[webkit-changes] [213815] releases/WebKitGTK/webkit-2.16/Source/WebCore

[carlosgc]

Title: [213815] releases/WebKitGTK/webkit-2.16/Source/WebCore

Revision

213815

Author

carlo...@webkit.org

Date

2017-03-13 03:43:19 -0700 (Mon, 13 Mar 2017)

Log Message

Merge r213448 - [GTK] WebProcess from WebKitGtk+ 2.15.x SIGSEVs in GIFLZWContext::doLZW(unsigned char const*, unsigned long) at Source/WebCore/platform/image-decoders/gif/GIFImageReader.cpp:303
https://bugs.webkit.org/show_bug.cgi?id=167304

Reviewed by Carlos Garcia Campos.

Add a lock to ensure that the GIFImageReader that we are using for decoding is not deleted while
the decoding thread is using it.

No new tests.

* platform/image-decoders/gif/GIFImageDecoder.cpp:
(WebCore::GIFImageDecoder::clearFrameBufferCache):

Modified Paths

• releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog
• releases/WebKitGTK/webkit-2.16/Source/WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp

Diff

Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog (213814 => 213815)

--- releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog	2017-03-13 10:42:34 UTC (rev 213814)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog	2017-03-13 10:43:19 UTC (rev 213815)
@@ -1,3 +1,18 @@
+2017-03-06  Miguel Gomez  <mago...@igalia.com>
+
+        [GTK] WebProcess from WebKitGtk+ 2.15.x SIGSEVs in GIFLZWContext::doLZW(unsigned char const*, unsigned long) at Source/WebCore/platform/image-decoders/gif/GIFImageReader.cpp:303
+        https://bugs.webkit.org/show_bug.cgi?id=167304
+
+        Reviewed by Carlos Garcia Campos.
+
+        Add a lock to ensure that the GIFImageReader that we are using for decoding is not deleted while
+        the decoding thread is using it.
+
+        No new tests.
+
+        * platform/image-decoders/gif/GIFImageDecoder.cpp:
+        (WebCore::GIFImageDecoder::clearFrameBufferCache):
+
 2017-03-06  Vanessa Chipirrás Navalón  <vchipir...@igalia.com>
 
         [GStreamer] Adopt nullptr

Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp (213814 => 213815)

--- releases/WebKitGTK/webkit-2.16/Source/WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp	2017-03-13 10:42:34 UTC (rev 213814)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp	2017-03-13 10:43:19 UTC (rev 213815)
@@ -133,6 +133,10 @@
     if (m_frameBufferCache.isEmpty())
         return; // Nothing to do.
 
+    // Lock the decodelock here, as we are going to destroy the GIFImageReader and doing so while
+    // there's an ongoing decode will cause a crash.
+    LockHolder locker(m_decodeLock);
+
     // The "-1" here is tricky.  It does not mean that |clearBeforeFrame| is the
     // last frame we wish to preserve, but rather that we never want to clear
     // the very last frame in the cache: it's empty (so clearing it is

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes