Changeset 206019 in webkit


Ignore:
Timestamp:
Sep 16, 2016 2:59:52 AM (8 years ago)
Author:
Carlos Garcia Campos
Message:

[TextureMapper] Scrolling through 01.org/dleyna crashes WebKitWebProcess
https://bugs.webkit.org/show_bug.cgi?id=162020

Reviewed by Žan Doberšek.

The problem is that we are trying to clone a ReferenceFilterOperation, which is not expected to be cloned, from
FilterAnimationValue copy constructor, and FilterOperations are never expected to be nullptr, so we end up
crashing. We just need to validate the filters before setting then and before creating a TextureMapperAnimation
for them.

  • platform/graphics/texmap/GraphicsLayerTextureMapper.cpp:

(WebCore::GraphicsLayerTextureMapper::filtersCanBeComposited): Return false if there are reference filters or no
filters at all. I don't know if we really support other filters, but at least we won't crash for the others.
(WebCore::GraphicsLayerTextureMapper::addAnimation): Check if filters can be composited before creating a
TextureMapperAnimation.
(WebCore::GraphicsLayerTextureMapper::setFilters): Check if filters can be composited before setting them.

  • platform/graphics/texmap/GraphicsLayerTextureMapper.h:
  • platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:

(WebCore::CoordinatedGraphicsLayer::filtersCanBeComposited): Return false if there are reference filters or no
filters at all. I don't know if we really support other filters, but at least we won't crash for the others.
(WebCore::CoordinatedGraphicsLayer::setFilters): Check if filters can be composited before setting them.
(WebCore::CoordinatedGraphicsLayer::addAnimation): Check if filters can be composited before creating a
TextureMapperAnimation.

  • platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
Location:
trunk/Source/WebCore
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebCore/ChangeLog

    r206017 r206019  
     12016-09-16  Carlos Garcia Campos  <cgarcia@igalia.com>
     2
     3        [TextureMapper] Scrolling through 01.org/dleyna crashes WebKitWebProcess
     4        https://bugs.webkit.org/show_bug.cgi?id=162020
     5
     6        Reviewed by Žan Doberšek.
     7
     8        The problem is that we are trying to clone a ReferenceFilterOperation, which is not expected to be cloned, from
     9        FilterAnimationValue copy constructor, and FilterOperations are never expected to be nullptr, so we end up
     10        crashing. We just need to validate the filters before setting then and before creating a TextureMapperAnimation
     11        for them.
     12
     13        * platform/graphics/texmap/GraphicsLayerTextureMapper.cpp:
     14        (WebCore::GraphicsLayerTextureMapper::filtersCanBeComposited): Return false if there are reference filters or no
     15        filters at all. I don't know if we really support other filters, but at least we won't crash for the others.
     16        (WebCore::GraphicsLayerTextureMapper::addAnimation): Check if filters can be composited before creating a
     17        TextureMapperAnimation.
     18        (WebCore::GraphicsLayerTextureMapper::setFilters): Check if filters can be composited before setting them.
     19        * platform/graphics/texmap/GraphicsLayerTextureMapper.h:
     20        * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
     21        (WebCore::CoordinatedGraphicsLayer::filtersCanBeComposited): Return false if there are reference filters or no
     22        filters at all. I don't know if we really support other filters, but at least we won't crash for the others.
     23        (WebCore::CoordinatedGraphicsLayer::setFilters): Check if filters can be composited before setting them.
     24        (WebCore::CoordinatedGraphicsLayer::addAnimation): Check if filters can be composited before creating a
     25        TextureMapperAnimation.
     26        * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
     27
    1282016-09-16  Youenn Fablet  <youenn@apple.com>
    229
  • trunk/Source/WebCore/platform/graphics/texmap/GraphicsLayerTextureMapper.cpp

    r198735 r206019  
    561561}
    562562
     563bool GraphicsLayerTextureMapper::filtersCanBeComposited(const FilterOperations& filters) const
     564{
     565    if (!filters.size())
     566        return false;
     567
     568    for (const auto& filterOperation : filters.operations()) {
     569        if (filterOperation->type() == FilterOperation::REFERENCE)
     570            return false;
     571    }
     572
     573    return true;
     574}
     575
    563576bool GraphicsLayerTextureMapper::addAnimation(const KeyframeValueList& valueList, const FloatSize& boxSize, const Animation* anim, const String& keyframesName, double timeOffset)
    564577{
     
