Skip to site navigation (Press enter)

[webkit-changes] [277845] trunk/Source/WebCore

cdumez Thu, 20 May 2021 19:21:17 -0700

Title: [277845] trunk/Source/WebCore

Revision: 277845
Author: [email protected]
Date: 2021-05-20 19:21:09 -0700 (Thu, 20 May 2021)

Log Message

Fix locking in PlatformCALayer
https://bugs.webkit.org/show_bug.cgi?id=226062


Reviewed by Tim Horton.

Fix locking issue in PlatformCALayer found by Clang Thread Safety Analysis.
We were locking before querying layerToPlatformLayerMap(), but failing to
do so when adding or removing from layerToPlatformLayerMap().

* platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:
(WebCore::WTF_REQUIRES_LOCK):
(WebCore::PlatformCALayer::platformCALayerForLayer):
(WebCore::PlatformCALayerCocoa::commonInit):
(WebCore::PlatformCALayerCocoa::~PlatformCALayerCocoa):
(WebCore::layerToPlatformLayerMap): Deleted.

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm

Diff

Modified: trunk/Source/WebCore/ChangeLog (277844 => 277845)


--- trunk/Source/WebCore/ChangeLog	2021-05-21 01:56:59 UTC (rev 277844)
+++ trunk/Source/WebCore/ChangeLog	2021-05-21 02:21:09 UTC (rev 277845)
@@ -1,5 +1,23 @@
 2021-05-20  Chris Dumez  <[email protected]>
 
+        Fix locking in PlatformCALayer
+        https://bugs.webkit.org/show_bug.cgi?id=226062
+
+        Reviewed by Tim Horton.
+
+        Fix locking issue in PlatformCALayer found by Clang Thread Safety Analysis.
+        We were locking before querying layerToPlatformLayerMap(), but failing to
+        do so when adding or removing from layerToPlatformLayerMap().
+
+        * platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:
+        (WebCore::WTF_REQUIRES_LOCK):
+        (WebCore::PlatformCALayer::platformCALayerForLayer):
+        (WebCore::PlatformCALayerCocoa::commonInit):
+        (WebCore::PlatformCALayerCocoa::~PlatformCALayerCocoa):
+        (WebCore::layerToPlatformLayerMap): Deleted.
+
+2021-05-20  Chris Dumez  <[email protected]>
+
         Add missing lock in AXIsolatedTree::treeForID()
         https://bugs.webkit.org/show_bug.cgi?id=226060
         <rdar://problem/78287227>

Modified: trunk/Source/WebCore/platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm (277844 => 277845)


--- trunk/Source/WebCore/platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm	2021-05-21 01:56:59 UTC (rev 277844)
+++ trunk/Source/WebCore/platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm	2021-05-21 02:21:09 UTC (rev 277845)
@@ -53,6 +53,7 @@
 #import <objc/runtime.h>
 #import <wtf/BlockObjCExceptions.h>
 #import <wtf/BlockPtr.h>
+#import <wtf/CheckedLock.h>
 #import <wtf/RetainPtr.h>
 #import <wtf/cocoa/VectorCocoa.h>
 
@@ -75,7 +76,8 @@
 
 using LayerToPlatformCALayerMap = HashMap<void*, PlatformCALayer*>;
 
-static LayerToPlatformCALayerMap& layerToPlatformLayerMap()
+static CheckedLock layerToPlatformLayerMapLock;
+static LayerToPlatformCALayerMap& layerToPlatformLayerMap() WTF_REQUIRES_LOCK(layerToPlatformLayerMapLock)
 {
     static NeverDestroyed<LayerToPlatformCALayerMap> layerMap;
     return layerMap;
@@ -87,8 +89,7 @@
     if (!platformLayer)
         return nullptr;
 
-    static Lock lock;
-    LockHolder lockHolder(lock);
+    Locker locker { layerToPlatformLayerMapLock };
     return layerToPlatformLayerMap().get(platformLayer);
 }
 
@@ -312,7 +313,10 @@
 {
     BEGIN_BLOCK_OBJC_EXCEPTIONS
 
-    layerToPlatformLayerMap().add(m_layer.get(), this);
+    {
+        Locker locker { layerToPlatformLayerMapLock };
+        layerToPlatformLayerMap().add(m_layer.get(), this);
+    }
     
     // Clear all the implicit animations on the CALayer
     if (m_layerType == LayerTypeAVPlayerLayer || m_layerType == LayerTypeContentsProvidedLayer || m_layerType == LayerTypeScrollContainerLayer || m_layerType == LayerTypeCustom)
@@ -392,7 +396,10 @@
 
 PlatformCALayerCocoa::~PlatformCALayerCocoa()
 {
-    layerToPlatformLayerMap().remove(m_layer.get());
+    {
+        Locker locker { layerToPlatformLayerMapLock };
+        layerToPlatformLayerMap().remove(m_layer.get());
+    }
     
     // Remove the owner pointer from the delegate in case there is a pending animationStarted event.
     [static_cast<WebAnimationDelegate*>(m_delegate.get()) setOwner:nil];

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes