Changeset 208881 in webkit


Ignore:
Timestamp:
Nov 17, 2016 11:25:42 PM (7 years ago)
Author:
Carlos Garcia Campos
Message:

REGRESSION(r208511): ImageDecoders: Crash decoding GIF images since r208511
https://bugs.webkit.org/show_bug.cgi?id=164864

Reviewed by Simon Fraser.

This happens sometimes since r208511 because the same decoder is used by more than one thread at the same
time and the decoders are not thread-safe. Several methods in ImageDecoder need to decode partially the image,
so it's possible that one method calls frameBufferAtIndex at the same times as createFrameImageAtIndex that now
can be called from the image decoder thread. Use a Lock in ImageDecoder to protect calls to frameBufferAtIndex.

  • platform/image-decoders/ImageDecoder.cpp:

(WebCore::ImageDecoder::frameIsCompleteAtIndex):
(WebCore::ImageDecoder::frameDurationAtIndex):
(WebCore::ImageDecoder::createFrameImageAtIndex):

  • platform/image-decoders/ImageDecoder.h:
Location:
trunk/Source/WebCore
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebCore/ChangeLog

    r208878 r208881  
     12016-11-17  Carlos Garcia Campos  <cgarcia@igalia.com>
     2
     3        REGRESSION(r208511): ImageDecoders: Crash decoding GIF images since r208511
     4        https://bugs.webkit.org/show_bug.cgi?id=164864
     5
     6        Reviewed by Simon Fraser.
     7
     8        This happens sometimes since r208511 because the same decoder is used by more than one thread at the same
     9        time and the decoders are not thread-safe. Several methods in ImageDecoder need to decode partially the image,
     10        so it's possible that one method calls frameBufferAtIndex at the same times as createFrameImageAtIndex that now
     11        can be called from the image decoder thread. Use a Lock in ImageDecoder to protect calls to frameBufferAtIndex.
     12
     13        * platform/image-decoders/ImageDecoder.cpp:
     14        (WebCore::ImageDecoder::frameIsCompleteAtIndex):
     15        (WebCore::ImageDecoder::frameDurationAtIndex):
     16        (WebCore::ImageDecoder::createFrameImageAtIndex):
     17        * platform/image-decoders/ImageDecoder.h:
     18
    1192016-11-17  Ryosuke Niwa  <rniwa@webkit.org>
    220
  • trunk/Source/WebCore/platform/image-decoders/ImageDecoder.cpp

    r207708 r208881  
    171171bool ImageDecoder::frameIsCompleteAtIndex(size_t index)
    172172{
     173    LockHolder locker(m_lock);
    173174    ImageFrame* buffer = frameBufferAtIndex(index);
    174175    return buffer && buffer->isComplete();
     
    194195float ImageDecoder::frameDurationAtIndex(size_t index)
    195196{
     197    LockHolder locker(m_lock);
    196198    ImageFrame* buffer = frameBufferAtIndex(index);
    197199    if (!buffer || buffer->isEmpty())
     
    214216        return nullptr;
    215217
     218    LockHolder locker(m_lock);
    216219    ImageFrame* buffer = frameBufferAtIndex(index);
    217220    if (!buffer || buffer->isEmpty() || !buffer->hasBackingStore())
  • trunk/Source/WebCore/platform/image-decoders/ImageDecoder.h

    r207182 r208881  
    3535#include "SharedBuffer.h"
    3636#include <wtf/Assertions.h>
     37#include <wtf/Lock.h>
    3738#include <wtf/Optional.h>
    3839#include <wtf/RefPtr.h>
     
    215216        bool m_isAllDataReceived { false };
    216217        bool m_failed { false };
     218        Lock m_lock;
    217219    };
    218220
Note: See TracChangeset for help on using the changeset viewer.