[Webkit-unassigned] [Bug 161605] [GTK] Crash of WebProcess on the last WebView disconnect

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Sep 6 23:10:33 PDT 2016 

https://bugs.webkit.org/show_bug.cgi?id=161605

Carlos Garcia Campos <cgarcia at igalia.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |cgarcia at igalia.com

--- Comment #6 from Carlos Garcia Campos <cgarcia at igalia.com> ---
(In reply to comment #5)
> OK, so... there are a couple different ways to fix this, but fundamentally
> the problem is the GLContext class hands off ownership of new GLContexts to
> callers in its create functions, returning std::unique_ptrs. Then it goes
> behind the callers' backs and deletes them all in an exit handler if they
> haven't already been deleted. That fails here, as PlatformDisplay also gets
> deleted in an exit handler, which runs after GLContext's exit handler,
> causing the same GLContext to be deleted twice.

This is not accurate. PlatformDisplay is not deleted in an exit handler, it's a static std::unique_ptr that is deleted after all exit handlers.

> There are many ways to fix this... remove the GLContext exit handler (seems
> like the correct solution, but it carries a warning of possibly crashing the
> X server when using nvidia proprietary driver? do we care?),

Never liked that, TBH, I was tempted to remove it when reworked the GLContext. It's probably a workaround for a bug in nvidia drivers that might have already been fixed. In any case, all contexts created now except the sharing context that is owned by the PlatformDisplay should be freed already on exit.

> leak the
> PlatformDisplay's GLContext by calling release() on the unique_ptr and rely
> on the GLContext exit handler to free it,

This is not possible because the GLContext exit handler is a workaround used on for X11 contexts, and other classes shouldn't rely on that.

> create a throwaway GLContext the
> first time PlatformDisplay::initializeEGLDisplay is called to ensure the
> GLContext exit handler gets registered first (and therefore executed last at
> exit time)... let's see if Carlos Garcia has an opinion on what's best.

This has nothing to do with EGLDisplay, the crash is happening on ~PlatformDisplay and the exit handler of the EGLDisplay doesn't delete the PlatformDisplay.

So, the solution is either removing the GLContext active contents handling assuming the nvidia issue is now fixed, or the conservative solution could be to not handle the sharing context as active context, since we are sure PlatformDisplay destructor is always called.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160907/9bf81dd3/attachment.html>

More information about the webkit-unassigned mailing list