[webkit-changes] [WebKit/WebKit] 325e4c: Surfaces should not be marked volatile while prepa...

Thu, 23 Apr 2026 11:16:36 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 325e4cb39ee10789836fc6406654495276b815a8
      
https://github.com/WebKit/WebKit/commit/325e4cb39ee10789836fc6406654495276b815a8
  Author: Ruthvik Konda <[email protected]>
  Date:   2026-04-23 (Thu, 23 Apr 2026)

  Changed paths:
    A 
LayoutTests/ipc/mark-surfaces-volatile-during-prepare-for-display-expected.txt
    A LayoutTests/ipc/mark-surfaces-volatile-during-prepare-for-display.html
    M Source/WebKit/GPUProcess/graphics/RemoteImageBufferSet.h
    M Source/WebKit/GPUProcess/graphics/RemoteRenderingBackend.cpp

  Log Message:
  -----------
  Surfaces should not be marked volatile while preparing for display
https://bugs.webkit.org/show_bug.cgi?id=307138
rdar://167565825

Reviewed by Kimmo Kinnunen.

The WebProcess can send MarkSurfacesVolatile while prepareBufferForDisplay is 
still active on the GPU Process.
This is semantically invalid.

MarkSurfacesVolatile calls makeBuffersVolatile, which calls 
releaseGraphicsContext() on each image buffer — destroying the graphics
context that prepareBufferForDisplay is actively using through m_context. This 
leads to a dangling reference.

The only concerning path here is the 
makeBuffersVolatile()->releaseGraphicsContext() path.
Since RemoteImageBufferGraphicsContext holds a strong reference to the 
context's ImageBuffer,
other paths releasing the ImageBuffer and ImageBuffer destructor paths are not 
of concern.
And WebProcess only local paths to releaseGraphicsContext() are also not of 
concern.

To fix, we add a MESSAGE_CHECK to reject when markSurfacesVolatile is called 
while drawing is ongoing.

Test: ipc/mark-surfaces-volatile-during-prepare-for-display.html

* 
LayoutTests/ipc/mark-surfaces-volatile-during-prepare-for-display-expected.txt: 
Added.
* LayoutTests/ipc/mark-surfaces-volatile-during-prepare-for-display.html: Added.
* Source/WebKit/GPUProcess/graphics/RemoteImageBufferSet.h:
(WebKit::RemoteImageBufferSet::isPreparingForDisplay const):
* Source/WebKit/GPUProcess/graphics/RemoteRenderingBackend.cpp:
(WebKit::RemoteRenderingBackend::markSurfacesVolatile):

Originally-landed-as: 305413.309@safari-7624-branch (939a2f7876f3). 
rdar://173968798
Canonical link: https://commits.webkit.org/311872@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to