REGRESSION (r244182): RemoteLayerTreeDrawingArea::flushLayers() should not be reentrant
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 11 Apr 2019 22:51:43 +0000 (22:51 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 11 Apr 2019 22:51:43 +0000 (22:51 +0000)
https://bugs.webkit.org/show_bug.cgi?id=196825

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2019-04-11
Reviewed by Simon Fraser.

Ensure the layer transactions IDs are sequential. So bail out of
RemoteLayerTreeDrawingArea::flushLayers() if reentrancy is detected.

* WebProcess/WebPage/RemoteLayerTree/RemoteLayerTreeDrawingArea.h:
* WebProcess/WebPage/RemoteLayerTree/RemoteLayerTreeDrawingArea.mm:
(WebKit::RemoteLayerTreeDrawingArea::flushLayers):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@244198 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog
Source/WebKit/WebProcess/WebPage/RemoteLayerTree/RemoteLayerTreeDrawingArea.h
Source/WebKit/WebProcess/WebPage/RemoteLayerTree/RemoteLayerTreeDrawingArea.mm

index 453e0ef..157d3a0 100644 (file)
@@ -1,3 +1,17 @@
+2019-04-11  Said Abou-Hallawa  <sabouhallawa@apple.com>
+
+        REGRESSION (r244182): RemoteLayerTreeDrawingArea::flushLayers() should not be reentrant
+        https://bugs.webkit.org/show_bug.cgi?id=196825
+
+        Reviewed by Simon Fraser.
+
+        Ensure the layer transactions IDs are sequential. So bail out of
+        RemoteLayerTreeDrawingArea::flushLayers() if reentrancy is detected.
+
+        * WebProcess/WebPage/RemoteLayerTree/RemoteLayerTreeDrawingArea.h:
+        * WebProcess/WebPage/RemoteLayerTree/RemoteLayerTreeDrawingArea.mm:
+        (WebKit::RemoteLayerTreeDrawingArea::flushLayers):
+
 2019-04-11  Wenson Hsieh  <wenson_hsieh@apple.com>
 
         Allow the MediaSource API to be enabled via website policy
index b923bf3..271dc33 100644 (file)
@@ -161,6 +161,7 @@ private:
     bool m_waitingForBackingStoreSwap { false };
     bool m_hadFlushDeferredWhileWaitingForBackingStoreSwap { false };
     bool m_nextFlushIsForImmediatePaint { false };
+    bool m_inFlushLayers { false };
 
     dispatch_queue_t m_commitQueue;
     RefPtr<BackingStoreFlusher> m_pendingBackingStoreFlusher;
index 06277e3..8c43f33 100644 (file)
@@ -50,6 +50,7 @@
 #import <WebCore/Settings.h>
 #import <WebCore/TiledBacking.h>
 #import <pal/spi/cocoa/QuartzCoreSPI.h>
+#import <wtf/SetForScope.h>
 #import <wtf/SystemTracing.h>
 
 namespace WebKit {
@@ -344,6 +345,11 @@ void RemoteLayerTreeDrawingArea::flushLayers()
             scheduleCompositingLayerFlush();
     }
 
+    // This function is not reentrant, e.g. a rAF callback may force repaint.
+    if (m_inFlushLayers)
+        return;
+
+    SetForScope<bool> change(m_inFlushLayers, true);
     m_webPage.updateRendering();
 
     FloatRect visibleRect(FloatPoint(), m_viewSize);