Changeset 219861 in webkit


Ignore:
Timestamp:
Jul 24, 2017 11:39:30 PM (7 years ago)
Author:
Carlos Garcia Campos
Message:

[GTK] Icon database error and crash
https://bugs.webkit.org/show_bug.cgi?id=174760

Reviewed by Michael Catanzaro.

The crash is a debug ASSERT that happens when the IconRecord image is created in one thread and destroyed in
another one. IconDatabase creates and destroys IconRecord objects in both database and main thread. The
IconRecord is destroyed when the icon is no longer retained, and we only release icons when we fail to get the
image data (including pages that don't have a favicon). We can prevent this crash from happening if we ensure we
never create an Image for an IconRecord when the given image data is nullptr.

  • UIProcess/API/glib/IconDatabase.cpp:

(WebKit::IconDatabase::IconRecord::setImageData):

Location:
trunk/Source/WebKit
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit/ChangeLog

    r219855 r219861  
     12017-07-24  Carlos Garcia Campos  <cgarcia@igalia.com>
     2
     3        [GTK] Icon database error and crash
     4        https://bugs.webkit.org/show_bug.cgi?id=174760
     5
     6        Reviewed by Michael Catanzaro.
     7
     8        The crash is a debug ASSERT that happens when the IconRecord image is created in one thread and destroyed in
     9        another one. IconDatabase creates and destroys IconRecord objects in both database and main thread. The
     10        IconRecord is destroyed when the icon is no longer retained, and we only release icons when we fail to get the
     11        image data (including pages that don't have a favicon). We can prevent this crash from happening if we ensure we
     12        never create an Image for an IconRecord when the given image data is nullptr.
     13
     14        * UIProcess/API/glib/IconDatabase.cpp:
     15        (WebKit::IconDatabase::IconRecord::setImageData):
     16
    1172017-07-24  Chris Dumez  <cdumez@apple.com>
    218

  • trunk/Source/WebKit/UIProcess/API/glib/IconDatabase.cpp

    r219832 r219861  
    117117void IconDatabase::IconRecord::setImageData(RefPtr<SharedBuffer>&& data)
    118118{
     119    m_dataSet = true;
     120
    119121    // It's okay to delete the raw image here. Any existing clients using this icon will be
    120122    // managing an image that was created with a copy of this raw image data.
     123    if (!data->size()) {
     124        m_image = nullptr;
     125        return;
     126    }
     127
    121128    m_image = BitmapImage::create();
    122 
    123     // Copy the provided data into the buffer of the new Image object.
    124129    if (m_image->setData(WTFMove(data), true) < EncodedDataStatus::SizeAvailable) {
    125130        LOG(IconDatabase, "Manual image data for iconURL '%s' FAILED - it was probably invalid image data", m_iconURL.ascii().data());
    126131        m_image = nullptr;
    127132    }
    128 
    129     m_dataSet = true;
    130133}
    131134
Note: See TracChangeset for help on using the changeset viewer.