Crash in RemoteLayerBackingStore::encode when m_frontBuffer is nullptr.
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 30 Jan 2014 20:57:32 +0000 (20:57 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 30 Jan 2014 20:57:32 +0000 (20:57 +0000)
https://bugs.webkit.org/show_bug.cgi?id=127756

Patch by Jeremy Jones <jeremyj@apple.com> on 2014-01-30
Reviewed by Jer Noble.

Don't encode RemoteLayerBackingStore when it has no front buffer.

* Shared/mac/RemoteLayerBackingStore.h:
(WebKit::RemoteLayerBackingStore::hasFrontBuffer):
* Shared/mac/RemoteLayerTreeTransaction.mm:
(WebKit::RemoteLayerTreeTransaction::LayerProperties::encode):
(WebKit::RemoteLayerTreeTransaction::LayerProperties::decode):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@163103 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit2/ChangeLog
Source/WebKit2/Shared/mac/RemoteLayerBackingStore.h
Source/WebKit2/Shared/mac/RemoteLayerTreeTransaction.mm

index c9e0761..78f1f33 100644 (file)
@@ -1,3 +1,18 @@
+2014-01-30  Jeremy Jones  <jeremyj@apple.com>
+
+        Crash in RemoteLayerBackingStore::encode when m_frontBuffer is nullptr.
+        https://bugs.webkit.org/show_bug.cgi?id=127756
+
+        Reviewed by Jer Noble.
+
+        Don't encode RemoteLayerBackingStore when it has no front buffer.
+
+        * Shared/mac/RemoteLayerBackingStore.h:
+        (WebKit::RemoteLayerBackingStore::hasFrontBuffer):
+        * Shared/mac/RemoteLayerTreeTransaction.mm:
+        (WebKit::RemoteLayerTreeTransaction::LayerProperties::encode):
+        (WebKit::RemoteLayerTreeTransaction::LayerProperties::decode):
+
 2014-01-30  Mark Rowe  <mrowe@apple.com>
 
         Host plug-ins in XPC services
index 149a26d..751ba24 100644 (file)
@@ -69,8 +69,7 @@ public:
 
     void enumerateRectsBeingDrawn(CGContextRef, void (^)(CGRect));
 
-private:
-    bool hasFrontBuffer()
+    bool hasFrontBuffer() const
     {
 #if USE(IOSURFACE)
         if (m_acceleratesDrawing)
@@ -78,6 +77,7 @@ private:
 #endif
         return !!m_frontBuffer;
     }
+private:
 
     void drawInContext(WebCore::GraphicsContext&, CGImageRef frontImage);
 
index 5197ab3..2769ab8 100644 (file)
@@ -167,8 +167,11 @@ void RemoteLayerTreeTransaction::LayerProperties::encode(IPC::ArgumentEncoder& e
     if (changedProperties & TimeOffsetChanged)
         encoder << timeOffset;
 
-    if (changedProperties & BackingStoreChanged)
-        encoder << backingStore;
+    if (changedProperties & BackingStoreChanged) {
+        encoder << backingStore.hasFrontBuffer();
+        if (backingStore.hasFrontBuffer())
+            encoder << backingStore;
+    }
 
     if (changedProperties & FiltersChanged)
         encoder << filters;
@@ -306,7 +309,10 @@ bool RemoteLayerTreeTransaction::LayerProperties::decode(IPC::ArgumentDecoder& d
     }
 
     if (result.changedProperties & BackingStoreChanged) {
-        if (!decoder.decode(result.backingStore))
+        bool hasFrontBuffer = false;
+        if (!decoder.decode(hasFrontBuffer))
+            return false;
+        if (hasFrontBuffer && !decoder.decode(result.backingStore))
             return false;
     }