Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(913)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/gpu/client/webgraphicscontext3d_command_buffer_impl.cc

Issue 102823002: Fix possible use-after-free in WGC3D shared context map (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/common/gpu/client/webgraphicscontext3d_command_buffer_impl.h" 5 #include "content/common/gpu/client/webgraphicscontext3d_command_buffer_impl.h"
6 6
7 #include "third_party/khronos/GLES2/gl2.h" 7 #include "third_party/khronos/GLES2/gl2.h"
8 #ifndef GL_GLEXT_PROTOTYPES 8 #ifndef GL_GLEXT_PROTOTYPES
9 #define GL_GLEXT_PROTOTYPES 1 9 #define GL_GLEXT_PROTOTYPES 1
10 #endif 10 #endif
(...skipping 221 matching lines...) Expand 10 before | Expand all | Expand 10 after
232 mem_limits_(limits), 232 mem_limits_(limits),
233 flush_id_(0) { 233 flush_id_(0) {
234 } 234 }
235 235
236 WebGraphicsContext3DCommandBufferImpl:: 236 WebGraphicsContext3DCommandBufferImpl::
237 ~WebGraphicsContext3DCommandBufferImpl() { 237 ~WebGraphicsContext3DCommandBufferImpl() {
238 if (real_gl_) { 238 if (real_gl_) {
239 real_gl_->SetErrorMessageCallback(NULL); 239 real_gl_->SetErrorMessageCallback(NULL);
240 } 240 }
241 241
242 if (host_.get()) {
243 base::AutoLock lock(g_all_shared_contexts_lock.Get());
244 ContextMap& all_contexts = g_all_shared_contexts.Get();
245 ContextMap::iterator it = std::find(
246 all_contexts.begin(),
247 all_contexts.end(),
248 std::pair<GpuChannelHost* const,
249 WebGraphicsContext3DCommandBufferImpl*>(host_.get(), this));
250 if (it != all_contexts.end())
251 all_contexts.erase(it);
252 }
253 Destroy(); 242 Destroy();
254 } 243 }
255 244
256 bool WebGraphicsContext3DCommandBufferImpl::MaybeInitializeGL() { 245 bool WebGraphicsContext3DCommandBufferImpl::MaybeInitializeGL() {
257 if (initialized_) 246 if (initialized_)
258 return true; 247 return true;
259 248
260 if (initialize_failed_) 249 if (initialize_failed_)
261 return false; 250 return false;
262 251
(...skipping 185 matching lines...) Expand 10 before | Expand all | Expand 10 after
448 return true; 437 return true;
449 } 438 }
450 439
451 uint32_t WebGraphicsContext3DCommandBufferImpl::lastFlushID() { 440 uint32_t WebGraphicsContext3DCommandBufferImpl::lastFlushID() {
452 return flush_id_; 441 return flush_id_;
453 } 442 }
454 443
455 DELEGATE_TO_GL_R(insertSyncPoint, InsertSyncPointCHROMIUM, unsigned int) 444 DELEGATE_TO_GL_R(insertSyncPoint, InsertSyncPointCHROMIUM, unsigned int)
456 445
457 void WebGraphicsContext3DCommandBufferImpl::Destroy() { 446 void WebGraphicsContext3DCommandBufferImpl::Destroy() {
447 if (host_.get()) {
448 base::AutoLock lock(g_all_shared_contexts_lock.Get());
449 ContextMap& all_contexts = g_all_shared_contexts.Get();
450 ContextMap::iterator it = std::find(
451 all_contexts.begin(),
452 all_contexts.end(),
453 std::pair<GpuChannelHost* const,
454 WebGraphicsContext3DCommandBufferImpl*>(host_.get(), this));
455 if (it != all_contexts.end())
456 all_contexts.erase(it);
457 }
458
458 if (gl_) { 459 if (gl_) {
459 // First flush the context to ensure that any pending frees of resources 460 // First flush the context to ensure that any pending frees of resources
460 // are completed. Otherwise, if this context is part of a share group, 461 // are completed. Otherwise, if this context is part of a share group,
461 // those resources might leak. Also, any remaining side effects of commands 462 // those resources might leak. Also, any remaining side effects of commands
462 // issued on this context might not be visible to other contexts in the 463 // issued on this context might not be visible to other contexts in the
463 // share group. 464 // share group.
464 gl_->Flush(); 465 gl_->Flush();
465 gl_ = NULL; 466 gl_ = NULL;
466 } 467 }
467 468
(...skipping 962 matching lines...) Expand 10 before | Expand all | Expand 10 after
1430 1431
1431 void WebGraphicsContext3DCommandBufferImpl::OnErrorMessage( 1432 void WebGraphicsContext3DCommandBufferImpl::OnErrorMessage(
1432 const std::string& message, int id) { 1433 const std::string& message, int id) {
1433 if (error_message_callback_) { 1434 if (error_message_callback_) {
1434 blink::WebString str = blink::WebString::fromUTF8(message.c_str()); 1435 blink::WebString str = blink::WebString::fromUTF8(message.c_str());
1435 error_message_callback_->onErrorMessage(str, id); 1436 error_message_callback_->onErrorMessage(str, id);
1436 } 1437 }
1437 } 1438 }
1438 1439
1439 } // namespace content 1440 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698