Title: [219861] trunk/Source/WebKit
- Revision
- 219861
- Author
- [email protected]
- Date
- 2017-07-24 23:39:30 -0700 (Mon, 24 Jul 2017)
Log Message
[GTK] Icon database error and crash
https://bugs.webkit.org/show_bug.cgi?id=174760
Reviewed by Michael Catanzaro.
The crash is a debug ASSERT that happens when the IconRecord image is created in one thread and destroyed in
another one. IconDatabase creates and destroys IconRecord objects in both database and main thread. The
IconRecord is destroyed when the icon is no longer retained, and we only release icons when we fail to get the
image data (including pages that don't have a favicon). We can prevent this crash from happening if we ensure we
never create an Image for an IconRecord when the given image data is nullptr.
* UIProcess/API/glib/IconDatabase.cpp:
(WebKit::IconDatabase::IconRecord::setImageData):
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (219860 => 219861)
--- trunk/Source/WebKit/ChangeLog 2017-07-25 04:36:46 UTC (rev 219860)
+++ trunk/Source/WebKit/ChangeLog 2017-07-25 06:39:30 UTC (rev 219861)
@@ -1,3 +1,19 @@
+2017-07-24 Carlos Garcia Campos <[email protected]>
+
+ [GTK] Icon database error and crash
+ https://bugs.webkit.org/show_bug.cgi?id=174760
+
+ Reviewed by Michael Catanzaro.
+
+ The crash is a debug ASSERT that happens when the IconRecord image is created in one thread and destroyed in
+ another one. IconDatabase creates and destroys IconRecord objects in both database and main thread. The
+ IconRecord is destroyed when the icon is no longer retained, and we only release icons when we fail to get the
+ image data (including pages that don't have a favicon). We can prevent this crash from happening if we ensure we
+ never create an Image for an IconRecord when the given image data is nullptr.
+
+ * UIProcess/API/glib/IconDatabase.cpp:
+ (WebKit::IconDatabase::IconRecord::setImageData):
+
2017-07-24 Chris Dumez <[email protected]>
[WK2][Cocoa] Allow overriding the ITP data removal internal using a default
Modified: trunk/Source/WebKit/UIProcess/API/glib/IconDatabase.cpp (219860 => 219861)
--- trunk/Source/WebKit/UIProcess/API/glib/IconDatabase.cpp 2017-07-25 04:36:46 UTC (rev 219860)
+++ trunk/Source/WebKit/UIProcess/API/glib/IconDatabase.cpp 2017-07-25 06:39:30 UTC (rev 219861)
@@ -116,17 +116,20 @@
void IconDatabase::IconRecord::setImageData(RefPtr<SharedBuffer>&& data)
{
+ m_dataSet = true;
+
// It's okay to delete the raw image here. Any existing clients using this icon will be
// managing an image that was created with a copy of this raw image data.
+ if (!data->size()) {
+ m_image = nullptr;
+ return;
+ }
+
m_image = BitmapImage::create();
-
- // Copy the provided data into the buffer of the new Image object.
if (m_image->setData(WTFMove(data), true) < EncodedDataStatus::SizeAvailable) {
LOG(IconDatabase, "Manual image data for iconURL '%s' FAILED - it was probably invalid image data", m_iconURL.ascii().data());
m_image = nullptr;
}
-
- m_dataSet = true;
}
void IconDatabase::IconRecord::loadImageFromResource(const char* resource)
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
