[webkit-changes] [283209] trunk/Source/WebKit

[simon . fraser]

Title: [283209] trunk/Source/WebKit

Revision

283209

Author

simon.fra...@apple.com

Date

2021-09-28 20:52:14 -0700 (Tue, 28 Sep 2021)

Log Message

Crash in WebKit::DisplayLink::displayLinkCallback()
https://bugs.webkit.org/show_bug.cgi?id=230917
<rdar://82528370>

Reviewed by Tim Horton.

We have evidence of a divide-by-zero crash in DisplayLink::notifyObserversDisplayWasRefreshed()
where m_currentUpdate.updatesPerSecond is zero. The only way I can see this happening
is if DisplayLink::DisplayLink() returns early, which should log. Protect against
this by initializing m_displayNominalFramesPerSecond to 60, and do another check,
with a log, in DisplayLink::addObserver() before we use m_displayNominalFramesPerSecond
for the first time.

Convert the logging to RELEASE_LOG_FAULT reports.

* UIProcess/mac/DisplayLink.cpp:
(WebKit::DisplayLink::DisplayLink):
(WebKit::DisplayLink::addObserver):
* UIProcess/mac/DisplayLink.h:

Modified Paths

• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/UIProcess/mac/DisplayLink.cpp
• trunk/Source/WebKit/UIProcess/mac/DisplayLink.h

Diff

Modified: trunk/Source/WebKit/ChangeLog (283208 => 283209)

--- trunk/Source/WebKit/ChangeLog	2021-09-29 03:16:47 UTC (rev 283208)
+++ trunk/Source/WebKit/ChangeLog	2021-09-29 03:52:14 UTC (rev 283209)
@@ -1,3 +1,25 @@
+2021-09-28  Simon Fraser  <simon.fra...@apple.com>
+
+        Crash in WebKit::DisplayLink::displayLinkCallback()
+        https://bugs.webkit.org/show_bug.cgi?id=230917
+        <rdar://82528370>
+
+        Reviewed by Tim Horton.
+
+        We have evidence of a divide-by-zero crash in DisplayLink::notifyObserversDisplayWasRefreshed()
+        where m_currentUpdate.updatesPerSecond is zero. The only way I can see this happening
+        is if DisplayLink::DisplayLink() returns early, which should log. Protect against
+        this by initializing m_displayNominalFramesPerSecond to 60, and do another check,
+        with a log, in DisplayLink::addObserver() before we use m_displayNominalFramesPerSecond
+        for the first time.
+
+        Convert the logging to RELEASE_LOG_FAULT reports.
+
+        * UIProcess/mac/DisplayLink.cpp:
+        (WebKit::DisplayLink::DisplayLink):
+        (WebKit::DisplayLink::addObserver):
+        * UIProcess/mac/DisplayLink.h:
+
 2021-09-28  Brent Fulgham  <bfulg...@apple.com>
 
         Remove unused "com.apple.security.exception.file*" rules from WebKit sandboxes 

Modified: trunk/Source/WebKit/UIProcess/mac/DisplayLink.cpp (283208 => 283209)

--- trunk/Source/WebKit/UIProcess/mac/DisplayLink.cpp	2021-09-29 03:16:47 UTC (rev 283208)
+++ trunk/Source/WebKit/UIProcess/mac/DisplayLink.cpp	2021-09-29 03:52:14 UTC (rev 283209)
@@ -48,13 +48,13 @@
     ASSERT(hasProcessPrivilege(ProcessPrivilege::CanCommunicateWithWindowServer));
     CVReturn error = CVDisplayLinkCreateWithCGDisplay(displayID, &m_displayLink);
     if (error) {
-        WTFLogAlways("Could not create a display link for display %u: error %d", displayID, error);
+        RELEASE_LOG_FAULT(DisplayLink, "Could not create a display link for display %u: error %d", displayID, error);
         return;
     }
     
     error = CVDisplayLinkSetOutputCallback(m_displayLink, displayLinkCallback, this);
     if (error) {
-        WTFLogAlways("Could not set the display link output callback for display %u: error %d", displayID, error);
+        RELEASE_LOG_FAULT(DisplayLink, "DisplayLink: Could not set the display link output callback for display %u: error %d", displayID, error);
         return;
     }
 
@@ -103,8 +103,13 @@
         LOG_WITH_STREAM(DisplayLink, stream << "[UI ] DisplayLink for display " << m_displayID << " starting CVDisplayLink with fps " << m_displayNominalFramesPerSecond);
         CVReturn error = CVDisplayLinkStart(m_displayLink);
         if (error)
-            WTFLogAlways("Could not start the display link: %d", error);
+            RELEASE_LOG_FAULT(DisplayLink, "DisplayLink: Could not start the display link: %d", error);
 
+        if (!m_displayNominalFramesPerSecond) {
+            RELEASE_LOG_FAULT(DisplayLink, "DisplayLink: displayNominalFramesPerSecond is 0, using %d", WebCore::FullSpeedFramesPerSecond);
+            m_displayNominalFramesPerSecond = WebCore::FullSpeedFramesPerSecond;
+        };
+
         m_currentUpdate = { 0, m_displayNominalFramesPerSecond };
     }
 }

Modified: trunk/Source/WebKit/UIProcess/mac/DisplayLink.h (283208 => 283209)

--- trunk/Source/WebKit/UIProcess/mac/DisplayLink.h	2021-09-29 03:16:47 UTC (rev 283208)
+++ trunk/Source/WebKit/UIProcess/mac/DisplayLink.h	2021-09-29 03:52:14 UTC (rev 283209)
@@ -87,7 +87,7 @@
     Lock m_observersLock;
     HashMap<IPC::Connection::UniqueID, ConnectionClientInfo> m_observers WTF_GUARDED_BY_LOCK(m_observersLock);
     WebCore::PlatformDisplayID m_displayID;
-    WebCore::FramesPerSecond m_displayNominalFramesPerSecond { 0 };
+    WebCore::FramesPerSecond m_displayNominalFramesPerSecond { WebCore::FullSpeedFramesPerSecond };
     WebCore::DisplayUpdate m_currentUpdate;
     unsigned m_fireCountWithoutObservers { 0 };
     static bool shouldSendIPCOnBackgroundQueue;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes