Changeset 231300 in webkit


Ignore:
Timestamp:
May 3, 2018 3:17:02 AM (5 years ago)
Author:
magomez@igalia.com
Message:

WebCore::TextureMapperLayer object used after freed
https://bugs.webkit.org/show_bug.cgi?id=184729

Reviewed by Michael Catanzaro.

Replace the raw pointers with WeakPtr for effectTarget, maskLayer and replicaLayer
inside TextureMapperLayer.

  • platform/graphics/texmap/TextureMapperLayer.cpp:

(WebCore::TextureMapperLayer::~TextureMapperLayer):
(WebCore::TextureMapperLayer::setMaskLayer):
(WebCore::TextureMapperLayer::setReplicaLayer):

  • platform/graphics/texmap/TextureMapperLayer.h:
Location:
trunk/Source/WebCore
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebCore/ChangeLog

    r231297 r231300  
     12018-05-03  Miguel Gomez  <magomez@igalia.com>
     2
     3        WebCore::TextureMapperLayer object used after freed
     4        https://bugs.webkit.org/show_bug.cgi?id=184729
     5
     6        Reviewed by Michael Catanzaro.
     7
     8        Replace the raw pointers with WeakPtr for effectTarget, maskLayer and replicaLayer
     9        inside TextureMapperLayer.
     10
     11        * platform/graphics/texmap/TextureMapperLayer.cpp:
     12        (WebCore::TextureMapperLayer::~TextureMapperLayer):
     13        (WebCore::TextureMapperLayer::setMaskLayer):
     14        (WebCore::TextureMapperLayer::setReplicaLayer):
     15        * platform/graphics/texmap/TextureMapperLayer.h:
     16
    1172018-05-03  Basuke Suzuki  <Basuke.Suzuki@sony.com>
    218
  • trunk/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp

    r230955 r231300  
    4949
    5050    removeFromParent();
    51 
    52     if (m_effectTarget) {
    53         if (m_effectTarget->m_state.maskLayer == this)
    54             m_effectTarget->m_state.maskLayer = nullptr;
    55         if (m_effectTarget->m_state.replicaLayer == this)
    56             m_effectTarget->m_state.replicaLayer = nullptr;
    57     }
    5851}
    5952
     
    502495void TextureMapperLayer::setMaskLayer(TextureMapperLayer* maskLayer)
    503496{
    504     if (maskLayer)
    505         maskLayer->m_effectTarget = this;
    506     m_state.maskLayer = maskLayer;
     497    if (maskLayer) {
     498        maskLayer->m_effectTarget = createWeakPtr();
     499        m_state.maskLayer = maskLayer->createWeakPtr();
     500    } else
     501        m_state.maskLayer = nullptr;
    507502}
    508503
    509504void TextureMapperLayer::setReplicaLayer(TextureMapperLayer* replicaLayer)
    510505{
    511     if (replicaLayer)
    512         replicaLayer->m_effectTarget = this;
    513     m_state.replicaLayer = replicaLayer;
     506    if (replicaLayer) {
     507        replicaLayer->m_effectTarget = createWeakPtr();
     508        m_state.replicaLayer = replicaLayer->createWeakPtr();
     509    } else
     510        m_state.replicaLayer = nullptr;
    514511}
    515512
  • trunk/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.h

    r230991 r231300  
    2626#include "TextureMapperAnimation.h"
    2727#include "TextureMapperBackingStore.h"
     28#include <wtf/WeakPtr.h>
    2829
    2930namespace WebCore {
     
    4041    TextureMapperLayer();
    4142    virtual ~TextureMapperLayer();
     43    WeakPtr<TextureMapperLayer> createWeakPtr() { return m_weakFactory.createWeakPtr(*this); }
    4244
    4345    void setID(uint32_t id) { m_id = id; }
     
    140142    }
    141143
     144    WeakPtrFactory<TextureMapperLayer> m_weakFactory;
    142145    Vector<TextureMapperLayer*> m_children;
    143146    TextureMapperLayer* m_parent { nullptr };
    144     TextureMapperLayer* m_effectTarget { nullptr };
     147    WeakPtr<TextureMapperLayer> m_effectTarget;
    145148    TextureMapperBackingStore* m_backingStore { nullptr };
    146149    TextureMapperPlatformLayer* m_contentsLayer { nullptr };
     
    159162        FloatSize contentsTileSize;
    160163        FloatSize contentsTilePhase;
    161         TextureMapperLayer* maskLayer;
    162         TextureMapperLayer* replicaLayer;
     164        WeakPtr<TextureMapperLayer> maskLayer;
     165        WeakPtr<TextureMapperLayer> replicaLayer;
    163166        Color solidColor;
    164167        FilterOperations filters;
     
    180183            : anchorPoint(0.5, 0.5, 0)
    181184            , opacity(1)
    182             , maskLayer(0)
    183             , replicaLayer(0)
    184185            , debugBorderWidth(0)
    185186            , repaintCount(0)
Note: See TracChangeset for help on using the changeset viewer.