[webkit-changes] [164840] trunk/Source/WebKit2

Thu, 27 Feb 2014 15:59:24 -0800

Title: [164840] trunk/Source/WebKit2
Revision
164840
Author
[email protected]
Date
2014-02-27 16:04:24 -0800 (Thu, 27 Feb 2014)

Log Message

Crash in RemoteLayerTreePropertyApplier::applyPropertiesToLayer
https://bugs.webkit.org/show_bug.cgi?id=129456
<rdar://problem/16182676>

Reviewed by Simon Fraser.

* Shared/mac/RemoteLayerTreePropertyApplier.mm:
(WebKit::RemoteLayerTreePropertyApplier::applyPropertiesToLayer):
We were dereferencing the RemoteLayerBackingStore without checking if it exists,
in the accelerated drawing codepath. This case will occur if a layer
previously drew contents, but now does not.

Modified Paths

Diff

Modified: trunk/Source/WebKit2/ChangeLog (164839 => 164840)


--- trunk/Source/WebKit2/ChangeLog	2014-02-27 23:58:28 UTC (rev 164839)
+++ trunk/Source/WebKit2/ChangeLog	2014-02-28 00:04:24 UTC (rev 164840)
@@ -1,3 +1,17 @@
+2014-02-27  Tim Horton  <[email protected]>
+
+        Crash in RemoteLayerTreePropertyApplier::applyPropertiesToLayer
+        https://bugs.webkit.org/show_bug.cgi?id=129456
+        <rdar://problem/16182676>
+
+        Reviewed by Simon Fraser.
+
+        * Shared/mac/RemoteLayerTreePropertyApplier.mm:
+        (WebKit::RemoteLayerTreePropertyApplier::applyPropertiesToLayer):
+        We were dereferencing the RemoteLayerBackingStore without checking if it exists,
+        in the accelerated drawing codepath. This case will occur if a layer
+        previously drew contents, but now does not.
+
 2014-02-27  Anders Carlsson  <[email protected]>
 
         Simplify WebProcessProxy state accessors

Modified: trunk/Source/WebKit2/Shared/mac/RemoteLayerTreePropertyApplier.mm (164839 => 164840)


--- trunk/Source/WebKit2/Shared/mac/RemoteLayerTreePropertyApplier.mm	2014-02-27 23:58:28 UTC (rev 164839)
+++ trunk/Source/WebKit2/Shared/mac/RemoteLayerTreePropertyApplier.mm	2014-02-28 00:04:24 UTC (rev 164840)
@@ -167,14 +167,18 @@
         layer.timeOffset = properties.timeOffset;
 
     if (properties.changedProperties & RemoteLayerTreeTransaction::BackingStoreChanged) {
+        if (RemoteLayerBackingStore* backingStore = properties.backingStore.get()) {
 #if USE(IOSURFACE)
-        if (properties.backingStore->acceleratesDrawing())
-            layer.contents = (id)properties.backingStore->surface().get();
-        else
+            if (backingStore->acceleratesDrawing())
+                layer.contents = (id)backingStore->surface().get();
+            else
+                layer.contents = (id)backingStore->image().get();
 #else
-            ASSERT(!properties.backingStore || !properties.backingStore->acceleratesDrawing());
+            ASSERT(!backingStore->acceleratesDrawing());
+            layer.contents = (id)backingStore->image().get();
 #endif
-        layer.contents = properties.backingStore ? (id)properties.backingStore->image().get() : nil;
+        } else
+            layer.contents = nil;
     }
 
     if (properties.changedProperties & RemoteLayerTreeTransaction::FiltersChanged)

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to