Bug 107404 - Fix a race condition on SkBitmap::lockPixels()/unlockPixels() for lazy image decoding
Summary: Fix a race condition on SkBitmap::lockPixels()/unlockPixels() for lazy image ...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-01-20 14:14 PST by Min Qin
Modified: 2013-01-22 13:10 PST (History)
7 users (show)

See Also:

Attachments
Patch (5.10 KB, patch)
2013-01-20 14:17 PST, Min Qin 		no flags Details | Formatted Diff | Diff
Patch (5.39 KB, patch)
2013-01-22 10:45 PST, Min Qin 		no flags Details | Formatted Diff | Diff
Patch (5.39 KB, patch)
2013-01-22 10:52 PST, Min Qin 		no flags Details | Formatted Diff | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Min Qin 2013-01-20 14:14:46 PST 
Fix a race condition on SkBitmap::lockPixels()/unlockPixels() for lazy image decoding
Comment 1 Min Qin 2013-01-20 14:17:39 PST 
Created attachment 183685 [details]
Patch
Comment 2 Stephen White 2013-01-21 07:50:56 PST 
Comment on attachment 183685 [details]
Patch

This looks OK to me, but I'll wait for hclam to take a look.
Comment 3 Hin-Chung Lam 2013-01-22 10:03:37 PST 
Comment on attachment 183685 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=183685&action=review

> Source/WebCore/platform/graphics/chromium/ImageDecodingStore.cpp:135
> +        image->bitmap().lockPixels();

Make this call after line 147 so you don't need to take lock here.
Comment 4 Hin-Chung Lam 2013-01-22 10:03:39 PST 
Comment on attachment 183685 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=183685&action=review

> Source/WebCore/platform/graphics/chromium/ImageDecodingStore.cpp:135
> +        image->bitmap().lockPixels();

Make this call after line 147 so you don't need to take lock here.
Comment 5 Min Qin 2013-01-22 10:45:37 PST 
Created attachment 184014 [details]
Patch
Comment 6 Min Qin 2013-01-22 10:46:36 PST 
Comment on attachment 183685 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=183685&action=review

>>> Source/WebCore/platform/graphics/chromium/ImageDecodingStore.cpp:135
>>> +        image->bitmap().lockPixels();
>> 
>> Make this call after line 147 so you don't need to take lock here.
> 
> Make this call after line 147 so you don't need to take lock here.

Done
Comment 7 Hin-Chung Lam 2013-01-22 10:47:47 PST 
Comment on attachment 184014 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=184014&action=review

> Source/WebCore/platform/graphics/chromium/ImageDecodingStore.cpp:143
> +    image->bitmap().lockPixels();

image is NULL at this point. So this should be cachedImage->bitmap().lockPixels().
Comment 8 Hin-Chung Lam 2013-01-22 10:48:06 PST 
After the fix then lgtm.
Comment 9 Min Qin 2013-01-22 10:52:31 PST 
Created attachment 184018 [details]
Patch
Comment 10 Min Qin 2013-01-22 10:53:31 PST 
Comment on attachment 184014 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=184014&action=review

>> Source/WebCore/platform/graphics/chromium/ImageDecodingStore.cpp:143
>> +    image->bitmap().lockPixels();
> 
> image is NULL at this point. So this should be cachedImage->bitmap().lockPixels().

ah...Didn't notice that CreateAndUse() will take the OwnPtr away. Fixed.
Comment 11 Stephen White 2013-01-22 10:55:58 PST 
Comment on attachment 184018 [details]
Patch

Transitively OK.  r=me
Comment 12 WebKit Review Bot 2013-01-22 11:30:26 PST 
Comment on attachment 184018 [details]
Patch

Rejecting attachment 184018 [details] from commit-queue.

New failing tests:
inspector-protocol/debugger-terminate-dedicated-worker-while-paused.html
Full output: http://queues.webkit.org/results/16063133
Comment 13 Xianzhu Wang 2013-01-22 13:02:46 PST 
Comment on attachment 184018 [details]
Patch

Last cq was rejected because of unrelated flakyness. Try again.
Comment 14 WebKit Review Bot 2013-01-22 13:10:36 PST 
Comment on attachment 184018 [details]
Patch

Clearing flags on attachment: 184018

Committed r140454: <http://trac.webkit.org/changeset/140454>
Comment 15 WebKit Review Bot 2013-01-22 13:10:40 PST 
All reviewed patches have been landed.  Closing bug.