[Webkit-unassigned] [Bug 59026] New: RenderLayers mutate the GraphicsLayer tree during GraphicsLayerClient::paintContents callback

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Apr 20 14:24:15 PDT 2011 

https://bugs.webkit.org/show_bug.cgi?id=59026

           Summary: RenderLayers mutate the GraphicsLayer tree during
                    GraphicsLayerClient::paintContents callback
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Mac OS X 10.5
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: New Bugs
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: jamesr at chromium.org
                CC: simon.fraser at apple.com, vangelis at chromium.org,
                    enne at google.com, nduca at chromium.org


The composited layer paint callback can call RenderLayer::paintLayer() which calls RenderLayer::updateCompositingLayers() (http://trac.webkit.org/browser/trunk/Source/WebCore/rendering/RenderLayer.cpp#L2577) which can cause arbitrary mutations to the GraphicsLayer tree or turn compositing off.  This likely produces incorrect compositing results everywhere and causes crashes in the Chromium compositor implementation as it is currently not safe to arbitrary mutations during painting.  Here's one example callstack showing the compositor becoming disabled during paint (chromium-specific bits of the stack omitted):

 #9 0x00000000006a8fb7 in WebCore::RenderLayerCompositor::enableCompositingMode
    (this=0x7fffebcb8640, enable=false)
    at third_party/WebKit/Source/WebCore/rendering/RenderLayerCompositor.cpp:138
#10 0x00000000006ab160 in WebCore::RenderLayerCompositor::computeCompositingRequirements (this=0x7fffebcb8640, layer=0x7fffebc89c78, 
    overlapMap=0x7fffffffa960, compositingState=..., 
    layersChanged=@0x7fffffffa95c)
    at third_party/WebKit/Source/WebCore/rendering/RenderLayerCompositor.cpp:726
#11 0x00000000006a9580 in WebCore::RenderLayerCompositor::updateCompositingLayers (this=0x7fffebcb8640, 
    updateType=WebCore::CompositingUpdateOnPaitingOrHitTest, 
    updateRoot=0x7fffebc89c78)
    at third_party/WebKit/Source/WebCore/rendering/RenderLayerCompositor.cpp:287
#12 0x0000000000694f7c in WebCore::RenderLayer::updateCompositingAndLayerListsIfNeeded (this=0x7fffebc89c78)
    at third_party/WebKit/Source/WebCore/rendering/RenderLayer.cpp:3880
#13 0x000000000068ecf0 in WebCore::RenderLayer::paintLayer (
    this=0x7fffebc89c78, rootLayer=0x7fffebc89c78, p=0x7fffeb40a6c0, 
    paintDirtyRect=..., paintBehavior=0, paintingRoot=0x0, 
    overlapTestRequests=0x7fffffffad80, paintFlags=0)
    at third_party/WebKit/Source/WebCore/rendering/RenderLayer.cpp:2578
#14 0x000000000068e281 in WebCore::RenderLayer::paint (this=0x7fffebc89c78, 
    p=0x7fffeb40a6c0, damageRect=..., paintBehavior=0, paintingRoot=0x0)
    at third_party/WebKit/Source/WebCore/rendering/RenderLayer.cpp:2425
#15 0x0000000000cc7b59 in WebCore::FrameView::paintContents (
    this=0x7fffeb710600, p=0x7fffeb40a6c0, rect=...)
    at third_party/WebKit/Source/WebCore/page/FrameView.cpp:2355
#16 0x000000000289322f in WebCore::ScrollView::paint (this=0x7fffeb710600, 
    context=0x7fffeb40a6c0, rect=...)
    at third_party/WebKit/Source/WebCore/platform/ScrollView.cpp:1005
#17 0x0000000000710ef7 in WebCore::RenderWidget::paint (this=0x7ffff7ecee18, 
    paintInfo=..., tx=0, ty=0)
    at third_party/WebKit/Source/WebCore/rendering/RenderWidget.cpp:301
#18 0x00000000006a4831 in WebCore::RenderLayerBacking::paintIntoLayer (
    this=0x7fffeb6f8070, rootLayer=0x7fffebc9cdd8, context=0x7fffeb40a6c0, 
    paintDirtyRect=..., paintBehavior=0, 
    paintingPhase=WebCore::GraphicsLayerPaintAll, paintingRoot=0x7ffff7ecee18)
    at third_party/WebKit/Source/WebCore/rendering/RenderLayerBacking.cpp:1153
#19 0x00000000006a4ea9 in WebCore::RenderLayerBacking::paintContents (
    this=0x7fffeb6f8070, graphicsLayer=0x7fffeb6e1800, context=..., 
    paintingPhase=WebCore::GraphicsLayerPaintAll, clip=...)
    at third_party/WebKit/Source/WebCore/rendering/RenderLayerBacking.cpp:1224
#20 0x0000000002920104 in WebCore::GraphicsLayer::paintGraphicsLayerContents (
    this=0x7fffeb6e1800, context=..., clip=...)
    at third_party/WebKit/Source/WebCore/platform/graphics/GraphicsLayer.cpp:248

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list