Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: e5dac2f2642fedd5c1a289f5491875972e666ebd
https://github.com/WebKit/WebKit/commit/e5dac2f2642fedd5c1a289f5491875972e666ebd
Author: Sergio Villar Senin <[email protected]>
Date: 2026-05-01 (Fri, 01 May 2026)
Changed paths:
M Source/WebCore/Modules/webxr/WebXRLayer.h
M Source/WebCore/Modules/webxr/WebXRSession.cpp
M Source/WebCore/Modules/webxr/WebXRWebGLLayer.cpp
M Source/WebCore/Modules/webxr/WebXRWebGLLayer.h
M Source/WebCore/Modules/webxr/XRCompositionLayer.cpp
M Source/WebCore/Modules/webxr/XRCompositionLayer.h
M Source/WebCore/platform/xr/PlatformXR.h
M Source/WebKit/Shared/XR/PlatformXR.serialization.in
M Source/WebKit/UIProcess/XR/openxr/OpenXRLayer.cpp
M Source/WebKit/UIProcess/XR/openxr/PlatformXROpenXR.cpp
Log Message:
-----------
[WebXR Layers][OpenXR] WebKit crashes in immersiveweb's quad-ab-test.html
https://bugs.webkit.org/show_bug.cgi?id=313625
Reviewed by Dan Glastonbury.
The immersiveweb's quad AB example is a test that demonstrates rendering
the same picture using a quad layer or embedded in the projection layer.
The UIProcess was crashing soon after starting the WebXR session (it
requires the not landed yet cylinder layer support from PR#63785).
The sequence was more or less the following:
1. Layer A is created, and updateRenderState() is
called so the list of active layers becomes [ A ]
2. Another layer B is created, but updateRenderState is not called yet.
3. populateFrameData() called startFrame() over all *created* layers,
i.e. [A, B]
4. submitFrame() was later called with only [ A ] as updateRenderState()
was not called yet
5. On the render thread endFrame() processes layer A (calling
releaseImage()). Layer B was never submitted, so B->endFrame() is
never called.
6. In the next frame populateFrameData() was calling startFrame over [A,
B] again, but since B's texture was not released, the call to
acquireImage() failed.
As it can be seen the problem was that startFrame() was always called
over all created layers, but endFrame() was created only over the active
layers in WebXR. OpenXR should only operate on the layers selected by
WebXR.
We actually tried to solve this previously adding an acquiredTexture
check in endFrame() but that was wrong because it was indeed fixing the
crash (the sympthon) but not the proper flow of calls (ensuring that
startFrame/endFrame -acquireImage/releaseImage- happen always in pairs).
This patch replaced that with ASSERTs.
Now we keep a list of active textures on the PlatformXR side which is
updated everytime the user calls updateRenderState() in WebXR. Actually
we need to keep two lists in order to use the same list during the whole
lifetime of a frame while allowing the code to update that list for the
next one.
Last but not least, this allowed us to unveil a bug when setting
passthroughFullyObscured. We were resetting it to false if no
requestData was provided, That's wrong, requestData is only received
when the render state changes, so if it's null then it means that
nothing should change and that it should keep the previous value.
No new tests as this can only be reproduced with an actual OpenXR
runtime runing.
* Source/WebCore/Modules/webxr/WebXRLayer.h:
* Source/WebCore/Modules/webxr/WebXRSession.cpp:
(WebCore::WebXRSession::applyPendingRenderState):
* Source/WebCore/Modules/webxr/WebXRWebGLLayer.cpp:
(WebCore::createOpaqueFramebuffer):
(WebCore::WebXRWebGLLayer::create):
(WebCore::WebXRWebGLLayer::layerHandle const):
* Source/WebCore/Modules/webxr/WebXRWebGLLayer.h:
* Source/WebCore/Modules/webxr/XRCompositionLayer.cpp:
(WebCore::XRCompositionLayer::layerHandle const):
* Source/WebCore/Modules/webxr/XRCompositionLayer.h:
* Source/WebCore/platform/xr/PlatformXR.h:
* Source/WebKit/Shared/XR/PlatformXR.serialization.in:
* Source/WebKit/UIProcess/XR/openxr/OpenXRLayer.cpp:
* Source/WebKit/UIProcess/XR/openxr/PlatformXROpenXR.cpp:
(WebKit::OpenXRCoordinator::scheduleAnimationFrame):
(WebKit::OpenXRCoordinator::populateFrameData):
(WebKit::OpenXRCoordinator::beginFrame):
(WebKit::OpenXRCoordinator::endFrame):
Canonical link: https://commits.webkit.org/312422@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
