Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: cf20d123b3b1aef8ba0ecfe83ee2b493e33f28e8
https://github.com/WebKit/WebKit/commit/cf20d123b3b1aef8ba0ecfe83ee2b493e33f28e8
Author: Mike Wyrzykowski <[email protected]>
Date: 2026-05-28 (Thu, 28 May 2026)
Changed paths:
M Source/WebCore/html/canvas/GPUCanvasContextCocoa.h
M Source/WebCore/html/canvas/GPUCanvasContextCocoa.mm
M Source/WebCore/platform/PlatformScreen.cpp
Log Message:
-----------
Concurrent HashMap access leads to MTE crashes
https://bugs.webkit.org/show_bug.cgi?id=308476
rdar://163967950
Reviewed by Gerald Squelart.
Calling WebCore::getScreenProperties from a worker thread and iterating
over the HashMap is unsafe, since the main thread might be simultaneously
mutating it.
Correct this by only calling WebCore::getScreenProperties on the main thread.
* Source/WebCore/html/canvas/GPUCanvasContextCocoa.h:
* Source/WebCore/html/canvas/GPUCanvasContextCocoa.mm:
(WebCore::GPUCanvasContextCocoa::updateHeadroomFromScreenProperties):
(WebCore::GPUCanvasContextCocoa::updateScreenHeadroomFromScreenPropertiesIfNeeded):
(WebCore::GPUCanvasContextCocoa::setDynamicRangeLimit):
(WebCore::GPUCanvasContextCocoa::surfaceBufferToImageBuffer):
(WebCore::GPUCanvasContextCocoa::updateScreenHeadroomFromScreenProperties):
Deleted.
* Source/WebCore/platform/PlatformScreen.cpp:
(WebCore::getScreenProperties):
Originally-landed-as: 305413.414@rapid/safari-7624.2.5.110-branch
(500da5401d26). rdar://176062075
Canonical link: https://commits.webkit.org/314107@main
Commit: 08911bd034c30613cc2a3b07c587138a7cf281ac
https://github.com/WebKit/WebKit/commit/08911bd034c30613cc2a3b07c587138a7cf281ac
Author: Mike Wyrzykowski <[email protected]>
Date: 2026-05-28 (Thu, 28 May 2026)
Changed paths:
M Source/WebCore/Modules/model-element/HTMLModelElement.cpp
M Source/WebCore/html/HTMLMediaElement.cpp
M Source/WebCore/html/canvas/GPUCanvasContextCocoa.mm
M Source/WebCore/platform/PlatformScreen.cpp
M Source/WebCore/platform/PlatformScreen.h
M Source/WebCore/platform/ScreenProperties.h
M Source/WebCore/platform/graphics/cocoa/VP9UtilitiesCocoa.mm
M Source/WebCore/platform/graphics/gstreamer/GStreamerRegistryScanner.cpp
M Source/WebCore/platform/gtk/PlatformScreenGtk.cpp
M Source/WebCore/platform/ios/PlatformScreenIOS.mm
M Source/WebCore/platform/mac/PlatformScreenMac.mm
M Source/WebCore/platform/wpe/PlatformScreenWPE.cpp
M Source/WebCore/testing/Internals.cpp
M Source/WebKit/UIProcess/API/glib/WebKitProtocolHandler.cpp
M Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm
M Source/WebKit/UIProcess/glib/ScreenManager.h
M Source/WebKit/UIProcess/gtk/ScreenManagerGtk.cpp
M Source/WebKit/UIProcess/wpe/ScreenManagerWPE.cpp
M Source/WebKit/WebProcess/Model/WebModelPlayer.mm
M Source/WebKit/WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm
M Source/WebKit/WebProcess/WebProcess.h
M Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm
M Source/WebKit/WebProcess/glib/WebProcessGLib.cpp
Log Message:
-----------
Concurrent HashMap access leads to MTE crashes
https://bugs.webkit.org/show_bug.cgi?id=308476
rdar://163967950
Reviewed by Kimmo Kinnunen.
Remove free-standing getScreenProperties() and screenData() functions
from PlatformScreen which allow accessing either the container or iterators
within a HashMap as it was discovered in #4632
that these functions may be called off the main thread.
Replace with a singleton that has CoW semantics and is resettable, so in the
case a seperate thread is accessing PlatformScreen, we will have two, or
potentially K,
PlatformScreen instances alive until the other threads release their ref counts.
