[chromium] Tiled compositor crashes if compositing turned off mid-paint
Created attachment 80247 [details] Patch
In some cases a paint operation causes layout, which causes the root layer to no longer be composited, which turns off compositing mid-composite. This patch adds a few checks to be robust to this. Tested by adding a layerRenderer()->setRootLayer(NULL) in the middle of the LayerTilerChromium::update after painting. There's a flash of "compositor blue" as the page switches from the compositor back to software, but it behaves correctly. Future changes to separate out the compositor into a separate thread won't have this behavior. See: http://crbug.com/69161
Comment on attachment 80247 [details] Patch Good catch! R=me. We (in the general sense of "we") should experiment with sublayers as well to make sure they handle this case.
(In reply to comment #3) > (From update of attachment 80247 [details]) > Good catch! R=me. > > We (in the general sense of "we") should experiment with sublayers as well to make sure they handle this case. Hmm. By code inspection, LayerRendererChromium::updateLayersRecursive appears to insert naked pointers to LayerChromium objects into a Vector that it uses over the course of update/draw. If a paint call ends up deleting a child layer (maybe by deleting the owning GraphicsLayer?), then the draw pass could traverse into bogus memory. That looks like the only possibility for bad behavior, but I don't know enough about the lifetime of GraphicsLayer or LayerChromium objects to know if that's possible during a paint call.
Comment on attachment 80247 [details] Patch Clearing flags on attachment: 80247 Committed r76864: <http://trac.webkit.org/changeset/76864>
All reviewed patches have been landed. Closing bug.