurationAtIndex(size_t index)
{
+ LockHolder locker(m_lock);
ImageFrame* buffer = frameBufferAtIndex(index);
if (!buffer || buffer->isEmpty())
return 0;
@@ -213,6 +215,7 @@
if (size().isEmpty())
return nullptr;
+ LockHolder locker(m_lock);
ImageFrame* buffer = frameBufferAtIndex(index);
if (!buffer || buffer->isEmpty() || !buffer->hasBackingStore())
return nullptr;
Modified: trunk/Source/WebCore/platform/image-decoders/ImageDecoder.h (208880 => 208881)
--- trunk/Source/WebCore/platform/image-decoders/ImageDecoder.h 2016-11-18 07:21:37 UTC (rev 208880)
+++ trunk/Source/WebCore/platform/image-decoders/ImageDecoder.h 2016-11-18 07:25:42 UTC (rev 208881)
@@ -34,6 +34,7 @@
#include "PlatformScreen.h"
#include "SharedBuffer.h"
#include <wtf/Assertions.h>
+#include <wtf/Lock.h>
#include <wtf/Optional.h>
#include <wtf/RefPtr.h>
#include <wtf/Vector.h>
@@ -214,6 +215,7 @@
#endif
bool m_isAllDataReceived { false };
bool m_failed { false };
+ Lock m_lock;
};
} // namespace WebCore
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
