diff options
| author | Chris Craik <ccraik@google.com> | 2012-08-31 14:52:50 -0700 |
|---|---|---|
| committer | Chris Craik <ccraik@google.com> | 2012-08-31 14:52:50 -0700 |
| commit | cf1488f378638819eeb5fc276213437f6cbd0783 (patch) | |
| tree | 6b566cfb2e422be76129ac7bf83a01364f1b1a07 /Source/WebCore/platform/graphics/android/rendering/ImagesManager.h | |
| parent | 3f9aace3c8671247a9b06117658d44282871ba89 (diff) | |
| download | external_webkit-cf1488f378638819eeb5fc276213437f6cbd0783.zip external_webkit-cf1488f378638819eeb5fc276213437f6cbd0783.tar.gz external_webkit-cf1488f378638819eeb5fc276213437f6cbd0783.tar.bz2 | |
Avoid unsafe use of SkRefCnt::getRefCnt() in ImagesManager
The function isn't threadsafe, so races would occur and certain textures
wouldn't be removed from ImagesManager's master list. The list would then be
iterated over, all items dereferenced, and bad times would ensue.
The SkRefCnt class uses atomic inc/dec to decide when to destroy an object, but
reading such an integer non-atomically isn't safe. Instead use the real signal
we're looking for - when the ImageTexture is deleted - to know when to remove
the ImageTexture from ImagesManager's list.
Mutual exclusion from editing the list is now maintained by only unref-ing the
ImageTexture within releaseImage, which holds the ImagesManager's m_imagesLock
(which we already do anyway).
bug:6859278
Change-Id: I75ebf79f2617484e7df355d6539226ce64882369
Diffstat (limited to 'Source/WebCore/platform/graphics/android/rendering/ImagesManager.h')
| -rw-r--r-- | Source/WebCore/platform/graphics/android/rendering/ImagesManager.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/Source/WebCore/platform/graphics/android/rendering/ImagesManager.h b/Source/WebCore/platform/graphics/android/rendering/ImagesManager.h index b915a46..718cfdd 100644 --- a/Source/WebCore/platform/graphics/android/rendering/ImagesManager.h +++ b/Source/WebCore/platform/graphics/android/rendering/ImagesManager.h @@ -47,6 +47,9 @@ public: ImageTexture* retainImage(unsigned imgCRC); void releaseImage(unsigned imgCRC); + // should be called only by ~ImageTexture() + void onImageTextureDestroy(unsigned imgCRC); + bool prepareTextures(GLWebViewState*); int nbTextures(); |