Title: [171289] trunk/Source/WebCore
- Revision
- 171289
- Author
- [email protected]
- Date
- 2014-07-20 21:30:19 -0700 (Sun, 20 Jul 2014)
Log Message
Reduce the chances of a race condition when sharing SharedBuffer
https://bugs.webkit.org/show_bug.cgi?id=135060
<rdar://problem/17729444>
Reviewed by Darin Adler.
We currently pass a SharedBuffer wrapped in WebCoreSharedBufferData to ImageIO for image
decoding. This is not thread safe since ImageIO will access this buffer on a separate
thread. We access SharedBuffer::buffer() on the other thread which resizes the Vector
m_buffer if m_size is greater than the vector size. Since the code in SharedBuffer::append()
sets m_size before appending the data to the buffer, m_size is out of sync with the m_buffer
size for the entire duration of the Vector append which could be doing a lot of copying if
the resource is large. While this change does not fix the race condition, we can at least
reduce the chances of SharedBuffer::buffer() calling resize() by setting m_size after the
cector has finished appending.
No new tests because no functional changes.
* platform/SharedBuffer.cpp:
(WebCore::SharedBuffer::append):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (171288 => 171289)
--- trunk/Source/WebCore/ChangeLog 2014-07-21 03:08:25 UTC (rev 171288)
+++ trunk/Source/WebCore/ChangeLog 2014-07-21 04:30:19 UTC (rev 171289)
@@ -1,3 +1,26 @@
+2014-07-20 Pratik Solanki <[email protected]>
+
+ Reduce the chances of a race condition when sharing SharedBuffer
+ https://bugs.webkit.org/show_bug.cgi?id=135060
+ <rdar://problem/17729444>
+
+ Reviewed by Darin Adler.
+
+ We currently pass a SharedBuffer wrapped in WebCoreSharedBufferData to ImageIO for image
+ decoding. This is not thread safe since ImageIO will access this buffer on a separate
+ thread. We access SharedBuffer::buffer() on the other thread which resizes the Vector
+ m_buffer if m_size is greater than the vector size. Since the code in SharedBuffer::append()
+ sets m_size before appending the data to the buffer, m_size is out of sync with the m_buffer
+ size for the entire duration of the Vector append which could be doing a lot of copying if
+ the resource is large. While this change does not fix the race condition, we can at least
+ reduce the chances of SharedBuffer::buffer() calling resize() by setting m_size after the
+ cector has finished appending.
+
+ No new tests because no functional changes.
+
+ * platform/SharedBuffer.cpp:
+ (WebCore::SharedBuffer::append):
+
2014-07-20 Jeremy Jones <[email protected]>
Disable ff/rw based on canPlayFastForward and canPlayFastRewind.
Modified: trunk/Source/WebCore/platform/SharedBuffer.cpp (171288 => 171289)
--- trunk/Source/WebCore/platform/SharedBuffer.cpp 2014-07-21 03:08:25 UTC (rev 171288)
+++ trunk/Source/WebCore/platform/SharedBuffer.cpp 2014-07-21 04:30:19 UTC (rev 171289)
@@ -356,10 +356,10 @@
bytesToCopy = std::min(length, segmentSize);
}
#else
- m_size += length;
if (m_buffer.isEmpty())
m_buffer.reserveInitialCapacity(length);
m_buffer.append(data, length);
+ m_size += length;
#endif
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
