Skip to site navigation (Press enter)

[webkit-changes] [172828] trunk

vjaquez Thu, 21 Aug 2014 03:51:20 -0700

Title: [172828] trunk

Revision: 172828
Author: [email protected]
Date: 2014-08-21 03:51:03 -0700 (Thu, 21 Aug 2014)

Log Message

[GTK] WebkitWebProcess crashing navigating away from ogg video element
https://bugs.webkit.org/show_bug.cgi?id=135348


Reviewed by Philippe Normand.

Source/WebCore:

Let GraphicsLayerTextureMapper know it needs to detach the platform
layer when a MediaPlayerPrivateGStreamerBase is destroyed.

No new test since media/restore-from-page-cache.html covers it.

* platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
(WebCore::MediaPlayerPrivateGStreamerBase::~MediaPlayerPrivateGStreamerBase):

Source/WebKit2:

When a page is cached, by default doesn't recreate the backing store
(an optimization added in r89316).

Not all the ports uses that optimization. For example IOS port doesn't
use it (r161185).

In the case of the GTK port, the MediaPlayerPrivateGStreamer, not only
processes video buffers, also display them, because it is a
TextureMapperPlatformLayer too.

Nevertheless, in r153937, when a page is cached, the player is
destroyed. But our player has a backing store and the render tree
doesn't know that the player has gone. Hence, when the page is redraw,
the TextureMapper tree visits the video element, which doesn't exist
anymore, a segmentation fault occurs.

So, as our media player renders, and as we cannot trust that the
player exists when a page is painted, we cannot rely in the r89316
optimization.

Disabling the backing stores optimization fixes the problem.

Covered by existing tests.

* WebProcess/soup/WebProcessSoup.cpp:
(WebKit::WebProcess::platformSetCacheModel): Enable the backing store
clearing when page caching for GTK.

LayoutTests:

* platform/gtk/TestExpectations: Enable
media/restore-from-page-cache.html,
plugins/netscape-plugin-page-cache-works.html and
animations/resume-after-page-cache.html. They should pass correctly.
Skip compositing/iframes/page-cache-layer-tree.html since we disable
that optimization.

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/LayoutTests/platform/gtk/TestExpectations
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp
trunk/Source/WebKit2/ChangeLog
trunk/Source/WebKit2/WebProcess/soup/WebProcessSoup.cpp

Diff

Modified: trunk/LayoutTests/ChangeLog (172827 => 172828)


--- trunk/LayoutTests/ChangeLog	2014-08-21 09:32:35 UTC (rev 172827)
+++ trunk/LayoutTests/ChangeLog	2014-08-21 10:51:03 UTC (rev 172828)
@@ -1,3 +1,17 @@
+2014-08-21  Víctor Manuel Jáquez Leal  <[email protected]>
+
+        [GTK] WebkitWebProcess crashing navigating away from ogg video element
+        https://bugs.webkit.org/show_bug.cgi?id=135348
+
+        Reviewed by Philippe Normand.
+
+        * platform/gtk/TestExpectations: Enable
+        media/restore-from-page-cache.html,
+        plugins/netscape-plugin-page-cache-works.html and
+        animations/resume-after-page-cache.html. They should pass correctly.
+        Skip compositing/iframes/page-cache-layer-tree.html since we disable
+        that optimization.
+
 2014-08-21  Shivakumar JM  <[email protected]>
 
         [EFL][WK2] Websocket Layout Tests passed in latest build.

Modified: trunk/LayoutTests/platform/gtk/TestExpectations (172827 => 172828)


--- trunk/LayoutTests/platform/gtk/TestExpectations	2014-08-21 09:32:35 UTC (rev 172827)
+++ trunk/LayoutTests/platform/gtk/TestExpectations	2014-08-21 10:51:03 UTC (rev 172828)
@@ -580,8 +580,6 @@
 webkit.org/b/89650 [ Debug ] svg/W3C-SVG-1.1/animate-elem-85-t.svg [ Failure Pass ]
 webkit.org/b/89650 svg/W3C-SVG-1.1/struct-dom-06-b.svg [ Failure Pass ]
 
-webkit.org/b/80158 plugins/netscape-plugin-page-cache-works.html [ Failure Pass ]
-
 webkit.org/b/89811 media/media-blocked-by-beforeload.html [ Failure Pass ]
 webkit.org/b/84856 media/media-controller-playback.html [ Crash Failure Timeout Pass ]
 
@@ -678,8 +676,6 @@
 
 webkit.org/b/119041 css3/calc/img-size.html [ ImageOnlyFailure Pass ]
 
-webkit.org/b/119042 animations/resume-after-page-cache.html [ Failure Pass Crash ]
-
 # These tests started to time out (or time out more often) since the FTL merge
 webkit.org/b/119253 [ Release ] css3/autoclose-braces-and-parentheses.html [ Timeout Pass ]
 webkit.org/b/119253 [ Debug ] js/dfg-osr-entry-hoisted-clobbered-structure-check.html [ Timeout Pass ]
@@ -2006,7 +2002,6 @@
 webkit.org/b/132126 media/track/track-cues-cuechange.html [ Timeout Pass ]
 webkit.org/b/132126 media/track/track-cues-enter-exit.html [ Timeout Pass ]
 webkit.org/b/132126 media/video-poster-background.html [ ImageOnlyFailure ]
-webkit.org/b/132126 media/restore-from-page-cache.html [ Crash ]
 
 webkit.org/b/132233 fast/regions/clip-to-padding-box-vertical-lr.html [ ImageOnlyFailure ]
 
