RemoteLayerBackingStore::encode() assumes it can never fail, but it can. There may be other places, too.
<rdar://problem/84829995>
Created attachment 442906 [details] Patch
Comment on attachment 442906 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=442906&action=review > Source/WebKit/Shared/RemoteLayerTree/RemoteLayerBackingStore.mm:121 > + if (auto* backend = m_frontBuffer.imageBuffer->ensureBackendCreated()) Since we do this check in all situations -- mapped IOSurface, non-mapped IOSurface, bitmap -- maybe do it once before the switch.
Comment on attachment 442906 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=442906&action=review >> Source/WebKit/Shared/RemoteLayerTree/RemoteLayerBackingStore.mm:121 >> + if (auto* backend = m_frontBuffer.imageBuffer->ensureBackendCreated()) > > Since we do this check in all situations -- mapped IOSurface, non-mapped IOSurface, bitmap -- maybe do it once before the switch. The third case below is slightly different, but yes I can hoist it somewhat.
Committed r285088 (243730@main): <https://commits.webkit.org/243730@main>
Re-opened since this is blocked by bug 234680
The A/B test was using bogus data - before crashes were fixed, the memory data was reported from processes which didn't have the test page loaded. So, rolling this out was a mistake. Rolling back in now.
Committed r287775 (245835@trunk): <https://commits.webkit.org/245835@trunk>