| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "services/ui/surfaces/display_compositor.h" | 5 #include "services/ui/surfaces/display_compositor.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/memory/ptr_util.h" | 10 #include "base/memory/ptr_util.h" |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 48 DisplayCompositor::~DisplayCompositor() { | 48 DisplayCompositor::~DisplayCompositor() { |
| 49 DCHECK(thread_checker_.CalledOnValidThread()); | 49 DCHECK(thread_checker_.CalledOnValidThread()); |
| 50 manager_.RemoveObserver(this); | 50 manager_.RemoveObserver(this); |
| 51 } | 51 } |
| 52 | 52 |
| 53 void DisplayCompositor::OnClientConnectionLost( | 53 void DisplayCompositor::OnClientConnectionLost( |
| 54 const cc::FrameSinkId& frame_sink_id, | 54 const cc::FrameSinkId& frame_sink_id, |
| 55 bool destroy_compositor_frame_sink) { | 55 bool destroy_compositor_frame_sink) { |
| 56 DCHECK(thread_checker_.CalledOnValidThread()); | 56 DCHECK(thread_checker_.CalledOnValidThread()); |
| 57 if (destroy_compositor_frame_sink) | 57 if (destroy_compositor_frame_sink) |
| 58 compositor_frame_sinks_.erase(frame_sink_id); | 58 DestroyCompositorFrameSink(frame_sink_id); |
| 59 // TODO(fsamuel): Tell the display compositor host that the client connection | 59 // TODO(fsamuel): Tell the display compositor host that the client connection |
| 60 // has been lost so that it can drop its private connection and allow a new | 60 // has been lost so that it can drop its private connection and allow a new |
| 61 // client instance to create a new CompositorFrameSink. | 61 // client instance to create a new CompositorFrameSink. |
| 62 } | 62 } |
| 63 | 63 |
| 64 void DisplayCompositor::OnPrivateConnectionLost( | 64 void DisplayCompositor::OnPrivateConnectionLost( |
| 65 const cc::FrameSinkId& frame_sink_id, | 65 const cc::FrameSinkId& frame_sink_id, |
| 66 bool destroy_compositor_frame_sink) { | 66 bool destroy_compositor_frame_sink) { |
| 67 DCHECK(thread_checker_.CalledOnValidThread()); | 67 DCHECK(thread_checker_.CalledOnValidThread()); |
| 68 if (destroy_compositor_frame_sink) | 68 if (destroy_compositor_frame_sink) |
| 69 compositor_frame_sinks_.erase(frame_sink_id); | 69 DestroyCompositorFrameSink(frame_sink_id); |
| 70 } | 70 } |
| 71 | 71 |
| 72 void DisplayCompositor::CreateDisplayCompositorFrameSink( | 72 void DisplayCompositor::CreateDisplayCompositorFrameSink( |
| 73 const cc::FrameSinkId& frame_sink_id, | 73 const cc::FrameSinkId& frame_sink_id, |
| 74 gpu::SurfaceHandle surface_handle, | 74 gpu::SurfaceHandle surface_handle, |
| 75 cc::mojom::MojoCompositorFrameSinkAssociatedRequest request, | 75 cc::mojom::MojoCompositorFrameSinkAssociatedRequest request, |
| 76 cc::mojom::MojoCompositorFrameSinkPrivateRequest private_request, | 76 cc::mojom::MojoCompositorFrameSinkPrivateRequest private_request, |
| 77 cc::mojom::MojoCompositorFrameSinkClientPtr client, | 77 cc::mojom::MojoCompositorFrameSinkClientPtr client, |
| 78 cc::mojom::DisplayPrivateAssociatedRequest display_private_request) { | 78 cc::mojom::DisplayPrivateAssociatedRequest display_private_request) { |
| 79 DCHECK(thread_checker_.CalledOnValidThread()); | 79 DCHECK(thread_checker_.CalledOnValidThread()); |
| (...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 148 base::CommandLine::ForCurrentProcess()->HasSwitch( | 148 base::CommandLine::ForCurrentProcess()->HasSwitch( |
| 149 cc::switches::kShowOverdrawFeedback); | 149 cc::switches::kShowOverdrawFeedback); |
| 150 | 150 |
| 151 return base::MakeUnique<cc::Display>( | 151 return base::MakeUnique<cc::Display>( |
| 152 nullptr /* bitmap_manager */, gpu_memory_buffer_manager_.get(), settings, | 152 nullptr /* bitmap_manager */, gpu_memory_buffer_manager_.get(), settings, |
| 153 frame_sink_id, begin_frame_source, std::move(display_output_surface), | 153 frame_sink_id, begin_frame_source, std::move(display_output_surface), |
| 154 std::move(scheduler), | 154 std::move(scheduler), |
| 155 base::MakeUnique<cc::TextureMailboxDeleter>(task_runner_.get())); | 155 base::MakeUnique<cc::TextureMailboxDeleter>(task_runner_.get())); |
| 156 } | 156 } |
| 157 | 157 |
| 158 void DisplayCompositor::DestroyCompositorFrameSink(cc::FrameSinkId sink_id) { |
| 159 compositor_frame_sinks_.erase(sink_id); |
| 160 } |
| 161 |
| 158 void DisplayCompositor::OnSurfaceCreated(const cc::SurfaceInfo& surface_info) { | 162 void DisplayCompositor::OnSurfaceCreated(const cc::SurfaceInfo& surface_info) { |
| 159 DCHECK(thread_checker_.CalledOnValidThread()); | 163 DCHECK(thread_checker_.CalledOnValidThread()); |
| 160 DCHECK_GT(surface_info.device_scale_factor(), 0.0f); | 164 DCHECK_GT(surface_info.device_scale_factor(), 0.0f); |
| 161 | 165 |
| 162 if (client_) | 166 if (client_) |
| 163 client_->OnSurfaceCreated(surface_info); | 167 client_->OnSurfaceCreated(surface_info); |
| 164 } | 168 } |
| 165 | 169 |
| 166 void DisplayCompositor::OnSurfaceDamaged(const cc::SurfaceId& surface_id, | 170 void DisplayCompositor::OnSurfaceDamaged(const cc::SurfaceId& surface_id, |
| 167 bool* changed) {} | 171 bool* changed) {} |
| 168 | 172 |
| 169 } // namespace ui | 173 } // namespace ui |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2673823002:
display compositor: Fix a use-after-free when a frame sink is destroyed. (Closed)
