Changeset 163103 in webkit

Timestamp:

Jan 30, 2014 12:57:32 PM (10 years ago)

Author:

commit-queue@webkit.org

Message:

Crash in RemoteLayerBackingStore::encode when m_frontBuffer is nullptr.
​https://bugs.webkit.org/show_bug.cgi?id=127756

Patch by Jeremy Jones <​jeremyj@apple.com> on 2014-01-30
Reviewed by Jer Noble.

Don't encode RemoteLayerBackingStore when it has no front buffer.

• Shared/mac/RemoteLayerBackingStore.h:

(WebKit::RemoteLayerBackingStore::hasFrontBuffer):

• Shared/mac/RemoteLayerTreeTransaction.mm:

(WebKit::RemoteLayerTreeTransaction::LayerProperties::encode):
(WebKit::RemoteLayerTreeTransaction::LayerProperties::decode):

Location:

trunk/Source/WebKit2

Files:

• ChangeLog (modified) (1 diff)
• Shared/mac/RemoteLayerBackingStore.h (modified) (2 diffs)
• Shared/mac/RemoteLayerTreeTransaction.mm (modified) (2 diffs)

trunk/Source/WebKit2/ChangeLog

@@ +1 @@
+2014-01-30  Jeremy Jones  <jeremyj@apple.com>
+
+        Crash in RemoteLayerBackingStore::encode when m_frontBuffer is nullptr.
+        https://bugs.webkit.org/show_bug.cgi?id=127756
+
+        Reviewed by Jer Noble.
+
+        Don't encode RemoteLayerBackingStore when it has no front buffer.
+
+        * Shared/mac/RemoteLayerBackingStore.h:
+        (WebKit::RemoteLayerBackingStore::hasFrontBuffer):
+        * Shared/mac/RemoteLayerTreeTransaction.mm:
+        (WebKit::RemoteLayerTreeTransaction::LayerProperties::encode):
+        (WebKit::RemoteLayerTreeTransaction::LayerProperties::decode):
+
 2014-01-30  Mark Rowe  <mrowe@apple.com>
 

trunk/Source/WebKit2/Shared/mac/RemoteLayerBackingStore.h

@@ -70 +70 @@
     void enumerateRectsBeingDrawn(CGContextRef, void (^)(CGRect));
 
-private:
-    bool hasFrontBuffer()
+    bool hasFrontBuffer() const
     {
 #if USE(IOSURFACE)
@@ -79 +78 @@
         return !!m_frontBuffer;
     }
+private:
 
     void drawInContext(WebCore::GraphicsContext&, CGImageRef frontImage);

trunk/Source/WebKit2/Shared/mac/RemoteLayerTreeTransaction.mm

@@ -168 +168 @@
         encoder << timeOffset;
 
-    if (changedProperties & BackingStoreChanged)
-        encoder << backingStore;
+    if (changedProperties & BackingStoreChanged) {
+        encoder << backingStore.hasFrontBuffer();
+        if (backingStore.hasFrontBuffer())
+            encoder << backingStore;
+    }
 
     if (changedProperties & FiltersChanged)
@@ -307 +310 @@
 
     if (result.changedProperties & BackingStoreChanged) {
-        if (!decoder.decode(result.backingStore))
+        bool hasFrontBuffer = false;
+        if (!decoder.decode(hasFrontBuffer))
+            return false;
+        if (hasFrontBuffer && !decoder.decode(result.backingStore))
             return false;
     }