Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(571)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: cc/trees/layer_tree_host_impl.cc

Issue 2349143003: cc: Avoid ResourceProvider nullptr deref (Closed)
Patch Set: Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « cc/trees/layer_tree_host_impl.h ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: cc/trees/layer_tree_host_impl.cc
diff --git a/cc/trees/layer_tree_host_impl.cc b/cc/trees/layer_tree_host_impl.cc
index f90ca3255bc2d07544e60e3a27bf0a75b6921c7c..4ebd5f45665189c9735bdd2d07198ed69c97d93e 100644
--- a/cc/trees/layer_tree_host_impl.cc
+++ b/cc/trees/layer_tree_host_impl.cc
@@ -240,6 +240,7 @@ LayerTreeHostImpl::LayerTreeHostImpl(
id_(id),
requires_high_res_to_draw_(false),
is_likely_to_require_a_draw_(false),
+ has_valid_compositor_frame_sink_(false),
mutator_(nullptr) {
DCHECK(animation_host_);
animation_host_->SetMutatorHostClient(this);
@@ -1925,6 +1926,7 @@ void LayerTreeHostImpl::SynchronouslyInitializeAllTiles() {
void LayerTreeHostImpl::DidLoseCompositorFrameSink() {
if (resource_provider_)
resource_provider_->DidLoseContextProvider();
+ has_valid_compositor_frame_sink_ = false;
client_->DidLoseCompositorFrameSinkOnImplThread();
}
@@ -2257,8 +2259,12 @@ void LayerTreeHostImpl::CleanUpTileManagerAndUIResources() {
void LayerTreeHostImpl::ReleaseCompositorFrameSink() {
TRACE_EVENT0("cc", "LayerTreeHostImpl::ReleaseCompositorFrameSink");
- if (!compositor_frame_sink_)
+ if (!compositor_frame_sink_) {
+ DCHECK(!has_valid_compositor_frame_sink_);
return;
+ }
+
+ has_valid_compositor_frame_sink_ = false;
// Since we will create a new resource provider, we cannot continue to use
// the old resources (i.e. render_surfaces and texture IDs). Clear them
@@ -2302,6 +2308,7 @@ bool LayerTreeHostImpl::InitializeRenderer(
return false;
}
+ has_valid_compositor_frame_sink_ = true;
// When using software compositing, change to the limits specified for it.
// Since this is a one way trip, we don't need to worry about going back to
// GPU compositing.
@@ -3701,6 +3708,10 @@ void LayerTreeHostImpl::CreateUIResource(UIResourceId uid,
if (id)
DeleteUIResource(uid);
+ MarkUIResourceNotEvicted(uid);
danakj 2016/09/20 01:17:34 I think you wanna mark evicted (instead of *not ev
no sievers 2016/09/20 22:20:35 Doh, thanks.. done!
+ if (!has_valid_compositor_frame_sink_)
+ return;
+
ResourceFormat format = resource_provider_->best_texture_format();
switch (bitmap.GetFormat()) {
case UIResourceBitmap::RGBA8:
@@ -3780,13 +3791,13 @@ void LayerTreeHostImpl::CreateUIResource(UIResourceId uid,
ui_resource_map_[uid] = data;
resource_provider_->GenerateSyncTokenForResource(id);
- MarkUIResourceNotEvicted(uid);
}
void LayerTreeHostImpl::DeleteUIResource(UIResourceId uid) {
ResourceId id = ResourceIdForUIResource(uid);
if (id) {
- resource_provider_->DeleteResource(id);
+ if (has_valid_compositor_frame_sink_)
+ resource_provider_->DeleteResource(id);
ui_resource_map_.erase(uid);
}
MarkUIResourceNotEvicted(uid);
« no previous file with comments | « cc/trees/layer_tree_host_impl.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698