[GTK] WebkitWebProcess crashing navigating away from ogg video element
authorvjaquez@igalia.com <vjaquez@igalia.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 21 Aug 2014 10:51:03 +0000 (10:51 +0000)
committervjaquez@igalia.com <vjaquez@igalia.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 21 Aug 2014 10:51:03 +0000 (10:51 +0000)
https://bugs.webkit.org/show_bug.cgi?id=135348

Reviewed by Philippe Normand.

Source/WebCore:

Let GraphicsLayerTextureMapper know it needs to detach the platform
layer when a MediaPlayerPrivateGStreamerBase is destroyed.

No new test since media/restore-from-page-cache.html covers it.

* platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
(WebCore::MediaPlayerPrivateGStreamerBase::~MediaPlayerPrivateGStreamerBase):

Source/WebKit2:

When a page is cached, by default doesn't recreate the backing store
(an optimization added in r89316).

Not all the ports uses that optimization. For example IOS port doesn't
use it (r161185).

In the case of the GTK port, the MediaPlayerPrivateGStreamer, not only
processes video buffers, also display them, because it is a
TextureMapperPlatformLayer too.

Nevertheless, in r153937, when a page is cached, the player is
destroyed. But our player has a backing store and the render tree
doesn't know that the player has gone. Hence, when the page is redraw,
the TextureMapper tree visits the video element, which doesn't exist
anymore, a segmentation fault occurs.

So, as our media player renders, and as we cannot trust that the
player exists when a page is painted, we cannot rely in the r89316
optimization.

Disabling the backing stores optimization fixes the problem.

Covered by existing tests.

* WebProcess/soup/WebProcessSoup.cpp:
(WebKit::WebProcess::platformSetCacheModel): Enable the backing store
clearing when page caching for GTK.

LayoutTests:

* platform/gtk/TestExpectations: Enable
media/restore-from-page-cache.html,
plugins/netscape-plugin-page-cache-works.html and
animations/resume-after-page-cache.html. They should pass correctly.
Skip compositing/iframes/page-cache-layer-tree.html since we disable
that optimization.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172828 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/platform/gtk/TestExpectations
Source/WebCore/ChangeLog
Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp
Source/WebKit2/ChangeLog
Source/WebKit2/WebProcess/soup/WebProcessSoup.cpp

index 5b93701..c77eae7 100644 (file)
@@ -1,3 +1,17 @@
+2014-08-21  Víctor Manuel Jáquez Leal  <vjaquez@igalia.com>
+
+        [GTK] WebkitWebProcess crashing navigating away from ogg video element
+        https://bugs.webkit.org/show_bug.cgi?id=135348
+
+        Reviewed by Philippe Normand.
+
+        * platform/gtk/TestExpectations: Enable
+        media/restore-from-page-cache.html,
+        plugins/netscape-plugin-page-cache-works.html and
+        animations/resume-after-page-cache.html. They should pass correctly.
+        Skip compositing/iframes/page-cache-layer-tree.html since we disable
+        that optimization.
+
 2014-08-21  Shivakumar JM  <shiva.jm@samsung.com>
 
         [EFL][WK2] Websocket Layout Tests passed in latest build.
index 3568cc1..b76d382 100644 (file)
@@ -580,8 +580,6 @@ webkit.org/b/89650 svg/W3C-SVG-1.1/animate-elem-82-t.svg [ Failure Pass ]
 webkit.org/b/89650 [ Debug ] svg/W3C-SVG-1.1/animate-elem-85-t.svg [ Failure Pass ]
 webkit.org/b/89650 svg/W3C-SVG-1.1/struct-dom-06-b.svg [ Failure Pass ]
 
-webkit.org/b/80158 plugins/netscape-plugin-page-cache-works.html [ Failure Pass ]
-
 webkit.org/b/89811 media/media-blocked-by-beforeload.html [ Failure Pass ]
 webkit.org/b/84856 media/media-controller-playback.html [ Crash Failure Timeout Pass ]
 
@@ -678,8 +676,6 @@ webkit.org/b/119040 perf/nested-combined-selectors.html [ Failure Pass ]
 
 webkit.org/b/119041 css3/calc/img-size.html [ ImageOnlyFailure Pass ]
 
-webkit.org/b/119042 animations/resume-after-page-cache.html [ Failure Pass Crash ]
-
 # These tests started to time out (or time out more often) since the FTL merge
 webkit.org/b/119253 [ Release ] css3/autoclose-braces-and-parentheses.html [ Timeout Pass ]
 webkit.org/b/119253 [ Debug ] js/dfg-osr-entry-hoisted-clobbered-structure-check.html [ Timeout Pass ]
@@ -2006,7 +2002,6 @@ webkit.org/b/132126 animations/body-removal-crash.html [ Crash Pass ]
 webkit.org/b/132126 media/track/track-cues-cuechange.html [ Timeout Pass ]
 webkit.org/b/132126 media/track/track-cues-enter-exit.html [ Timeout Pass ]
 webkit.org/b/132126 media/video-poster-background.html [ ImageOnlyFailure ]
-webkit.org/b/132126 media/restore-from-page-cache.html [ Crash ]
 
 webkit.org/b/132233 fast/regions/clip-to-padding-box-vertical-lr.html [ ImageOnlyFailure ]
 