@@ -2094,6 +2089,9 @@
 
 webkit.org/b/132421 fast/multicol/fixed-stack.html [ Pass ]
 
+# The backing store is cleared when page cached in GTK
+webkit.org/b/135348 compositing/iframes/page-cache-layer-tree.html [ Skip ]
+
 #////////////////////////////////////////////////////////////////////////////////////////
 # End of Tests failing
 #////////////////////////////////////////////////////////////////////////////////////////

Modified: trunk/Source/WebCore/ChangeLog (172827 => 172828)


--- trunk/Source/WebCore/ChangeLog	2014-08-21 09:32:35 UTC (rev 172827)
+++ trunk/Source/WebCore/ChangeLog	2014-08-21 10:51:03 UTC (rev 172828)
@@ -1,3 +1,18 @@
+2014-08-21  Víctor Manuel Jáquez Leal  <[email protected]>
+
+        [GTK] WebkitWebProcess crashing navigating away from ogg video element
+        https://bugs.webkit.org/show_bug.cgi?id=135348
+
+        Reviewed by Philippe Normand.
+
+        Let GraphicsLayerTextureMapper know it needs to detach the platform
+        layer when a MediaPlayerPrivateGStreamerBase is destroyed.
+
+        No new test since media/restore-from-page-cache.html covers it.
+
+        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
+        (WebCore::MediaPlayerPrivateGStreamerBase::~MediaPlayerPrivateGStreamerBase):
+
 2014-08-20  Benjamin Poulain  <[email protected]>
 
         CSS: Implement the :placeholder-shown pseudo-class from Selectors Level 4

Modified: trunk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp (172827 => 172828)


--- trunk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp	2014-08-21 09:32:35 UTC (rev 172827)
+++ trunk/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp	2014-08-21 10:51:03 UTC (rev 172828)
@@ -121,6 +121,11 @@
         g_signal_handler_disconnect(m_volumeElement.get(), m_muteSignalHandler);
         m_muteSignalHandler = 0;
     }
+
+#if USE(ACCELERATED_COMPOSITING) && USE(TEXTURE_MAPPER_GL) && !USE(COORDINATED_GRAPHICS)
+    if (client())
+        client()->platformLayerWillBeDestroyed();
+#endif
 }
 
 // Returns the size of the video

Modified: trunk/Source/WebKit2/ChangeLog (172827 => 172828)


--- trunk/Source/WebKit2/ChangeLog	2014-08-21 09:32:35 UTC (rev 172827)
+++ trunk/Source/WebKit2/ChangeLog	2014-08-21 10:51:03 UTC (rev 172828)
@@ -1,3 +1,38 @@
+2014-08-21  Víctor Manuel Jáquez Leal  <[email protected]>
+
+        [GTK] WebkitWebProcess crashing navigating away from ogg video element
+        https://bugs.webkit.org/show_bug.cgi?id=135348
+
+        Reviewed by Philippe Normand.
+
+        When a page is cached, by default doesn't recreate the backing store
+        (an optimization added in r89316).
+
+        Not all the ports uses that optimization. For example IOS port doesn't
+        use it (r161185).
+
+        In the case of the GTK port, the MediaPlayerPrivateGStreamer, not only
+        processes video buffers, also display them, because it is a
+        TextureMapperPlatformLayer too.
+
+        Nevertheless, in r153937, when a page is cached, the player is
+        destroyed. But our player has a backing store and the render tree
+        doesn't know that the player has gone. Hence, when the page is redraw,
+        the TextureMapper tree visits the video element, which doesn't exist
+        anymore, a segmentation fault occurs.
+
+        So, as our media player renders, and as we cannot trust that the
+        player exists when a page is painted, we cannot rely in the r89316
+        optimization.
+
+        Disabling the backing stores optimization fixes the problem.
+
+        Covered by existing tests.
+
+        * WebProcess/soup/WebProcessSoup.cpp:
+        (WebKit::WebProcess::platformSetCacheModel): Enable the backing store
+        clearing when page caching for GTK.
+
 2014-08-20  Alex Christensen  <[email protected]>
 
         Introducing WEBCORE_EXPORT macro.

Modified: trunk/Source/WebKit2/WebProcess/soup/WebProcessSoup.cpp (172827 => 172828)


--- trunk/Source/WebKit2/WebProcess/soup/WebProcessSoup.cpp	2014-08-21 09:32:35 UTC (rev 172827)
+++ trunk/Source/WebKit2/WebProcess/soup/WebProcessSoup.cpp	2014-08-21 10:51:03 UTC (rev 172828)
@@ -110,6 +110,10 @@
     WebCore::memoryCache()->setDeadDecodedDataDeletionInterval(deadDecodedDataDeletionInterval);
     WebCore::pageCache()->setCapacity(pageCacheCapacity);
 
+#if PLATFORM(GTK)
+    WebCore::pageCache()->setShouldClearBackingStores(true);
+#endif
+
     if (!usesNetworkProcess()) {
         if (urlCacheDiskCapacity > soup_cache_get_max_size(cache))
             soup_cache_set_max_size(cache, urlCacheDiskCapacity);

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes