[webkit-changes] [281613] trunk

Wed, 25 Aug 2021 20:38:30 -0700

Title: [281613] trunk
Revision
281613
Author
[email protected]
Date
2021-08-25 20:37:36 -0700 (Wed, 25 Aug 2021)

Log Message

Crash in GraphicsContextGLOpenGL::reshapeDisplayBufferBacking
https://bugs.webkit.org/show_bug.cgi?id=229309

Patch by Alex Christensen <[email protected]> on 2021-08-25
Reviewed by Myles C. Maxfield.

Source/WebCore:

Test: fast/canvas/xr-compatible-crash.html

Null check m_swapChain because reshapeDisplayBufferBacking can be called before it is set.

* html/canvas/WebGLRenderingContextBase.cpp:
(WebCore::WebGLRenderingContextBase::addContextObject):
* platform/graphics/angle/GraphicsContextGLANGLE.cpp:
(WebCore::GraphicsContextGLOpenGL::reshapeFBOs):
* platform/graphics/cocoa/GraphicsContextGLOpenGLCocoa.mm:
(WebCore::GraphicsContextGLOpenGL::reshapeDisplayBufferBacking):

LayoutTests:

* fast/canvas/xr-compatible-crash.html: Added.
* fast/canvas/xr-compatible-crash-expected.txt: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (281612 => 281613)


--- trunk/LayoutTests/ChangeLog	2021-08-26 03:08:42 UTC (rev 281612)
+++ trunk/LayoutTests/ChangeLog	2021-08-26 03:37:36 UTC (rev 281613)
@@ -1,3 +1,13 @@
+2021-08-25  Alex Christensen  <[email protected]>
+
+        Crash in GraphicsContextGLOpenGL::reshapeDisplayBufferBacking
+        https://bugs.webkit.org/show_bug.cgi?id=229309
+
+        Reviewed by Myles C. Maxfield.
+
+        * fast/canvas/xr-compatible-crash.html: Added.
+        * fast/canvas/xr-compatible-crash-expected.txt: Added.
+
 2021-08-25  Aditya Keerthi  <[email protected]>
 
         [iOS] Unable to select files when the accept attribute is set to "*/*"

Added: trunk/LayoutTests/fast/canvas/xr-compatible-crash-expected.txt (0 => 281613)


--- trunk/LayoutTests/fast/canvas/xr-compatible-crash-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/canvas/xr-compatible-crash-expected.txt	2021-08-26 03:37:36 UTC (rev 281613)
@@ -0,0 +1 @@
+This test passes if it does not crash.

Added: trunk/LayoutTests/fast/canvas/xr-compatible-crash.html (0 => 281613)


--- trunk/LayoutTests/fast/canvas/xr-compatible-crash.html	                        (rev 0)
+++ trunk/LayoutTests/fast/canvas/xr-compatible-crash.html	2021-08-26 03:37:36 UTC (rev 281613)
@@ -0,0 +1,8 @@
+This test passes if it does not crash.
+<script>
+  if (window.testRunner) {
+    testRunner.dumpAsText();
+  }
+  in_canvas = document.body.appendChild(document.createElement('canvas'));
+  webgl = in_canvas.getContext('webgl', { xrCompatible: true });
+</script>

Modified: trunk/Source/WebCore/ChangeLog (281612 => 281613)


--- trunk/Source/WebCore/ChangeLog	2021-08-26 03:08:42 UTC (rev 281612)
+++ trunk/Source/WebCore/ChangeLog	2021-08-26 03:37:36 UTC (rev 281613)
@@ -1,3 +1,21 @@
+2021-08-25  Alex Christensen  <[email protected]>
+
+        Crash in GraphicsContextGLOpenGL::reshapeDisplayBufferBacking
+        https://bugs.webkit.org/show_bug.cgi?id=229309
+
+        Reviewed by Myles C. Maxfield.
+
+        Test: fast/canvas/xr-compatible-crash.html
+
+        Null check m_swapChain because reshapeDisplayBufferBacking can be called before it is set.
+
+        * html/canvas/WebGLRenderingContextBase.cpp:
+        (WebCore::WebGLRenderingContextBase::addContextObject):
+        * platform/graphics/angle/GraphicsContextGLANGLE.cpp:
+        (WebCore::GraphicsContextGLOpenGL::reshapeFBOs):
+        * platform/graphics/cocoa/GraphicsContextGLOpenGLCocoa.mm:
+        (WebCore::GraphicsContextGLOpenGL::reshapeDisplayBufferBacking):
+
 2021-08-25  Wenson Hsieh  <[email protected]>
 
         Remove some iOS-specific compile-time guards that are no longer needed

Modified: trunk/Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp (281612 => 281613)


--- trunk/Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp	2021-08-26 03:08:42 UTC (rev 281612)
+++ trunk/Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp	2021-08-26 03:37:36 UTC (rev 281613)
@@ -6336,7 +6336,6 @@
     if (m_isPendingPolicyResolution)
         return;
 
-    ASSERT(!isContextLost());
     m_contextObjects.add(&object);
 }

Modified: trunk/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp (281612 => 281613)


--- trunk/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp	2021-08-26 03:08:42 UTC (rev 281612)
+++ trunk/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp	2021-08-26 03:37:36 UTC (rev 281613)
@@ -149,7 +149,6 @@
 
     // resize regular FBO
     gl::BindFramebuffer(GL_FRAMEBUFFER, m_fbo);
-    ASSERT(m_texture);
 
 #if PLATFORM(COCOA)
     if (!reshapeDisplayBufferBacking()) {

Modified: trunk/Source/WebCore/platform/graphics/cocoa/GraphicsContextGLOpenGLCocoa.mm (281612 => 281613)


--- trunk/Source/WebCore/platform/graphics/cocoa/GraphicsContextGLOpenGLCocoa.mm	2021-08-26 03:08:42 UTC (rev 281612)
+++ trunk/Source/WebCore/platform/graphics/cocoa/GraphicsContextGLOpenGLCocoa.mm	2021-08-26 03:37:36 UTC (rev 281613)
@@ -621,10 +621,12 @@
         m_displayBufferPbuffer = EGL_NO_SURFACE;
     }
     // Reset the future recycled buffer now, because it most likely will not be reusable at the time it will be reused.
-    auto recycledBuffer = m_swapChain->recycleBuffer();
-    if (recycledBuffer.handle)
-        EGL_DestroySurface(m_displayObj, recycledBuffer.handle);
-    recycledBuffer.surface.reset();
+    if (m_swapChain) {
+        auto recycledBuffer = m_swapChain->recycleBuffer();
+        if (recycledBuffer.handle)
+            EGL_DestroySurface(m_displayObj, recycledBuffer.handle);
+        recycledBuffer.surface.reset();
+    }
     return allocateAndBindDisplayBufferBacking();
 }
 

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to