CRASH in CVPixelBufferGetBytePointerCallback()
authorjer.noble@apple.com <jer.noble@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 3 Oct 2018 19:28:31 +0000 (19:28 +0000)
committerjer.noble@apple.com <jer.noble@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 3 Oct 2018 19:28:31 +0000 (19:28 +0000)
commit51662bdef89264e9057ba357498bafabd3b4ac0e
tree7026dabe41a318da311c4d6d0a90dbd743853d2d
parent38ff747bd992742e9d8ff6c04a37aafd6854bf47
CRASH in CVPixelBufferGetBytePointerCallback()
https://bugs.webkit.org/show_bug.cgi?id=190092

Reviewed by Eric Carlson.

Speculative fix for crash that occurs when callers of CVPixelBufferGetBytePointerCallback() attempt
to read the last byte of a CVPixelBuffer (as a pre-flight check) and crash due to a memory access
error. It's speculated that mismatching CVPixelBufferLockBytePointer / CVPixelBufferUnlockBytePointer
calls could result in an incorrect state inside the CVPixelBuffer. Add log count checks, locking, and
release logging to try to pinpoint if mismatch lock counts are occurring in this code path.

* platform/graphics/cv/PixelBufferConformerCV.cpp:
(WebCore::CVPixelBufferGetBytePointerCallback):
(WebCore::CVPixelBufferReleaseBytePointerCallback):
(WebCore::CVPixelBufferReleaseInfoCallback):
(WebCore::PixelBufferConformerCV::createImageFromPixelBuffer):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@236806 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/platform/graphics/cv/PixelBufferConformerCV.cpp