diff options
| author | Chris Craik <ccraik@google.com> | 2012-08-31 15:08:20 -0700 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2012-08-31 15:08:20 -0700 |
| commit | abf93d76e0e37c2b42370f49dd171cde2096f92d (patch) | |
| tree | 4f9480855b63a1be41cb64779da293b79e62c059 | |
| parent | 0bcdd8399abbde312576550f32aa574145be5988 (diff) | |
| parent | cf1488f378638819eeb5fc276213437f6cbd0783 (diff) | |
| download | external_webkit-abf93d76e0e37c2b42370f49dd171cde2096f92d.zip external_webkit-abf93d76e0e37c2b42370f49dd171cde2096f92d.tar.gz external_webkit-abf93d76e0e37c2b42370f49dd171cde2096f92d.tar.bz2 | |
Merge "Avoid unsafe use of SkRefCnt::getRefCnt() in ImagesManager" into jb-mr1-dev
3 files changed, 14 insertions, 2 deletions
diff --git a/Source/WebCore/platform/graphics/android/rendering/ImageTexture.cpp b/Source/WebCore/platform/graphics/android/rendering/ImageTexture.cpp index aa84427..db03753 100644 --- a/Source/WebCore/platform/graphics/android/rendering/ImageTexture.cpp +++ b/Source/WebCore/platform/graphics/android/rendering/ImageTexture.cpp @@ -101,6 +101,7 @@ ImageTexture::~ImageTexture() delete m_image; delete m_tileGrid; SkSafeUnref(m_picture); + ImagesManager::instance()->onImageTextureDestroy(m_crc); } SkBitmap* ImageTexture::convertBitmap(SkBitmap* bitmap) diff --git a/Source/WebCore/platform/graphics/android/rendering/ImagesManager.cpp b/Source/WebCore/platform/graphics/android/rendering/ImagesManager.cpp index 82ea3fa..d2bd8a0 100644 --- a/Source/WebCore/platform/graphics/android/rendering/ImagesManager.cpp +++ b/Source/WebCore/platform/graphics/android/rendering/ImagesManager.cpp @@ -102,12 +102,20 @@ void ImagesManager::releaseImage(unsigned imgCRC) android::Mutex::Autolock lock(m_imagesLock); if (m_images.contains(imgCRC)) { ImageTexture* image = m_images.get(imgCRC); - if (image->getRefCnt() == 1) - m_images.remove(imgCRC); + // don't need to remove image from the HashMap, it will unregister + // itself by calling onImageTextureDestroy(). + SkSafeUnref(image); } } +void ImagesManager::onImageTextureDestroy(unsigned imgCRC) +{ + // NOTE: all unrefs must go through releaseImage, to ensure that + // onImageTextureDestroy is called under the m_imagesLock + m_images.remove(imgCRC); +} + int ImagesManager::nbTextures() { android::Mutex::Autolock lock(m_imagesLock); diff --git a/Source/WebCore/platform/graphics/android/rendering/ImagesManager.h b/Source/WebCore/platform/graphics/android/rendering/ImagesManager.h index b915a46..718cfdd 100644 --- a/Source/WebCore/platform/graphics/android/rendering/ImagesManager.h +++ b/Source/WebCore/platform/graphics/android/rendering/ImagesManager.h @@ -47,6 +47,9 @@ public: ImageTexture* retainImage(unsigned imgCRC); void releaseImage(unsigned imgCRC); + // should be called only by ~ImageTexture() + void onImageTextureDestroy(unsigned imgCRC); + bool prepareTextures(GLWebViewState*); int nbTextures(); |