[webkit-changes] [224017] releases/WebKitGTK/webkit-2.18/Source/WebCore

[carlosgc]

Title: [224017] releases/WebKitGTK/webkit-2.18/Source/WebCore

Revision

224017

Author

carlo...@webkit.org

Date

2017-10-26 06:14:00 -0700 (Thu, 26 Oct 2017)

Log Message

[GTK][Stable] Crash on WebCore::SharedBuffer::data() on 2.18.1
https://bugs.webkit.org/show_bug.cgi?id=178852

Reviewed by Carlos Garcia Campos.

Add a mutex to control that the image decoders are not used at the same
time from the main thread and the decoding thread.

Backport of the fix to https://bugs.webkit.org/show_bug.cgi?id=178510
created by Fujii Hironori <hironori.fu...@sony.com>.

Covered by existent tests.

* platform/image-decoders/ImageDecoder.cpp:
(WebCore::ImageDecoder::frameIsCompleteAtIndex):
(WebCore::ImageDecoder::frameHasAlphaAtIndex const):
(WebCore::ImageDecoder::frameBytesAtIndex const):
(WebCore::ImageDecoder::frameDurationAtIndex):
(WebCore::ImageDecoder::createFrameImageAtIndex):
* platform/image-decoders/ImageDecoder.h:
(WebCore::ImageDecoder::setData):

Modified Paths

• releases/WebKitGTK/webkit-2.18/Source/WebCore/ChangeLog
• releases/WebKitGTK/webkit-2.18/Source/WebCore/platform/image-decoders/ImageDecoder.cpp
• releases/WebKitGTK/webkit-2.18/Source/WebCore/platform/image-decoders/ImageDecoder.h

Diff

Modified: releases/WebKitGTK/webkit-2.18/Source/WebCore/ChangeLog (224016 => 224017)

--- releases/WebKitGTK/webkit-2.18/Source/WebCore/ChangeLog	2017-10-26 12:50:06 UTC (rev 224016)
+++ releases/WebKitGTK/webkit-2.18/Source/WebCore/ChangeLog	2017-10-26 13:14:00 UTC (rev 224017)
@@ -1,5 +1,29 @@
 2017-10-26  Carlos Garcia Campos  <cgar...@igalia.com>
 
+        [GTK][Stable] Crash on WebCore::SharedBuffer::data() on 2.18.1
+        https://bugs.webkit.org/show_bug.cgi?id=178852
+
+        Reviewed by Carlos Garcia Campos.
+
+        Add a mutex to control that the image decoders are not used at the same
+        time from the main thread and the decoding thread.
+
+        Backport of the fix to https://bugs.webkit.org/show_bug.cgi?id=178510
+        created by Fujii Hironori <hironori.fu...@sony.com>.
+
+        Covered by existent tests.
+
+        * platform/image-decoders/ImageDecoder.cpp:
+        (WebCore::ImageDecoder::frameIsCompleteAtIndex):
+        (WebCore::ImageDecoder::frameHasAlphaAtIndex const):
+        (WebCore::ImageDecoder::frameBytesAtIndex const):
+        (WebCore::ImageDecoder::frameDurationAtIndex):
+        (WebCore::ImageDecoder::createFrameImageAtIndex):
+        * platform/image-decoders/ImageDecoder.h:
+        (WebCore::ImageDecoder::setData):
+
+2017-10-26  Carlos Garcia Campos  <cgar...@igalia.com>
+
         REGRESSION(r222090): [HarfBuzz] Arabic shaping is broken except for first word in line
         https://bugs.webkit.org/show_bug.cgi?id=178625
 

Modified: releases/WebKitGTK/webkit-2.18/Source/WebCore/platform/image-decoders/ImageDecoder.cpp (224016 => 224017)

--- releases/WebKitGTK/webkit-2.18/Source/WebCore/platform/image-decoders/ImageDecoder.cpp	2017-10-26 12:50:06 UTC (rev 224016)
+++ releases/WebKitGTK/webkit-2.18/Source/WebCore/platform/image-decoders/ImageDecoder.cpp	2017-10-26 13:14:00 UTC (rev 224017)
@@ -172,6 +172,7 @@
 
 bool ImageDecoder::frameIsCompleteAtIndex(size_t index)
 {
+    LockHolder lockHolder(m_mutex);
     ImageFrame* buffer = frameBufferAtIndex(index);
     return buffer && buffer->isComplete();
 }
@@ -178,6 +179,7 @@
 
 bool ImageDecoder::frameHasAlphaAtIndex(size_t index) const
 {
+    LockHolder lockHolder(m_mutex);
     if (m_frameBufferCache.size() <= index)
         return true;
     if (m_frameBufferCache[index].isComplete())
@@ -187,6 +189,7 @@
 
 unsigned ImageDecoder::frameBytesAtIndex(size_t index) const
 {
+    LockHolder lockHolder(m_mutex);
     if (m_frameBufferCache.size() <= index)
         return 0;
     // FIXME: Use the dimension of the requested frame.
@@ -195,6 +198,7 @@
 
 float ImageDecoder::frameDurationAtIndex(size_t index)
 {
+    LockHolder lockHolder(m_mutex);
     ImageFrame* buffer = frameBufferAtIndex(index);
     if (!buffer || buffer->isInvalid())
         return 0;
@@ -211,6 +215,7 @@
 
 NativeImagePtr ImageDecoder::createFrameImageAtIndex(size_t index, SubsamplingLevel, const DecodingOptions&)
 {
+    LockHolder lockHolder(m_mutex);
     // Zero-height images can cause problems for some ports. If we have an empty image dimension, just bail.
     if (size().isEmpty())
         return nullptr;

Modified: releases/WebKitGTK/webkit-2.18/Source/WebCore/platform/image-decoders/ImageDecoder.h (224016 => 224017)

--- releases/WebKitGTK/webkit-2.18/Source/WebCore/platform/image-decoders/ImageDecoder.h	2017-10-26 12:50:06 UTC (rev 224016)
+++ releases/WebKitGTK/webkit-2.18/Source/WebCore/platform/image-decoders/ImageDecoder.h	2017-10-26 13:14:00 UTC (rev 224017)
@@ -33,6 +33,7 @@
 #include "IntSize.h"
 #include "SharedBuffer.h"
 #include <wtf/Assertions.h>
+#include <wtf/Lock.h>
 #include <wtf/Optional.h>
 #include <wtf/RefPtr.h>
 #include <wtf/Vector.h>
@@ -75,6 +76,7 @@
 
     virtual void setData(SharedBuffer& data, bool allDataReceived)
     {
+        LockHolder lockHolder(m_mutex);
         if (m_encodedDataStatus == EncodedDataStatus::Error)
             return;
 
@@ -208,6 +210,7 @@
 
     RefPtr<SharedBuffer> m_data; // The encoded data.
     Vector<ImageFrame, 1> m_frameBufferCache;
+    mutable Lock m_mutex;
     bool m_scaled { false };
     Vector<int> m_scaledColumns;
     Vector<int> m_scaledRows;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes