Title: [280753] trunk/Source/WebKit
- Revision
- 280753
- Author
- [email protected]
- Date
- 2021-08-06 21:29:10 -0700 (Fri, 06 Aug 2021)
Log Message
Page on mhlw.go.jp triggers WebContent termination by GPU process
https://bugs.webkit.org/show_bug.cgi?id=228885
<rdar://81603231>
Reviewed by Wenson Hsieh.
https://www.mhlw.go.jp/stf/seisakunitsuite/bunya/0000164708_00001.html triggered an issue
where RemoteRenderingBackend::finalizeRenderingUpdate() would be called when the
GPU process had just processed a "switching to next item buffer" meta command,
but had not yet received the new item buffer. This triggered the
MESSAGE_CHECK(initialHandle, "Missing initial shared display list handle");
in RemoteRenderingBackend::wakeUpAndApplyDisplayList().
Protect against this by having finalizeRenderingUpdate() check that
arguments.itemBufferIdentifier had been received, which is similar to what happens
inside the loop in wakeUpAndApplyDisplayList() already.
Not easily testable.
* GPUProcess/graphics/RemoteRenderingBackend.cpp:
(WebKit::RemoteRenderingBackend::finalizeRenderingUpdate):
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (280752 => 280753)
--- trunk/Source/WebKit/ChangeLog 2021-08-07 02:04:18 UTC (rev 280752)
+++ trunk/Source/WebKit/ChangeLog 2021-08-07 04:29:10 UTC (rev 280753)
@@ -1,3 +1,27 @@
+2021-08-06 Simon Fraser <[email protected]>
+
+ Page on mhlw.go.jp triggers WebContent termination by GPU process
+ https://bugs.webkit.org/show_bug.cgi?id=228885
+ <rdar://81603231>
+
+ Reviewed by Wenson Hsieh.
+
+ https://www.mhlw.go.jp/stf/seisakunitsuite/bunya/0000164708_00001.html triggered an issue
+ where RemoteRenderingBackend::finalizeRenderingUpdate() would be called when the
+ GPU process had just processed a "switching to next item buffer" meta command,
+ but had not yet received the new item buffer. This triggered the
+ MESSAGE_CHECK(initialHandle, "Missing initial shared display list handle");
+ in RemoteRenderingBackend::wakeUpAndApplyDisplayList().
+
+ Protect against this by having finalizeRenderingUpdate() check that
+ arguments.itemBufferIdentifier had been received, which is similar to what happens
+ inside the loop in wakeUpAndApplyDisplayList() already.
+
+ Not easily testable.
+
+ * GPUProcess/graphics/RemoteRenderingBackend.cpp:
+ (WebKit::RemoteRenderingBackend::finalizeRenderingUpdate):
+
2021-08-06 Tim Horton <[email protected]>
Disable WKHoverPlatter for now
Modified: trunk/Source/WebKit/GPUProcess/graphics/RemoteRenderingBackend.cpp (280752 => 280753)
--- trunk/Source/WebKit/GPUProcess/graphics/RemoteRenderingBackend.cpp 2021-08-07 02:04:18 UTC (rev 280752)
+++ trunk/Source/WebKit/GPUProcess/graphics/RemoteRenderingBackend.cpp 2021-08-07 04:29:10 UTC (rev 280753)
@@ -521,8 +521,13 @@
void RemoteRenderingBackend::finalizeRenderingUpdate(RenderingUpdateID renderingUpdateID)
{
- if (m_pendingWakeupInfo && m_remoteResourceCache.cachedImageBuffer(m_pendingWakeupInfo->arguments.destinationImageBufferIdentifier))
+ auto shouldPerformWakeup = [&](const GPUProcessWakeupMessageArguments& arguments) {
+ return m_remoteResourceCache.cachedImageBuffer(arguments.destinationImageBufferIdentifier) && m_sharedDisplayListHandles.contains(arguments.itemBufferIdentifier);
+ };
+
+ if (m_pendingWakeupInfo && shouldPerformWakeup(m_pendingWakeupInfo->arguments))
wakeUpAndApplyDisplayList(std::exchange(m_pendingWakeupInfo, std::nullopt)->arguments);
+
send(Messages::RemoteRenderingBackendProxy::DidFinalizeRenderingUpdate(renderingUpdateID), m_renderingBackendIdentifier);
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
