Changeset 224017 in webkit

Timestamp:

Oct 26, 2017 6:14:00 AM (7 years ago)

Author:

Carlos Garcia Campos

Message:

[GTK][Stable] Crash on WebCore::SharedBuffer::data() on 2.18.1
​https://bugs.webkit.org/show_bug.cgi?id=178852

Reviewed by Carlos Garcia Campos.

Add a mutex to control that the image decoders are not used at the same
time from the main thread and the decoding thread.

Backport of the fix to ​https://bugs.webkit.org/show_bug.cgi?id=178510
created by Fujii Hironori <Fujii Hironori>.

Covered by existent tests.

• platform/image-decoders/ImageDecoder.cpp:

(WebCore::ImageDecoder::frameIsCompleteAtIndex):
(WebCore::ImageDecoder::frameHasAlphaAtIndex const):
(WebCore::ImageDecoder::frameBytesAtIndex const):
(WebCore::ImageDecoder::frameDurationAtIndex):
(WebCore::ImageDecoder::createFrameImageAtIndex):

• platform/image-decoders/ImageDecoder.h:

(WebCore::ImageDecoder::setData):

Location:

releases/WebKitGTK/webkit-2.18/Source/WebCore

Files:

• ChangeLog (modified) (1 diff)
• platform/image-decoders/ImageDecoder.cpp (modified) (5 diffs)
• platform/image-decoders/ImageDecoder.h (modified) (3 diffs)

releases/WebKitGTK/webkit-2.18/Source/WebCore/ChangeLog

@@ +1 @@
+2017-10-26  Carlos Garcia Campos  <cgarcia@igalia.com>
+
+        [GTK][Stable] Crash on WebCore::SharedBuffer::data() on 2.18.1
+        https://bugs.webkit.org/show_bug.cgi?id=178852
+
+        Reviewed by Carlos Garcia Campos.
+
+        Add a mutex to control that the image decoders are not used at the same
+        time from the main thread and the decoding thread.
+
+        Backport of the fix to https://bugs.webkit.org/show_bug.cgi?id=178510
+        created by Fujii Hironori <Hironori.Fujii@sony.com>.
+
+        Covered by existent tests.
+
+        * platform/image-decoders/ImageDecoder.cpp:
+        (WebCore::ImageDecoder::frameIsCompleteAtIndex):
+        (WebCore::ImageDecoder::frameHasAlphaAtIndex const):
+        (WebCore::ImageDecoder::frameBytesAtIndex const):
+        (WebCore::ImageDecoder::frameDurationAtIndex):
+        (WebCore::ImageDecoder::createFrameImageAtIndex):
+        * platform/image-decoders/ImageDecoder.h:
+        (WebCore::ImageDecoder::setData):
+
 2017-10-26  Carlos Garcia Campos  <cgarcia@igalia.com>
 

releases/WebKitGTK/webkit-2.18/Source/WebCore/platform/image-decoders/ImageDecoder.cpp

@@ -173 +173 @@
 bool ImageDecoder::frameIsCompleteAtIndex(size_t index)
 {
+    LockHolder lockHolder(m_mutex);
     ImageFrame* buffer = frameBufferAtIndex(index);
     return buffer && buffer->isComplete();
@@ -179 +180 @@
 bool ImageDecoder::frameHasAlphaAtIndex(size_t index) const
 {
+    LockHolder lockHolder(m_mutex);
     if (m_frameBufferCache.size() <= index)
         return true;
@@ -188 +190 @@
 unsigned ImageDecoder::frameBytesAtIndex(size_t index) const
 {
+    LockHolder lockHolder(m_mutex);
     if (m_frameBufferCache.size() <= index)
         return 0;
@@ -196 +199 @@
 float ImageDecoder::frameDurationAtIndex(size_t index)
 {
+    LockHolder lockHolder(m_mutex);
     ImageFrame* buffer = frameBufferAtIndex(index);
     if (!buffer || buffer->isInvalid())
@@ -212 +216 @@
 NativeImagePtr ImageDecoder::createFrameImageAtIndex(size_t index, SubsamplingLevel, const DecodingOptions&)
 {
+    LockHolder lockHolder(m_mutex);
     // Zero-height images can cause problems for some ports. If we have an empty image dimension, just bail.
     if (size().isEmpty())

releases/WebKitGTK/webkit-2.18/Source/WebCore/platform/image-decoders/ImageDecoder.h

@@ -34 +34 @@
 #include "SharedBuffer.h"
 #include <wtf/Assertions.h>
+#include <wtf/Lock.h>
 #include <wtf/Optional.h>
 #include <wtf/RefPtr.h>
@@ -76 +77 @@
     virtual void setData(SharedBuffer& data, bool allDataReceived)
     {
+        LockHolder lockHolder(m_mutex);
         if (m_encodedDataStatus == EncodedDataStatus::Error)
             return;
@@ -209 +211 @@
     RefPtr<SharedBuffer> m_data; // The encoded data.
     Vector<ImageFrame, 1> m_frameBufferCache;
+    mutable Lock m_mutex;
     bool m_scaled { false };
     Vector<int> m_scaledColumns;