Remote Layer Tree: Crashes allocating incredibly large backing store for tiled backin...
authortimothy_horton@apple.com <timothy_horton@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 2 Nov 2013 02:23:00 +0000 (02:23 +0000)
committertimothy_horton@apple.com <timothy_horton@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 2 Nov 2013 02:23:00 +0000 (02:23 +0000)
https://bugs.webkit.org/show_bug.cgi?id=123651

Reviewed by Simon Fraser.

* Shared/mac/RemoteLayerBackingStore.mm:
(RemoteLayerBackingStore::display):
(RemoteLayerBackingStore::drawInContext):
We can't dirty the whole layer if we have no existing front buffer if
we have no paints, because that will lead to layers which were never
setNeedsDisplay()'d getting backing store. Added back an assertion
that will catch this, too.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@158481 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit2/ChangeLog
Source/WebKit2/Shared/mac/RemoteLayerBackingStore.mm

index d73c614..14f6eae 100644 (file)
@@ -1,3 +1,18 @@
+2013-11-01  Tim Horton  <timothy_horton@apple.com>
+
+        Remote Layer Tree: Crashes allocating incredibly large backing store for tiled backing layers
+        https://bugs.webkit.org/show_bug.cgi?id=123651
+
+        Reviewed by Simon Fraser.
+
+        * Shared/mac/RemoteLayerBackingStore.mm:
+        (RemoteLayerBackingStore::display):
+        (RemoteLayerBackingStore::drawInContext):
+        We can't dirty the whole layer if we have no existing front buffer if
+        we have no paints, because that will lead to layers which were never
+        setNeedsDisplay()'d getting backing store. Added back an assertion
+        that will catch this, too.
+
 2013-11-01  Dan Bernstein  <mitz@apple.com>
 
         [Cocoa] WKObject seems to be initializing its target in a thread-safe manner, but really is not
index 5530669..3f3e1a8 100644 (file)
@@ -192,12 +192,12 @@ bool RemoteLayerBackingStore::display()
         return previouslyDrewContents;
     }
 
-    if (!hasFrontBuffer())
-        m_dirtyRegion.unite(IntRect(IntPoint(), m_size));
-
     if (m_dirtyRegion.isEmpty() || m_size.isEmpty())
         return false;
 
+    if (!hasFrontBuffer())
+        m_dirtyRegion.unite(IntRect(IntPoint(), m_size));
+
     if (m_layer->owner()->platformCALayerShowRepaintCounter(m_layer)) {
         IntRect indicatorRect = mapToContentCoordinates(IntRect(0, 0, 52, 27));
         m_dirtyRegion.unite(indicatorRect);
@@ -289,6 +289,7 @@ void RemoteLayerBackingStore::drawInContext(GraphicsContext& context)
         case PlatformCALayer::LayerTypeRootLayer:
         case PlatformCALayer::LayerTypeAVPlayerLayer:
         case PlatformCALayer::LayerTypeCustom:
+            ASSERT_NOT_REACHED();
             break;
     };