CGImageRef's created from a ShareableBitmap can legitimately be deallocated on a background thread. When this happens, the data provider's release callback will be called. This derefs the ShareableBitmap, which might cause it to deallocate, isn't allowed on the background thread. releaseDataProviderData() should dispatch to the main runloop if it is called from a background thread. This is similar to what r250151 added for releaseBitmapContextData().
rdar://problem/55624598
Created attachment 379379 [details] Patch
Comment on attachment 379379 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=379379&action=review > Source/WebKit/Shared/cg/ShareableBitmapCG.cpp:159 > + if (!RunLoop::isMain()) { This looks a lot like https://trac.webkit.org/changeset/250151 ?
Comment on attachment 379379 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=379379&action=review >> Source/WebKit/Shared/cg/ShareableBitmapCG.cpp:159 >> + if (!RunLoop::isMain()) { > > This looks a lot like https://trac.webkit.org/changeset/250151 ? Oh, it is a different release function :)
Comment on attachment 379379 [details] Patch Clearing flags on attachment: 379379 Committed r250248: <https://trac.webkit.org/changeset/250248>
All reviewed patches have been landed. Closing bug.