94544 – [chromium] REGRESSION(126076) Should not touch old GraphicsLayerChromium::m_contentsLayer when setting up a new contents layer

Bug 94544 - [chromium] REGRESSION(126076) Should not touch old GraphicsLayerChromium::m_contentsLayer when setting up a new contents layer

Summary: [chromium] REGRESSION(126076) Should not touch old GraphicsLayerChromium::m_c...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	James Robinson

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-08-20 16:22 PDT by James Robinson
Modified:	2012-08-20 17:06 PDT (History)
CC List:	9 users (show)

See Also:

Attachments
Patch (1.76 KB, patch) 2012-08-20 16:23 PDT, James Robinson	no flags	Details \| Formatted Diff \| Diff
Patch (1.81 KB, patch) 2012-08-20 16:25 PDT, James Robinson	no flags	Details \| Formatted Diff \| Diff
Patch (7.63 KB, patch) 2012-08-20 17:00 PDT, James Robinson	enne: review+	Details \| Formatted Diff \| Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description James Robinson 2012-08-20 16:22:29 PDT

[chromium] REGRESSION(126076) Should not touch old GraphicsLayerChromium::m_contentsLayer when setting up a new contents layer

Comment 1 James Robinson 2012-08-20 16:23:48 PDT

Created attachment 159556 [details]
Patch

Comment 2 James Robinson 2012-08-20 16:24:44 PDT

This is caught by gpu_tests:GPUCrashTest.WebkitLoseContext on the GPU waterfall. I'm not yet sure why there are no layout tests that catch this, the test catches the issue when run in chromium without any automation hooks.

Comment 3 James Robinson 2012-08-20 16:25:11 PDT

Created attachment 159557 [details]
Patch

Comment 4 James Robinson 2012-08-20 16:26:17 PDT

Comment on attachment 159557 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=159557&action=review

This relies on setupContentsLayer() being called before any setters that touch the m_contentsLayer's properties are set, which appears to be the case. If this isn't safe enough for us we could introduce a refcounted wrapper in between the layers and GLC.

> Source/WebCore/platform/graphics/chromium/GraphicsLayerChromium.cpp:-771
> -    if (contentsLayer == m_contentsLayer)

this is also bogus, GraphicsLayerChromium does not have ownership of m_contentsLayer so it could be deallocated and a new layer allocated at the same address

Comment 5 James Robinson 2012-08-20 17:00:48 PDT

Created attachment 159563 [details]
Patch

Comment 6 Adrienne Walker 2012-08-20 17:03:33 PDT

Comment on attachment 159563 [details]
Patch

R=me.  Sounds good to me.

Comment 7 WebKit Review Bot 2012-08-20 17:04:53 PDT

Please wait for approval from abarth@webkit.org, dglazkov@chromium.org, fishd@chromium.org, jamesr@chromium.org or tkent@chromium.org before submitting, as this patch contains changes to the Chromium public API. See also https://trac.webkit.org/wiki/ChromiumWebKitAPI.

Comment 8 James Robinson 2012-08-20 17:06:41 PDT

Committed r126099: <http://trac.webkit.org/changeset/126099>