94544 – [chromium] REGRESSION(126076) Should not touch old GraphicsLayerChromium::m_contentsLayer when setting up a new contents layer

RESOLVED FIXED Bug 94544

[chromium] REGRESSION(126076) Should not touch old GraphicsLayerChromium::m_contentsLayer when setting up a new contents layer

https://bugs.webkit.org/show_bug.cgi?id=94544

Summary [chromium] REGRESSION(126076) Should not touch old GraphicsLayerChromium::m_c...

James Robinson

Reported 2012-08-20 16:22:29 PDT

[chromium] REGRESSION(126076) Should not touch old GraphicsLayerChromium::m_contentsLayer when setting up a new contents layer

Attachments
Patch (1.76 KB, patch) 2012-08-20 16:23 PDT, James Robinson	no flags	Details Formatted Diff Diff
Patch (1.81 KB, patch) 2012-08-20 16:25 PDT, James Robinson	no flags	Details Formatted Diff Diff
Patch (7.63 KB, patch) 2012-08-20 17:00 PDT, James Robinson	enne: review+	Details Formatted Diff Diff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.

James Robinson

Comment 1 2012-08-20 16:23:48 PDT

Created attachment 159556 [details] Patch

James Robinson

Comment 2 2012-08-20 16:24:44 PDT

This is caught by gpu_tests:GPUCrashTest.WebkitLoseContext on the GPU waterfall. I'm not yet sure why there are no layout tests that catch this, the test catches the issue when run in chromium without any automation hooks.

James Robinson

Comment 3 2012-08-20 16:25:11 PDT

Created attachment 159557 [details] Patch

James Robinson

Comment 4 2012-08-20 16:26:17 PDT

Comment on attachment 159557 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=159557&action=review This relies on setupContentsLayer() being called before any setters that touch the m_contentsLayer's properties are set, which appears to be the case. If this isn't safe enough for us we could introduce a refcounted wrapper in between the layers and GLC. > Source/WebCore/platform/graphics/chromium/GraphicsLayerChromium.cpp:-771 > - if (contentsLayer == m_contentsLayer) this is also bogus, GraphicsLayerChromium does not have ownership of m_contentsLayer so it could be deallocated and a new layer allocated at the same address

James Robinson

Comment 5 2012-08-20 17:00:48 PDT

Created attachment 159563 [details] Patch

Adrienne Walker

Comment 6 2012-08-20 17:03:33 PDT

Comment on attachment 159563 [details] Patch R=me. Sounds good to me.

WebKit Review Bot

Comment 7 2012-08-20 17:04:53 PDT

Please wait for approval from abarth@webkit.org, dglazkov@chromium.org, fishd@chromium.org, jamesr@chromium.org or tkent@chromium.org before submitting, as this patch contains changes to the Chromium public API. See also https://trac.webkit.org/wiki/ChromiumWebKitAPI.

James Robinson

Comment 8 2012-08-20 17:06:41 PDT

Committed r126099: <http://trac.webkit.org/changeset/126099>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component New Bugs

Assignee

James Robinson

Reported

2012-08-20 16:22 PDT

Modified

2012-08-20 17:06 PDT History

CC List

9 users Show

URL

Keywords

Depends on

Blocks