Title: [285088] trunk/Source/WebKit
- Revision
- 285088
- Author
- mmaxfi...@apple.com
- Date
- 2021-10-30 19:37:24 -0700 (Sat, 30 Oct 2021)
Log Message
Web process shouldn't crash if ImageBuffer::ensureBackendCreated() fails
https://bugs.webkit.org/show_bug.cgi?id=232520
<rdar://problem/84829717>
Reviewed by Simon Fraser.
Guard against the possibility of it returning null.
No new tests because there shouldn't be any behavior change after https://bugs.webkit.org/show_bug.cgi?id=232470.
It's still good to do this, though, to be defensive.
* Shared/RemoteLayerTree/RemoteLayerBackingStore.mm:
(WebKit::RemoteLayerBackingStore::encode const):
* WebProcess/GPU/graphics/RemoteImageBufferProxy.h:
(WebKit::RemoteImageBufferProxy::createImageBufferBackendHandle):
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (285087 => 285088)
--- trunk/Source/WebKit/ChangeLog 2021-10-31 02:24:17 UTC (rev 285087)
+++ trunk/Source/WebKit/ChangeLog 2021-10-31 02:37:24 UTC (rev 285088)
@@ -1,5 +1,23 @@
2021-10-30 Myles C. Maxfield <mmaxfi...@apple.com>
+ Web process shouldn't crash if ImageBuffer::ensureBackendCreated() fails
+ https://bugs.webkit.org/show_bug.cgi?id=232520
+ <rdar://problem/84829717>
+
+ Reviewed by Simon Fraser.
+
+ Guard against the possibility of it returning null.
+
+ No new tests because there shouldn't be any behavior change after https://bugs.webkit.org/show_bug.cgi?id=232470.
+ It's still good to do this, though, to be defensive.
+
+ * Shared/RemoteLayerTree/RemoteLayerBackingStore.mm:
+ (WebKit::RemoteLayerBackingStore::encode const):
+ * WebProcess/GPU/graphics/RemoteImageBufferProxy.h:
+ (WebKit::RemoteImageBufferProxy::createImageBufferBackendHandle):
+
+2021-10-30 Myles C. Maxfield <mmaxfi...@apple.com>
+
[GPU Process] Small ImageBuffers cause the web process to crash
https://bugs.webkit.org/show_bug.cgi?id=232470
<rdar://problem/84626560>
Modified: trunk/Source/WebKit/Shared/RemoteLayerTree/RemoteLayerBackingStore.mm (285087 => 285088)
--- trunk/Source/WebKit/Shared/RemoteLayerTree/RemoteLayerBackingStore.mm 2021-10-31 02:24:17 UTC (rev 285087)
+++ trunk/Source/WebKit/Shared/RemoteLayerTree/RemoteLayerBackingStore.mm 2021-10-31 02:37:24 UTC (rev 285088)
@@ -117,13 +117,16 @@
if (m_frontBuffer.imageBuffer) {
switch (m_type) {
case Type::IOSurface:
- if (m_frontBuffer.imageBuffer->canMapBackingStore())
- handle = static_cast<AcceleratedImageBufferShareableMappedBackend&>(*m_frontBuffer.imageBuffer->ensureBackendCreated()).createImageBufferBackendHandle();
- else
- handle = static_cast<AcceleratedImageBufferShareableBackend&>(*m_frontBuffer.imageBuffer->ensureBackendCreated()).createImageBufferBackendHandle();
+ if (auto* backend = m_frontBuffer.imageBuffer->ensureBackendCreated()) {
+ if (m_frontBuffer.imageBuffer->canMapBackingStore())
+ handle = static_cast<AcceleratedImageBufferShareableMappedBackend&>(*backend).createImageBufferBackendHandle();
+ else
+ handle = static_cast<AcceleratedImageBufferShareableBackend&>(*backend).createImageBufferBackendHandle();
+ }
break;
case Type::Bitmap:
- handle = static_cast<UnacceleratedImageBufferShareableBackend&>(*m_frontBuffer.imageBuffer->ensureBackendCreated()).createImageBufferBackendHandle();
+ if (auto* backend = m_frontBuffer.imageBuffer->ensureBackendCreated())
+ handle = static_cast<UnacceleratedImageBufferShareableBackend&>(*backend).createImageBufferBackendHandle();
break;
}
}
@@ -132,8 +135,10 @@
#if ENABLE(CG_DISPLAY_LIST_BACKED_IMAGE_BUFFER)
std::optional<ImageBufferBackendHandle> displayListHandle;
- if (m_frontBuffer.displayListImageBuffer)
- displayListHandle = static_cast<CGDisplayListImageBufferBackend&>(*m_frontBuffer.displayListImageBuffer->ensureBackendCreated()).createImageBufferBackendHandle();
+ if (m_frontBuffer.displayListImageBuffer) {
+ if (auto* backend = m_frontBuffer.displayListImageBuffer->ensureBackendCreated())
+ displayListHandle = static_cast<CGDisplayListImageBufferBackend&>(*backend).createImageBufferBackendHandle();
+ }
encoder << displayListHandle;
#endif
Modified: trunk/Source/WebKit/WebProcess/GPU/graphics/RemoteImageBufferProxy.h (285087 => 285088)
--- trunk/Source/WebKit/WebProcess/GPU/graphics/RemoteImageBufferProxy.h 2021-10-31 02:24:17 UTC (rev 285087)
+++ trunk/Source/WebKit/WebProcess/GPU/graphics/RemoteImageBufferProxy.h 2021-10-31 02:37:24 UTC (rev 285088)
@@ -75,8 +75,9 @@
ImageBufferBackendHandle createImageBufferBackendHandle()
{
- ensureBackendCreated();
- return m_backend->createImageBufferBackendHandle();
+ if (ensureBackendCreated())
+ return m_backend->createImageBufferBackendHandle();
+ return { };
}
WebCore::GraphicsContextFlushIdentifier lastSentFlushIdentifier() const { return m_sentFlushIdentifier; }
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
