Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(25)

Issue 7739008: Fix crash in updateCompositorResources due to null root layer (Closed)

Created:
9 years, 3 months ago by enne (OOO)
Modified:
8 years, 10 months ago
Reviewers:
jamesr
CC:
chromium-reviews
Base URL:
http://svn.webkit.org/repository/webkit/branches/chromium/835/
Visibility:
Public.

Description

Fix crash in updateCompositorResources due to null root layer. This is an m14-only issue due to side-effects from http://trac.webkit.org/changeset/93940. (Argh, branch-only changes.) I could not repro this, but I have seen this class of bug in the past where painting causes the root layer to become null, which causes other problems. If I insert a setRootLayer(0) call after painting, it reproduces perfectly. The issue is that the root layer gets cleared, but it's stored in a layer list and then gets used. The layer list looks like it's used-after-free (oops) because it's passed as a raw reference, but it stores a pointer to a root layer whose cc layer pointer has been cleared and then gets used blindly (extra oops). So, the solution is to check for this case to avoid the null pointer deref and then to clear the layer list in a better place. I verified that with setRootLayer(0) that this doesn't blow up. I also verified that memory is properly freed and that the original bug is still fixed.

Patch Set 1 #

Patch Set 2 : '' #

Patch Set 3 : '' #

Unified diffs Side-by-side diffs Delta from patch set Stats (+12 lines, -3 lines) Patch
M Source/WebCore/platform/graphics/chromium/LayerRendererChromium.cpp View 1 2 3 chunks +12 lines, -3 lines 0 comments Download

Messages

Total messages: 3 (0 generated)
enne (OOO)
Actually, ignore this until the next patch set. :(
9 years, 3 months ago (2011-09-02 23:23:09 UTC) #1
enne (OOO)
On 2011/09/02 23:23:09, enne wrote: > Actually, ignore this until the next patch set. :( ...
9 years, 3 months ago (2011-09-02 23:38:12 UTC) #2
jamesr
9 years, 3 months ago (2011-09-02 23:57:57 UTC) #3
lgtm

Powered by Google App Engine
This is Rietveld 408576698