Title: [285087] trunk
- Revision
- 285087
- Author
- mmaxfi...@apple.com
- Date
- 2021-10-30 19:24:17 -0700 (Sat, 30 Oct 2021)
Log Message
[GPU Process] Small ImageBuffers cause the web process to crash
https://bugs.webkit.org/show_bug.cgi?id=232470
<rdar://problem/84626560>
Reviewed by Tim Horton.
Source/WebKit:
The problem is when the (floating point) size < 1x1, but the size*resolution is >= 1x1.
In this situation, calculateSafeBackendSize() is correctly determining that this
isn't a zero-sized ImageBuffer, but when we go to actually pass the size to the GPU
process, we call this:
IntSize logicalSize() const override { return IntSize(m_parameters.logicalSize); }
So, the logical size gets truncated down to 0, and then the GPU process fails to allocate
the ImageBuffer, and then the web process blocks on the GPU process indefinitely, and then
eventually times out and then crashes. I'm going to deal with that last step (the crash
itself) in a secondary patch - if the web process doesn't hear from the GPU process, it
shouldn't crash.
This patch simply exposes a floatLogicalSize() function on ImageBuffer, so we can get
the full-fidelity logical size to pass that to the GPU process.
Test: compositing/device-pixel-image-buffer-hidpi.html
* WebProcess/GPU/graphics/RemoteRenderingBackendProxy.cpp:
(WebKit::RemoteRenderingBackendProxy::createRemoteImageBuffer):
LayoutTests:
* compositing/device-pixel-image-buffer-hidpi-expected.html: Added.
* compositing/device-pixel-image-buffer-hidpi.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (285086 => 285087)
--- trunk/LayoutTests/ChangeLog 2021-10-31 01:24:38 UTC (rev 285086)
+++ trunk/LayoutTests/ChangeLog 2021-10-31 02:24:17 UTC (rev 285087)
@@ -1,3 +1,14 @@
+2021-10-30 Myles C. Maxfield <mmaxfi...@apple.com>
+
+ [GPU Process] Small ImageBuffers cause the web process to crash
+ https://bugs.webkit.org/show_bug.cgi?id=232470
+ <rdar://problem/84626560>
+
+ Reviewed by Tim Horton.
+
+ * compositing/device-pixel-image-buffer-hidpi-expected.html: Added.
+ * compositing/device-pixel-image-buffer-hidpi.html: Added.
+
2021-10-30 Chris Dumez <cdu...@apple.com>
[ BigSur wk2 Debug arm64 ] webaudio/AudioBufferSource/audiobuffersource-playbackrate.html is a flaky crash
Added: trunk/LayoutTests/compositing/device-pixel-image-buffer-hidpi-expected.html (0 => 285087)
--- trunk/LayoutTests/compositing/device-pixel-image-buffer-hidpi-expected.html (rev 0)
+++ trunk/LayoutTests/compositing/device-pixel-image-buffer-hidpi-expected.html 2021-10-31 02:24:17 UTC (rev 285087)
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta name="viewport" content="width=device-width, initial-scale=1">
+</head>
+<body>
+This test passes if there is no crash. The crash might happen on a subsequent test.
+<div style="font-size: 20px; width: 50px; height: 0.5px; background: green; overflow: hidden;">Hello</div>
+</body>
+</html>
Added: trunk/LayoutTests/compositing/device-pixel-image-buffer-hidpi.html (0 => 285087)
--- trunk/LayoutTests/compositing/device-pixel-image-buffer-hidpi.html (rev 0)
+++ trunk/LayoutTests/compositing/device-pixel-image-buffer-hidpi.html 2021-10-31 02:24:17 UTC (rev 285087)
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta name="viewport" content="width=device-width, initial-scale=1">
+</head>
+<body>
+This test passes if there is no crash. The crash might happen on a subsequent test.
+<div style="transform: translateZ(20px); font-size: 20px; width: 50px; height: 0.5px; background: green; overflow: hidden;">Hello</div>
+</body>
+</html>
Modified: trunk/Source/WebKit/ChangeLog (285086 => 285087)
--- trunk/Source/WebKit/ChangeLog 2021-10-31 01:24:38 UTC (rev 285086)
+++ trunk/Source/WebKit/ChangeLog 2021-10-31 02:24:17 UTC (rev 285087)
@@ -1,3 +1,32 @@
+2021-10-30 Myles C. Maxfield <mmaxfi...@apple.com>
+
+ [GPU Process] Small ImageBuffers cause the web process to crash
+ https://bugs.webkit.org/show_bug.cgi?id=232470
+ <rdar://problem/84626560>
+
+ Reviewed by Tim Horton.
+
+ The problem is when the (floating point) size < 1x1, but the size*resolution is >= 1x1.
+ In this situation, calculateSafeBackendSize() is correctly determining that this
+ isn't a zero-sized ImageBuffer, but when we go to actually pass the size to the GPU
+ process, we call this:
+
+ IntSize logicalSize() const override { return IntSize(m_parameters.logicalSize); }
+
+ So, the logical size gets truncated down to 0, and then the GPU process fails to allocate
+ the ImageBuffer, and then the web process blocks on the GPU process indefinitely, and then
+ eventually times out and then crashes. I'm going to deal with that last step (the crash
+ itself) in a secondary patch - if the web process doesn't hear from the GPU process, it
+ shouldn't crash.
+
+ This patch simply exposes a floatLogicalSize() function on ImageBuffer, so we can get
+ the full-fidelity logical size to pass that to the GPU process.
+
+ Test: compositing/device-pixel-image-buffer-hidpi.html
+
+ * WebProcess/GPU/graphics/RemoteRenderingBackendProxy.cpp:
+ (WebKit::RemoteRenderingBackendProxy::createRemoteImageBuffer):
+
2021-10-30 Chris Dumez <cdu...@apple.com>
Improve error handling in sendWithAsyncReply()
Modified: trunk/Source/WebKit/WebProcess/GPU/graphics/RemoteRenderingBackendProxy.cpp (285086 => 285087)
--- trunk/Source/WebKit/WebProcess/GPU/graphics/RemoteRenderingBackendProxy.cpp 2021-10-31 01:24:38 UTC (rev 285086)
+++ trunk/Source/WebKit/WebProcess/GPU/graphics/RemoteRenderingBackendProxy.cpp 2021-10-31 02:24:17 UTC (rev 285087)
@@ -127,7 +127,7 @@
void RemoteRenderingBackendProxy::createRemoteImageBuffer(ImageBuffer& imageBuffer)
{
- sendToStream(Messages::RemoteRenderingBackend::CreateImageBuffer(imageBuffer.truncatedLogicalSize(), imageBuffer.renderingMode(), imageBuffer.resolutionScale(), imageBuffer.colorSpace(), imageBuffer.pixelFormat(), imageBuffer.renderingResourceIdentifier()));
+ sendToStream(Messages::RemoteRenderingBackend::CreateImageBuffer(imageBuffer.logicalSize(), imageBuffer.renderingMode(), imageBuffer.resolutionScale(), imageBuffer.colorSpace(), imageBuffer.pixelFormat(), imageBuffer.renderingResourceIdentifier()));
}
RefPtr<ImageBuffer> RemoteRenderingBackendProxy::createImageBuffer(const FloatSize& size, RenderingMode renderingMode, float resolutionScale, const DestinationColorSpace& colorSpace, PixelFormat pixelFormat)
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes