Title: [270417] trunk/Source
- Revision
- 270417
- Author
- [email protected]
- Date
- 2020-12-03 16:24:28 -0800 (Thu, 03 Dec 2020)
Log Message
[GPU Process] Disconnect NativeImages from RemoteResourceCacheProxy when RemoteRenderingBackendProxy is destroyed
https://bugs.webkit.org/show_bug.cgi?id=219417
Reviewed by Tim Horton.
Source/WebCore:
Allow multiple observers for a single NativeImage. The NativeImage is
usually a frame of a CachedImage. The CachedImage can be referenced by
multiple pages and every page has its RemoteRenderingBackendProxy which
is a superclass of NativeImage::Observer.s
* platform/graphics/NativeImage.cpp:
(WebCore::NativeImage::~NativeImage):
* platform/graphics/NativeImage.h:
(WebCore::NativeImage::addObserver):
(WebCore::NativeImage::removeObserver):
(WebCore::NativeImage::setObserver): Deleted.
(): Deleted.
Source/WebKit:
If the WebPage is destroyed before destroying the CachedImages, a crash
may happen. The NativeImage will try to release itself from its observer,
which is RemoteResourceCacheProxy, after it has been freed.
* WebProcess/GPU/graphics/RemoteResourceCacheProxy.cpp:
(WebKit::RemoteResourceCacheProxy::~RemoteResourceCacheProxy):
(WebKit::RemoteResourceCacheProxy::cacheNativeImage):
* WebProcess/GPU/graphics/RemoteResourceCacheProxy.h:
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (270416 => 270417)
--- trunk/Source/WebCore/ChangeLog 2020-12-04 00:07:04 UTC (rev 270416)
+++ trunk/Source/WebCore/ChangeLog 2020-12-04 00:24:28 UTC (rev 270417)
@@ -1,3 +1,23 @@
+2020-12-03 Said Abou-Hallawa <[email protected]>
+
+ [GPU Process] Disconnect NativeImages from RemoteResourceCacheProxy when RemoteRenderingBackendProxy is destroyed
+ https://bugs.webkit.org/show_bug.cgi?id=219417
+
+ Reviewed by Tim Horton.
+
+ Allow multiple observers for a single NativeImage. The NativeImage is
+ usually a frame of a CachedImage. The CachedImage can be referenced by
+ multiple pages and every page has its RemoteRenderingBackendProxy which
+ is a superclass of NativeImage::Observer.s
+
+ * platform/graphics/NativeImage.cpp:
+ (WebCore::NativeImage::~NativeImage):
+ * platform/graphics/NativeImage.h:
+ (WebCore::NativeImage::addObserver):
+ (WebCore::NativeImage::removeObserver):
+ (WebCore::NativeImage::setObserver): Deleted.
+ (): Deleted.
+
2020-12-03 Simon Fraser <[email protected]>
Use red color for sync wheel event handler debug overlay text
Modified: trunk/Source/WebCore/platform/graphics/NativeImage.cpp (270416 => 270417)
--- trunk/Source/WebCore/platform/graphics/NativeImage.cpp 2020-12-04 00:07:04 UTC (rev 270416)
+++ trunk/Source/WebCore/platform/graphics/NativeImage.cpp 2020-12-04 00:24:28 UTC (rev 270417)
@@ -58,8 +58,8 @@
NativeImage::~NativeImage()
{
- if (m_observer)
- m_observer->releaseNativeImage(m_renderingResourceIdentifier);
+ for (auto observer : m_observers)
+ observer->releaseNativeImage(m_renderingResourceIdentifier);
}
} // namespace WebCore
Modified: trunk/Source/WebCore/platform/graphics/NativeImage.h (270416 => 270417)
--- trunk/Source/WebCore/platform/graphics/NativeImage.h 2020-12-04 00:07:04 UTC (rev 270416)
+++ trunk/Source/WebCore/platform/graphics/NativeImage.h 2020-12-04 00:24:28 UTC (rev 270417)
@@ -32,6 +32,7 @@
#include "PlatformImage.h"
#include "RenderingResourceIdentifier.h"
#include <wtf/HashMap.h>
+#include <wtf/HashSet.h>
#include <wtf/RefCounted.h>
#include <wtf/WeakPtr.h>
@@ -60,7 +61,9 @@
bool hasAlpha() const;
Color singlePixelSolidColor() const;
- void setObserver(Observer* observer) { m_observer = observer; }
+ void addObserver(Observer& observer) { m_observers.add(&observer); }
+ void removeObserver(Observer& observer) { m_observers.remove(&observer); }
+
void clearSubimages();
private:
@@ -68,7 +71,7 @@
NativeImage(const PlatformImagePtr&, RenderingResourceIdentifier);
PlatformImagePtr m_platformImage;
- Observer* m_observer { nullptr };
+ HashSet<Observer*> m_observers;
RenderingResourceIdentifier m_renderingResourceIdentifier;
};
Modified: trunk/Source/WebKit/ChangeLog (270416 => 270417)
--- trunk/Source/WebKit/ChangeLog 2020-12-04 00:07:04 UTC (rev 270416)
+++ trunk/Source/WebKit/ChangeLog 2020-12-04 00:24:28 UTC (rev 270417)
@@ -1,3 +1,19 @@
+2020-12-03 Said Abou-Hallawa <[email protected]>
+
+ [GPU Process] Disconnect NativeImages from RemoteResourceCacheProxy when RemoteRenderingBackendProxy is destroyed
+ https://bugs.webkit.org/show_bug.cgi?id=219417
+
+ Reviewed by Tim Horton.
+
+ If the WebPage is destroyed before destroying the CachedImages, a crash
+ may happen. The NativeImage will try to release itself from its observer,
+ which is RemoteResourceCacheProxy, after it has been freed.
+
+ * WebProcess/GPU/graphics/RemoteResourceCacheProxy.cpp:
+ (WebKit::RemoteResourceCacheProxy::~RemoteResourceCacheProxy):
+ (WebKit::RemoteResourceCacheProxy::cacheNativeImage):
+ * WebProcess/GPU/graphics/RemoteResourceCacheProxy.h:
+
2020-12-03 Chris Dumez <[email protected]>
Bad IPC from the WebProcess should not terminate the GPUProcess
Modified: trunk/Source/WebKit/WebProcess/GPU/graphics/RemoteResourceCacheProxy.cpp (270416 => 270417)
--- trunk/Source/WebKit/WebProcess/GPU/graphics/RemoteResourceCacheProxy.cpp 2020-12-04 00:07:04 UTC (rev 270416)
+++ trunk/Source/WebKit/WebProcess/GPU/graphics/RemoteResourceCacheProxy.cpp 2020-12-04 00:24:28 UTC (rev 270417)
@@ -38,6 +38,12 @@
{
}
+RemoteResourceCacheProxy::~RemoteResourceCacheProxy()
+{
+ for (auto& image : m_nativeImages.values())
+ image->removeObserver(*this);
+}
+
void RemoteResourceCacheProxy::cacheImageBuffer(WebCore::ImageBuffer& imageBuffer)
{
auto addResult = m_imageBuffers.add(imageBuffer.renderingResourceIdentifier(), makeWeakPtr(imageBuffer));
@@ -60,7 +66,7 @@
m_nativeImages.ensure(image.renderingResourceIdentifier(), [&]() {
// Set itself as an observer to NativeImage, so releaseNativeImage()
// gets called when NativeImage is being deleleted.
- image.setObserver(this);
+ image.addObserver(*this);
// Tell the GPU process to cache this resource.
m_remoteRenderingBackendProxy.cacheNativeImage(image);
Modified: trunk/Source/WebKit/WebProcess/GPU/graphics/RemoteResourceCacheProxy.h (270416 => 270417)
--- trunk/Source/WebKit/WebProcess/GPU/graphics/RemoteResourceCacheProxy.h 2020-12-04 00:07:04 UTC (rev 270416)
+++ trunk/Source/WebKit/WebProcess/GPU/graphics/RemoteResourceCacheProxy.h 2020-12-04 00:24:28 UTC (rev 270417)
@@ -42,6 +42,7 @@
class RemoteResourceCacheProxy : public WebCore::NativeImage::Observer {
public:
RemoteResourceCacheProxy(RemoteRenderingBackendProxy&);
+ ~RemoteResourceCacheProxy();
void cacheImageBuffer(WebCore::ImageBuffer&);
WebCore::ImageBuffer* cachedImageBuffer(WebCore::RenderingResourceIdentifier);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
