[webkit-reviews] review requested: [Bug 27777] ImageSourceCG makes bad data refs (race condition causes blank images) : [Attachment 33665] Patch to fix
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jul 28 13:23:24 PDT 2009
Avi Drissman <avi at drissman.com> has asked Darin Fisher (:fishd, Google)
<fishd at chromium.org> for review:
Bug 27777: ImageSourceCG makes bad data refs (race condition causes blank
images)
https://bugs.webkit.org/show_bug.cgi?id=27777
Attachment 33665: Patch to fix
https://bugs.webkit.org/attachment.cgi?id=33665&action=review
------- Additional Comments from Avi Drissman <avi at drissman.com>
When you create a CGImageRef, it takes the CFDataRef that holds its backing
data, and retains it for its entire lifetime.
The problem here is that ImageSourceCG uses CFDataCreateWithBytesNoCopy to
create the CFDataRef containing the image data. When you use
CFDataCreateWithBytesNoCopy, it's up to you to ensure that the backing store
that you pass to it stays valid through the lifetime of the created CFDataRef.
Since the lifetime of the CFDataRef is the lifetime of the CGImageRef,
ImageSourceCG makes a promise that it can't keep. The SharedBuffer is passed in
as a parameter to setData--who knows if it will live longer than the created
CGImageRef?
More information about the webkit-reviews
mailing list