@@ -2094,6 +2089,9 @@ webkit.org/b/136065 css3/shapes/shape-outside/supported-shapes/inset/shape-outsi
 
 webkit.org/b/132421 fast/multicol/fixed-stack.html [ Pass ]
 
+# The backing store is cleared when page cached in GTK
+webkit.org/b/135348 compositing/iframes/page-cache-layer-tree.html [ Skip ]
+
 #////////////////////////////////////////////////////////////////////////////////////////
 # End of Tests failing
 #////////////////////////////////////////////////////////////////////////////////////////
index 678cd13..d4fccdf 100644 (file)
@@ -1,3 +1,18 @@
+2014-08-21  Víctor Manuel Jáquez Leal  <vjaquez@igalia.com>
+
+        [GTK] WebkitWebProcess crashing navigating away from ogg video element
+        https://bugs.webkit.org/show_bug.cgi?id=135348
+
+        Reviewed by Philippe Normand.
+
+        Let GraphicsLayerTextureMapper know it needs to detach the platform
+        layer when a MediaPlayerPrivateGStreamerBase is destroyed.
+
+        No new test since media/restore-from-page-cache.html covers it.
+
+        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
+        (WebCore::MediaPlayerPrivateGStreamerBase::~MediaPlayerPrivateGStreamerBase):
+
 2014-08-20  Benjamin Poulain  <benjamin@webkit.org>
 
         CSS: Implement the :placeholder-shown pseudo-class from Selectors Level 4
index 11de72f..6ce949e 100644 (file)
@@ -121,6 +121,11 @@ MediaPlayerPrivateGStreamerBase::~MediaPlayerPrivateGStreamerBase()
         g_signal_handler_disconnect(m_volumeElement.get(), m_muteSignalHandler);
         m_muteSignalHandler = 0;
     }
+
+#if USE(ACCELERATED_COMPOSITING) && USE(TEXTURE_MAPPER_GL) && !USE(COORDINATED_GRAPHICS)
+    if (client())
+        client()->platformLayerWillBeDestroyed();
+#endif
 }
 
 // Returns the size of the video
index 4620749..9c0cee2 100644 (file)
@@ -1,3 +1,38 @@
+2014-08-21  Víctor Manuel Jáquez Leal  <vjaquez@igalia.com>
+
+        [GTK] WebkitWebProcess crashing navigating away from ogg video element
+        https://bugs.webkit.org/show_bug.cgi?id=135348
+
+        Reviewed by Philippe Normand.
+
+        When a page is cached, by default doesn't recreate the backing store
+        (an optimization added in r89316).
+
+        Not all the ports uses that optimization. For example IOS port doesn't
+        use it (r161185).
+
+        In the case of the GTK port, the MediaPlayerPrivateGStreamer, not only
+        processes video buffers, also display them, because it is a
+        TextureMapperPlatformLayer too.
+
+        Nevertheless, in r153937, when a page is cached, the player is
+        destroyed. But our player has a backing store and the render tree
+        doesn't know that the player has gone. Hence, when the page is redraw,
+        the TextureMapper tree visits the video element, which doesn't exist
+        anymore, a segmentation fault occurs.
+
+        So, as our media player renders, and as we cannot trust that the
+        player exists when a page is painted, we cannot rely in the r89316
+        optimization.
+
+        Disabling the backing stores optimization fixes the problem.
+
+        Covered by existing tests.
+
+        * WebProcess/soup/WebProcessSoup.cpp:
+        (WebKit::WebProcess::platformSetCacheModel): Enable the backing store
+        clearing when page caching for GTK.
+
 2014-08-20  Alex Christensen  <achristensen@webkit.org>
 
         Introducing WEBCORE_EXPORT macro.
index 1f3b687..0aaa35c 100644 (file)
@@ -110,6 +110,10 @@ void WebProcess::platformSetCacheModel(CacheModel cacheModel)
     WebCore::memoryCache()->setDeadDecodedDataDeletionInterval(deadDecodedDataDeletionInterval);
     WebCore::pageCache()->setCapacity(pageCacheCapacity);
 
+#if PLATFORM(GTK)
+    WebCore::pageCache()->setShouldClearBackingStores(true);
+#endif
+
     if (!usesNetworkProcess()) {
         if (urlCacheDiskCapacity > soup_cache_get_max_size(cache))
             soup_cache_set_max_size(cache, urlCacheDiskCapacity);