WebKit Bugzilla
Attachment 343594 Details for
Bug 179304
: [GTK] Many webpages can crash the browser in WebCore::CoordinatedGraphicsLayer::transformedVisibleRect
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-179304-20180626102445.patch (text/plain), 9.00 KB, created by
Miguel Gomez
on 2018-06-26 01:24:46 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Miguel Gomez
Created:
2018-06-26 01:24:46 PDT
Size:
9.00 KB
patch
obsolete
>Subversion Revision: 233192 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index e7623c788adec1e7390dbb9fc19824c187ceae92..e83df4ebe580ef8e90d26c9e90c4a0dabfc87298 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,23 @@ >+2018-06-26 Miguel Gomez <magomez@igalia.com> >+ >+ [GTK] Many webpages can crash the browser in WebCore::CoordinatedGraphicsLayer::transformedVisibleRect >+ https://bugs.webkit.org/show_bug.cgi?id=179304 >+ >+ Reviewed by Michael Catanzaro. >+ >+ When adding new CoordinatedGraphicsLayers to the tree, check that they have the appropriate >+ CompositingCoordinator. If that's not the case, set the appropriate one to the layer and its >+ children and set the state of those layers so they are rendered properly. >+ >+ * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp: >+ (WebCore::CoordinatedGraphicsLayer::addChild): >+ (WebCore::CoordinatedGraphicsLayer::addChildAtIndex): >+ (WebCore::CoordinatedGraphicsLayer::addChildAbove): >+ (WebCore::CoordinatedGraphicsLayer::addChildBelow): >+ (WebCore::CoordinatedGraphicsLayer::replaceChild): >+ (WebCore::CoordinatedGraphicsLayer::setCoordinatorIncludingSubLayersIfNeeded): >+ * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h: >+ > 2018-06-25 Keith Rollin <krollin@apple.com> > > Adjust WEBCORE_EXPORT annotations for LTO >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 3c07cd5583b58fa2e25f96de25845356a3333513..3e747d6901678545363dbd5582b350d1eb392504 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,16 @@ >+2018-06-26 Miguel Gomez <magomez@igalia.com> >+ >+ [GTK] Many webpages can crash the browser in WebCore::CoordinatedGraphicsLayer::transformedVisibleRect >+ https://bugs.webkit.org/show_bug.cgi?id=179304 >+ >+ Reviewed by Michael Catanzaro. >+ >+ Add a way to attach to the CompositingCoordinator layers that were not created by it. >+ >+ * WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.cpp: >+ (WebKit::CompositingCoordinator::attachLayer): >+ * WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.h: >+ > 2018-06-25 Tim Horton <timothy_horton@apple.com> > > WKThumbnailView fallback background is blindingly bright in Dark Mode >diff --git a/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp b/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp >index cc686436c8e3416cf1bd0f2d7ad7880899b412f9..42dc7b99910fe30b47ad44508df35626e641752c 100644 >--- a/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp >+++ b/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp >@@ -168,24 +168,28 @@ bool CoordinatedGraphicsLayer::setChildren(const Vector<GraphicsLayer*>& childre > void CoordinatedGraphicsLayer::addChild(GraphicsLayer* layer) > { > GraphicsLayer::addChild(layer); >+ downcast<CoordinatedGraphicsLayer>(*layer).setCoordinatorIncludingSubLayersIfNeeded(m_coordinator); > didChangeChildren(); > } > > void CoordinatedGraphicsLayer::addChildAtIndex(GraphicsLayer* layer, int index) > { > GraphicsLayer::addChildAtIndex(layer, index); >+ downcast<CoordinatedGraphicsLayer>(*layer).setCoordinatorIncludingSubLayersIfNeeded(m_coordinator); > didChangeChildren(); > } > > void CoordinatedGraphicsLayer::addChildAbove(GraphicsLayer* layer, GraphicsLayer* sibling) > { > GraphicsLayer::addChildAbove(layer, sibling); >+ downcast<CoordinatedGraphicsLayer>(*layer).setCoordinatorIncludingSubLayersIfNeeded(m_coordinator); > didChangeChildren(); > } > > void CoordinatedGraphicsLayer::addChildBelow(GraphicsLayer* layer, GraphicsLayer* sibling) > { > GraphicsLayer::addChildBelow(layer, sibling); >+ downcast<CoordinatedGraphicsLayer>(*layer).setCoordinatorIncludingSubLayersIfNeeded(m_coordinator); > didChangeChildren(); > } > >@@ -194,6 +198,7 @@ bool CoordinatedGraphicsLayer::replaceChild(GraphicsLayer* oldChild, GraphicsLay > bool ok = GraphicsLayer::replaceChild(oldChild, newChild); > if (!ok) > return false; >+ downcast<CoordinatedGraphicsLayer>(*newChild).setCoordinatorIncludingSubLayersIfNeeded(m_coordinator); > didChangeChildren(); > return true; > } >@@ -993,6 +998,33 @@ void CoordinatedGraphicsLayer::setCoordinator(CoordinatedGraphicsLayerClient* co > m_coordinator = coordinator; > } > >+void CoordinatedGraphicsLayer::setCoordinatorIncludingSubLayersIfNeeded(CoordinatedGraphicsLayerClient* coordinator) >+{ >+ if (m_coordinator == coordinator) >+ return; >+ >+ // If the coordinators are different it means that we are attaching a layer that was created by a different >+ // CompositingCoordinator than the current one. This happens because the layer was taken out of the tree >+ // and then added back after AC was disabled and enabled again. We need to set the new coordinator to the >+ // layer and its children. >+ // >+ // During each layer flush, the state stores the values that have changed since the previous one, and these >+ // are updated once in the scene. When adding CoordinatedGraphicsLayers back to the tree, the fields that >+ // are not updated during the next flush won't be sent to the scene, so they won't be updated there and the >+ // rendering will fail. >+ // >+ // For example the drawsContent flag. This is set when the layer is created and is not updated anymore (unless >+ // the content changes). When the layer is added back to the tree, the state won't reflect any change in the >+ // flag value, so the scene won't update it and the layer won't be rendered. >+ // >+ // We need to update here the layer changeMask so the scene gets all the current values. >+ m_layerState.changeMask = UINT_MAX; >+ >+ coordinator->attachLayer(this); >+ for (auto& child : children()) >+ downcast<CoordinatedGraphicsLayer>(*child).setCoordinatorIncludingSubLayersIfNeeded(coordinator); >+} >+ > void CoordinatedGraphicsLayer::setNeedsVisibleRectAdjustment() > { > if (shouldHaveBackingStore()) >diff --git a/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h b/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h >index ff4adff8223ea67f9f4da4f776dd7876291019c1..adc869e7bf666f2551af5d4d7ff26d911a2d0516 100644 >--- a/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h >+++ b/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h >@@ -51,6 +51,7 @@ public: > virtual FloatRect visibleContentsRect() const = 0; > virtual Ref<CoordinatedImageBacking> createImageBackingIfNeeded(Image&) = 0; > virtual void detachLayer(CoordinatedGraphicsLayer*) = 0; >+ virtual void attachLayer(CoordinatedGraphicsLayer*) = 0; > virtual Nicosia::PaintingEngine& paintingEngine() = 0; > > virtual void syncLayerState(CoordinatedLayerID, CoordinatedGraphicsLayerState&) = 0; >@@ -127,6 +128,7 @@ public: > void removeTile(uint32_t tileID) override; > > void setCoordinator(CoordinatedGraphicsLayerClient*); >+ void setCoordinatorIncludingSubLayersIfNeeded(CoordinatedGraphicsLayerClient*); > > void setNeedsVisibleRectAdjustment(); > void purgeBackingStores(); >diff --git a/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.cpp b/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.cpp >index 5bf1f7c1fa3ff4fc8f096bd92546a082c009756a..baae141ed60c9755013b3bb2130ee9532c054970 100644 >--- a/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.cpp >+++ b/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.cpp >@@ -313,6 +313,15 @@ void CompositingCoordinator::detachLayer(CoordinatedGraphicsLayer* layer) > notifyFlushRequired(layer); > } > >+void CompositingCoordinator::attachLayer(CoordinatedGraphicsLayer* layer) >+{ >+ layer->setCoordinator(this); >+ m_registeredLayers.add(layer->id(), layer); >+ m_state.layersToCreate.append(layer->id()); >+ layer->setNeedsVisibleRectAdjustment(); >+ notifyFlushRequired(layer); >+} >+ > void CompositingCoordinator::renderNextFrame() > { > } >diff --git a/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.h b/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.h >index 1ad1ae17cce5dc3d04d5b1c04375dc256da042ba..464eb9ee45f6a822574f1d322e8ed650c40171ed 100644 >--- a/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.h >+++ b/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.h >@@ -106,6 +106,7 @@ private: > WebCore::FloatRect visibleContentsRect() const override; > Ref<WebCore::CoordinatedImageBacking> createImageBackingIfNeeded(WebCore::Image&) override; > void detachLayer(WebCore::CoordinatedGraphicsLayer*) override; >+ void attachLayer(WebCore::CoordinatedGraphicsLayer*) override; > Nicosia::PaintingEngine& paintingEngine() override; > void syncLayerState(WebCore::CoordinatedLayerID, WebCore::CoordinatedGraphicsLayerState&) override; >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=343594">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 179304
:
336663
|
338322
|
338326
|
342736
|
343045
|
343046
| 343594