[Webkit-unassigned] [Bug 67582] Calling nativeImageForCurrentFrame() causes assertion failure: m_verifier.isSafeToUse()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Sep 9 09:16:06 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=67582
--- Comment #6 from David Levin <levin at chromium.org> 2011-09-09 09:16:05 PST ---
(In reply to comment #5)
> Sorry, I still fail to see what could be done in ewk.
>
> ewk_history_item_icon_surface_get's behavior follows quite closely what the PARANOID DISCUSSION comment describes,
The PARANOID DISCUSSION comment seems to make some assumptions that aren't always true. I don't think this method is safe for you to call like this since thing you do right after the call isn't safe.
imo, it would be hard to see this issue when that comment was written. It seems to assume a model like what windows does which calls "BitmapImage::getHBITMAPOfSize" This method doesn't ref count any internal structures.
> in that it just calls synchronousIconForPageURL and creates a platform-specific representation of the raw image (in ewk's case, a cairo_surface_t). We can't hold the m_urlAndIconLock mutex ourselves, and the rest of the call stack is inside WebCore.
>
> Can you elaborate a little on your thoughts?
Your comments point in the right direction. Remove the call to IconDatabase ::synchronousIconForPageURL and add a new method to converts to your platform specific representation while holding the lock. Then call this method instead.
Does that make sense to you? (The current state of things appears to leave you open to race conditions which make cause misc crashes at random points in your code.)
PS imo, this method seems flawed and perhaps we should just remove it in every platform, but for this bug ewk is the target :). I suspect the OS X platform may have similar issues because it calls webGetNSImage which does some complicated things. I'll look at this for other platforms and file some bugs.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list