* Source/WebCore/html/canvas/GPUCanvasContextCocoa.mm:
(WebCore::GPUCanvasContextCocoa::updateScreenHeadroomFromScreenProperties):
* Source/WebCore/platform/PlatformScreen.cpp:
(WebCore::platformScreenLock):
(WebCore::platformScreenInstance):
(WebCore::PlatformScreen::PlatformScreen):
(WebCore::PlatformScreen::create):
(WebCore::PlatformScreen::singleton):
(WebCore::PlatformScreen::screenData const):
(WebCore::PlatformScreen::primaryScreenDisplayID const):
(WebCore::PlatformScreen::screenProperties const):
(WebCore::PlatformScreen::screenContentsFormatsForTesting const):
(WebCore::PlatformScreen::updateSingletonProperties):
(WebCore::PlatformScreen::setScreenContentsFormatsForTesting):
(WebCore::screenProperties): Deleted.
(WebCore::getScreenProperties): Deleted.
(WebCore::primaryScreenDisplayID): Deleted.
(WebCore::setScreenProperties): Deleted.
(WebCore::screenData): Deleted.
(WebCore::setScreenContentsFormatsForTesting): Deleted.
(WebCore::screenContentsFormatsForTesting): Deleted.
* Source/WebCore/platform/PlatformScreen.h:
* Source/WebCore/platform/ScreenProperties.h:
* Source/WebCore/platform/graphics/cocoa/VP9UtilitiesCocoa.mm:
(WebCore::isVP9CodecConfigurationRecordSupported):
(WebCore::computeVPParameters):
* Source/WebCore/platform/graphics/gstreamer/GStreamerRegistryScanner.cpp:
(WebCore::GStreamerRegistryScanner::isConfigurationSupported const):
* Source/WebCore/platform/gtk/PlatformScreenGtk.cpp:
(WebCore::screenDepth):
(WebCore::screenDepthPerComponent):
(WebCore::fontDPI):
(WebCore::screenDPI):
(WebCore::screenRect):
(WebCore::screenAvailableRect):
* Source/WebCore/platform/ios/PlatformScreenIOS.mm:
(WebCore::screenHasInvertedColors):
(WebCore::screenSupportsExtendedColor):
(WebCore::screenSupportsHighDynamicRange):
(WebCore::currentEDRHeadroomForDisplay):
(WebCore::maxEDRHeadroomForDisplay):
(WebCore::suppressEDRForDisplay):
(WebCore::screenPPIFactor):
(WebCore::screenSize):
(WebCore::availableScreenSize):
* Source/WebCore/platform/mac/PlatformScreenMac.mm:
(WebCore::primaryOpenGLDisplayMask):
(WebCore::displayMaskForDisplay):
(WebCore::primaryGPUID):
(WebCore::gpuIDForDisplay):
(WebCore::screenIsMonochrome):
(WebCore::screenHasInvertedColors):
(WebCore::screenDepth):
(WebCore::screenDepthPerComponent):
(WebCore::screenRectForDisplay):
(WebCore::screenRectForPrimaryScreen):
(WebCore::currentEDRHeadroomForDisplay):
(WebCore::maxEDRHeadroomForDisplay):
(WebCore::suppressEDRForDisplay):
(WebCore::screenRect):
(WebCore::screenAvailableRect):
(WebCore::screenColorSpace):
(WebCore::screenSupportsExtendedColor):
(WebCore::screenSupportsHighDynamicRange):
(WebCore::preferredDynamicRangeMode):
(WebCore::toUserSpaceForPrimaryScreen):
(WebCore::screenProperties): Deleted.
* Source/WebCore/platform/wpe/PlatformScreenWPE.cpp:
(WebCore::screenDepth):
(WebCore::screenDepthPerComponent):
(WebCore::screenDPI):
(WebCore::screenRect):
(WebCore::screenAvailableRect):
* Source/WebCore/testing/Internals.cpp:
(WebCore::Internals::setScreenContentsFormatsForTesting):
(WebCore::Internals::primaryScreenDisplayID):
* Source/WebKit/UIProcess/gtk/ScreenManagerGtk.cpp:
(WebKit::ScreenManager::collectScreenProperties const):
* Source/WebKit/UIProcess/wpe/ScreenManagerWPE.cpp:
(WebKit::ScreenManager::collectScreenProperties const):
* Source/WebKit/WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm:
(WebKit::UnifiedPDFPlugin::scaleForActualSize const):
* Source/WebKit/WebProcess/WebProcess.h:
* Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm:
(WebKit::WebProcess::accessibilityFocusedUIElement):
* Source/WebKit/WebProcess/glib/WebProcessGLib.cpp:
(WebKit::WebProcess::platformInitializeWebProcess):
(WebKit::WebProcess::setScreenProperties):
Originally-landed-as: 305413.483@rapid/safari-7624.2.5.110-branch
(962438e00d35). rdar://176062075
Canonical link: https://commits.webkit.org/314108@main
Compare: https://github.com/WebKit/WebKit/compare/4422fd9cac0c...08911bd034c3
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
