[webkit-changes] [231433] releases/WebKitGTK/webkit-2.20/Source/WebCore

[carlosgc]

Title: [231433] releases/WebKitGTK/webkit-2.20/Source/WebCore

Revision

231433

Author

carlo...@webkit.org

Date

2018-05-07 02:49:20 -0700 (Mon, 07 May 2018)

Log Message

Merge r231300 - WebCore::TextureMapperLayer object used after freed
https://bugs.webkit.org/show_bug.cgi?id=184729

Reviewed by Michael Catanzaro.

Replace the raw pointers with WeakPtr for effectTarget, maskLayer and replicaLayer
inside TextureMapperLayer.

* platform/graphics/texmap/TextureMapperLayer.cpp:
(WebCore::TextureMapperLayer::~TextureMapperLayer):
(WebCore::TextureMapperLayer::setMaskLayer):
(WebCore::TextureMapperLayer::setReplicaLayer):
* platform/graphics/texmap/TextureMapperLayer.h:

Modified Paths

• releases/WebKitGTK/webkit-2.20/Source/WebCore/ChangeLog
• releases/WebKitGTK/webkit-2.20/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp
• releases/WebKitGTK/webkit-2.20/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.h

Diff

Modified: releases/WebKitGTK/webkit-2.20/Source/WebCore/ChangeLog (231432 => 231433)

--- releases/WebKitGTK/webkit-2.20/Source/WebCore/ChangeLog	2018-05-07 09:49:15 UTC (rev 231432)
+++ releases/WebKitGTK/webkit-2.20/Source/WebCore/ChangeLog	2018-05-07 09:49:20 UTC (rev 231433)
@@ -1,3 +1,19 @@
+2018-05-03  Miguel Gomez  <mago...@igalia.com>
+
+        WebCore::TextureMapperLayer object used after freed
+        https://bugs.webkit.org/show_bug.cgi?id=184729
+
+        Reviewed by Michael Catanzaro.
+
+        Replace the raw pointers with WeakPtr for effectTarget, maskLayer and replicaLayer
+        inside TextureMapperLayer.
+
+        * platform/graphics/texmap/TextureMapperLayer.cpp:
+        (WebCore::TextureMapperLayer::~TextureMapperLayer):
+        (WebCore::TextureMapperLayer::setMaskLayer):
+        (WebCore::TextureMapperLayer::setReplicaLayer):
+        * platform/graphics/texmap/TextureMapperLayer.h:
+
 2018-04-30  Myles C. Maxfield  <mmaxfi...@apple.com>
 
         Improve the performance of FontCascadeDescription's effectiveFamilies

Modified: releases/WebKitGTK/webkit-2.20/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp (231432 => 231433)

--- releases/WebKitGTK/webkit-2.20/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp	2018-05-07 09:49:15 UTC (rev 231432)
+++ releases/WebKitGTK/webkit-2.20/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp	2018-05-07 09:49:20 UTC (rev 231433)
@@ -449,13 +449,6 @@
         child->m_parent = nullptr;
 
     removeFromParent();
-
-    if (m_effectTarget) {
-        if (m_effectTarget->m_state.maskLayer == this)
-            m_effectTarget->m_state.maskLayer = nullptr;
-        if (m_effectTarget->m_state.replicaLayer == this)
-            m_effectTarget->m_state.replicaLayer = nullptr;
-    }
 }
 
 #if !USE(COORDINATED_GRAPHICS)
@@ -505,16 +498,20 @@
 
 void TextureMapperLayer::setMaskLayer(TextureMapperLayer* maskLayer)
 {
-    if (maskLayer)
-        maskLayer->m_effectTarget = this;
-    m_state.maskLayer = maskLayer;
+    if (maskLayer) {
+        maskLayer->m_effectTarget = createWeakPtr();
+        m_state.maskLayer = maskLayer->createWeakPtr();
+    } else
+        m_state.maskLayer = nullptr;
 }
 
 void TextureMapperLayer::setReplicaLayer(TextureMapperLayer* replicaLayer)
 {
-    if (replicaLayer)
-        replicaLayer->m_effectTarget = this;
-    m_state.replicaLayer = replicaLayer;
+    if (replicaLayer) {
+        replicaLayer->m_effectTarget = createWeakPtr();
+        m_state.replicaLayer = replicaLayer->createWeakPtr();
+    } else
+        m_state.replicaLayer = nullptr;
 }
 
 void TextureMapperLayer::setPosition(const FloatPoint& position)

Modified: releases/WebKitGTK/webkit-2.20/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.h (231432 => 231433)

--- releases/WebKitGTK/webkit-2.20/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.h	2018-05-07 09:49:15 UTC (rev 231432)
+++ releases/WebKitGTK/webkit-2.20/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.h	2018-05-07 09:49:20 UTC (rev 231433)
@@ -26,6 +26,7 @@
 #include "TextureMapper.h"
 #include "TextureMapperAnimation.h"
 #include "TextureMapperBackingStore.h"
+#include <wtf/WeakPtr.h>
 
 namespace WebCore {
 
@@ -59,6 +60,7 @@
     { }
 
     virtual ~TextureMapperLayer();
+    WeakPtr<TextureMapperLayer> createWeakPtr() { return m_weakFactory.createWeakPtr(*this); }
 
     void setID(uint32_t id) { m_id = id; }
     uint32_t id() { return m_id; }
@@ -185,9 +187,10 @@
         return FloatRect(FloatPoint::zero(), m_state.size);
     }
 
+    WeakPtrFactory<TextureMapperLayer> m_weakFactory;
     Vector<TextureMapperLayer*> m_children;
     TextureMapperLayer* m_parent;
-    TextureMapperLayer* m_effectTarget;
+    WeakPtr<TextureMapperLayer> m_effectTarget;
     RefPtr<TextureMapperBackingStore> m_backingStore;
     TextureMapperPlatformLayer* m_contentsLayer;
     GraphicsLayerTransform m_currentTransform;
@@ -211,8 +214,8 @@
         FloatRect contentsRect;
         FloatSize contentsTileSize;
         FloatSize contentsTilePhase;
-        TextureMapperLayer* maskLayer;
-        TextureMapperLayer* replicaLayer;
+        WeakPtr<TextureMapperLayer> maskLayer;
+        WeakPtr<TextureMapperLayer> replicaLayer;
         Color solidColor;
         FilterOperations filters;
         Color debugBorderColor;
@@ -231,8 +234,6 @@
 
         State()
             : opacity(1)
-            , maskLayer(0)
-            , replicaLayer(0)
             , debugBorderWidth(0)
             , repaintCount(0)
             , preserves3D(false)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes