| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/gpu/client/grcontext_for_webgraphicscontext3d.h" | 5 #include "content/common/gpu/client/grcontext_for_webgraphicscontext3d.h" |
| 6 | 6 |
| 7 #include "base/lazy_instance.h" | 7 #include "base/lazy_instance.h" |
| 8 #include "base/trace_event/trace_event.h" | 8 #include "base/trace_event/trace_event.h" |
| 9 #include "gpu/blink/webgraphicscontext3d_impl.h" | 9 #include "gpu/blink/webgraphicscontext3d_impl.h" |
| 10 #include "gpu/command_buffer/client/gles2_lib.h" | 10 #include "gpu/command_buffer/client/gles2_lib.h" |
| 11 #include "gpu/skia_bindings/gl_bindings_skia_cmd_buffer.h" |
| 11 #include "third_party/skia/include/gpu/GrContext.h" | 12 #include "third_party/skia/include/gpu/GrContext.h" |
| 12 #include "third_party/skia/include/gpu/gl/GrGLInterface.h" | |
| 13 | 13 |
| 14 using gpu_blink::WebGraphicsContext3DImpl; | 14 using gpu_blink::WebGraphicsContext3DImpl; |
| 15 | 15 |
| 16 namespace content { | 16 namespace content { |
| 17 | 17 |
| 18 namespace { | 18 namespace { |
| 19 | 19 |
| 20 // Singleton used to initialize and terminate the gles2 library. | 20 // Singleton used to initialize and terminate the gles2 library. |
| 21 class GLES2Initializer { | 21 class GLES2Initializer { |
| 22 public: | 22 public: |
| 23 GLES2Initializer() { gles2::Initialize(); } | 23 GLES2Initializer() { gles2::Initialize(); } |
| 24 | 24 |
| 25 ~GLES2Initializer() { gles2::Terminate(); } | 25 ~GLES2Initializer() { gles2::Terminate(); } |
| 26 | 26 |
| 27 private: | 27 private: |
| 28 DISALLOW_COPY_AND_ASSIGN(GLES2Initializer); | 28 DISALLOW_COPY_AND_ASSIGN(GLES2Initializer); |
| 29 }; | 29 }; |
| 30 | 30 |
| 31 base::LazyInstance<GLES2Initializer> g_gles2_initializer = | 31 base::LazyInstance<GLES2Initializer> g_gles2_initializer = |
| 32 LAZY_INSTANCE_INITIALIZER; | 32 LAZY_INSTANCE_INITIALIZER; |
| 33 | 33 |
| 34 void BindWebGraphicsContext3DGLContextCallback(const GrGLInterface* interface) { | 34 void BindWebGraphicsContext3DGLContextCallback(const GrGLInterface* interface) { |
| 35 gles2::SetGLContext(reinterpret_cast<WebGraphicsContext3DImpl*>( | 35 gles2::SetGLContext(static_cast<const GrGLInterfaceForWebGraphicsContext3D*>( |
| 36 interface->fCallbackData)->GetGLInterface()); | 36 interface)->WebContext3D()->GetGLInterface()); |
| 37 } | 37 } |
| 38 | 38 |
| 39 } // namespace anonymous | 39 } // namespace anonymous |
| 40 | 40 |
| 41 GrContextForWebGraphicsContext3D::GrContextForWebGraphicsContext3D( | 41 GrContextForWebGraphicsContext3D::GrContextForWebGraphicsContext3D( |
| 42 WebGraphicsContext3DImpl* context3d) { | 42 skia::RefPtr<GrGLInterfaceForWebGraphicsContext3D> gr_interface) { |
| 43 if (!context3d) | 43 if (!gr_interface || !gr_interface->WebContext3D()) |
| 44 return; | 44 return; |
| 45 | 45 |
| 46 // Ensure the gles2 library is initialized first in a thread safe way. | 46 // Ensure the gles2 library is initialized first in a thread safe way. |
| 47 g_gles2_initializer.Get(); | 47 g_gles2_initializer.Get(); |
| 48 gles2::SetGLContext(context3d->GetGLInterface()); | 48 gles2::SetGLContext(gr_interface->WebContext3D()->GetGLInterface()); |
| 49 skia::RefPtr<GrGLInterface> interface = skia::AdoptRef( | |
| 50 context3d->createGrGLInterface()); | |
| 51 if (!interface) | |
| 52 return; | |
| 53 | 49 |
| 54 interface->fCallback = BindWebGraphicsContext3DGLContextCallback; | 50 skia_bindings::InitCommandBufferSkiaGLBinding(gr_interface.get()); |
| 55 interface->fCallbackData = | 51 |
| 56 reinterpret_cast<GrGLInterfaceCallbackData>(context3d); | 52 gr_interface->fCallback = BindWebGraphicsContext3DGLContextCallback; |
| 57 | 53 |
| 58 gr_context_ = skia::AdoptRef(GrContext::Create( | 54 gr_context_ = skia::AdoptRef(GrContext::Create( |
| 59 kOpenGL_GrBackend, | 55 kOpenGL_GrBackend, |
| 60 reinterpret_cast<GrBackendContext>(interface.get()))); | 56 reinterpret_cast<GrBackendContext>(gr_interface.get()))); |
| 61 if (gr_context_) { | 57 if (gr_context_) { |
| 62 // The limit of the number of GPU resources we hold in the GrContext's | 58 // The limit of the number of GPU resources we hold in the GrContext's |
| 63 // GPU cache. | 59 // GPU cache. |
| 64 static const int kMaxGaneshResourceCacheCount = 2048; | 60 static const int kMaxGaneshResourceCacheCount = 2048; |
| 65 // The limit of the bytes allocated toward GPU resources in the GrContext's | 61 // The limit of the bytes allocated toward GPU resources in the GrContext's |
| 66 // GPU cache. | 62 // GPU cache. |
| 67 static const size_t kMaxGaneshResourceCacheBytes = 96 * 1024 * 1024; | 63 static const size_t kMaxGaneshResourceCacheBytes = 96 * 1024 * 1024; |
| 68 | 64 |
| 69 gr_context_->setResourceCacheLimits(kMaxGaneshResourceCacheCount, | 65 gr_context_->setResourceCacheLimits(kMaxGaneshResourceCacheCount, |
| 70 kMaxGaneshResourceCacheBytes); | 66 kMaxGaneshResourceCacheBytes); |
| 71 } | 67 } |
| 72 } | 68 } |
| 73 | 69 |
| 74 GrContextForWebGraphicsContext3D::~GrContextForWebGraphicsContext3D() { | 70 GrContextForWebGraphicsContext3D::~GrContextForWebGraphicsContext3D() { |
| 75 } | 71 } |
| 76 | 72 |
| 77 void GrContextForWebGraphicsContext3D::OnLostContext() { | 73 void GrContextForWebGraphicsContext3D::OnLostContext() { |
| 78 if (gr_context_) | 74 if (gr_context_) |
| 79 gr_context_->abandonContext(); | 75 gr_context_->abandonContext(); |
| 80 } | 76 } |
| 81 | 77 |
| 82 void GrContextForWebGraphicsContext3D::FreeGpuResources() { | 78 void GrContextForWebGraphicsContext3D::FreeGpuResources() { |
| 83 if (gr_context_) { | 79 if (gr_context_) { |
| 84 TRACE_EVENT_INSTANT0("gpu", "GrContext::freeGpuResources", \ | 80 TRACE_EVENT_INSTANT0("gpu", "GrContext::freeGpuResources", \ |
| 85 TRACE_EVENT_SCOPE_THREAD); | 81 TRACE_EVENT_SCOPE_THREAD); |
| 86 gr_context_->freeGpuResources(); | 82 gr_context_->freeGpuResources(); |
| 87 } | 83 } |
| 88 } | 84 } |
| 89 | 85 |
| 86 GrGLInterfaceForWebGraphicsContext3D::GrGLInterfaceForWebGraphicsContext3D( |
| 87 scoped_ptr<gpu_blink::WebGraphicsContext3DImpl> context3d) |
| 88 : context3d_(context3d.Pass()) { |
| 89 } |
| 90 |
| 91 void GrGLInterfaceForWebGraphicsContext3D::BindToCurrentThread() { |
| 92 context_thread_checker_.DetachFromThread(); |
| 93 } |
| 94 |
| 95 GrGLInterfaceForWebGraphicsContext3D::~GrGLInterfaceForWebGraphicsContext3D() { |
| 96 DCHECK(context_thread_checker_.CalledOnValidThread()); |
| 97 #if !defined(NDEBUG) |
| 98 // Set all the function pointers to zero, in order to crash if function |
| 99 // pointers are used after free. |
| 100 memset(&fFunctions, 0, sizeof(GrGLInterface::Functions)); |
| 101 #endif |
| 102 } |
| 103 |
| 90 } // namespace content | 104 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1414683003:
Fix gpu command buffer use after free by GrContext (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master