    567580    if (!anim || anim->isEmptyOrZeroDuration() || valueList.size() < 2 || (valueList.property() != AnimatedPropertyTransform && valueList.property() != AnimatedPropertyOpacity))
    568581        return false;
     582
     583    if (valueList.property() == AnimatedPropertyFilter) {
     584        int listIndex = validateFilterOperations(valueList);
     585        if (listIndex < 0)
     586            return false;
     587
     588        const auto& filters = static_cast<const FilterAnimationValue&>(valueList.at(listIndex)).value();
     589        if (!filtersCanBeComposited(filters))
     590            return false;
     591    }
    569592
    570593    bool listsMatch = false;
     
    605628bool GraphicsLayerTextureMapper::setFilters(const FilterOperations& filters)
    606629{
    607     TextureMapper* textureMapper = m_layer.textureMapper();
    608     if (!textureMapper)
     630    if (!m_layer.textureMapper())
    609631        return false;
    610     notifyChange(FilterChange);
    611     return GraphicsLayer::setFilters(filters);
     632
     633    bool canCompositeFilters = filtersCanBeComposited(filters);
     634    if (GraphicsLayer::filters() == filters)
     635        return canCompositeFilters;
     636
     637    if (canCompositeFilters) {
     638        if (!GraphicsLayer::setFilters(filters))
     639            return false;
     640        notifyChange(FilterChange);
     641    } else if (GraphicsLayer::filters().size()) {
     642        clearFilters();
     643        notifyChange(FilterChange);
     644    }
     645
     646    return canCompositeFilters;
    612647}
    613648
  • trunk/Source/WebCore/platform/graphics/texmap/GraphicsLayerTextureMapper.h

    r198735 r206019  
    118118    bool shouldHaveBackingStore() const;
    119119
     120    bool filtersCanBeComposited(const FilterOperations&) const;
     121
    120122    // This set of flags help us defer which properties of the layer have been
    121123    // modified by the compositor, so we can know what to look for in the next flush.
  • trunk/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp

    r204466 r206019  
    427427}
    428428
     429bool CoordinatedGraphicsLayer::filtersCanBeComposited(const FilterOperations& filters) const
     430{
     431    if (!filters.size())
     432        return false;
     433
     434    for (const auto& filterOperation : filters.operations()) {
     435        if (filterOperation->type() == FilterOperation::REFERENCE)
     436            return false;
     437    }
     438
     439    return true;
     440}
     441
    429442bool CoordinatedGraphicsLayer::setFilters(const FilterOperations& newFilters)
    430443{
     444    bool canCompositeFilters = filtersCanBeComposited(newFilters);
    431445    if (filters() == newFilters)
    432         return true;
    433 
    434     if (!GraphicsLayer::setFilters(newFilters))
    435         return false;
    436 
    437     didChangeFilters();
    438     return true;
     446        return canCompositeFilters;
     447
     448    if (canCompositeFilters) {
     449        if (!GraphicsLayer::setFilters(newFilters))
     450            return false;
     451        didChangeFilters();
     452    } else if (filters().size()) {
     453        clearFilters();
     454        didChangeFilters();
     455    }
     456
     457    return canCompositeFilters;
    439458}
    440459
     
    11641183        return false;
    11651184
     1185    if (valueList.property() == AnimatedPropertyFilter) {
     1186        int listIndex = validateFilterOperations(valueList);
     1187        if (listIndex < 0)
     1188            return false;
     1189
     1190        const auto& filters = static_cast<const FilterAnimationValue&>(valueList.at(listIndex)).value();
     1191        if (!filtersCanBeComposited(filters))
     1192            return false;
     1193    }
     1194
    11661195    bool listsMatch = false;
    11671196    bool ignoredHasBigRotation;
  • trunk/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h

    r203678 r206019  
    208208    void animationStartedTimerFired();
    209209
     210    bool filtersCanBeComposited(const FilterOperations&) const;
     211
    210212    CoordinatedLayerID m_id;
    211213    CoordinatedGraphicsLayerState m_layerState;
Note: See TracChangeset for help on using the changeset viewer.