[Webkit-unassigned] [Bug 177406] New: Images may render partial frames even after loading all the encoded data

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Sep 23 01:38:27 PDT 2017 

https://bugs.webkit.org/show_bug.cgi?id=177406

            Bug ID: 177406
           Summary: Images may render partial frames even after loading
                    all the encoded data
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Images
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: sabouhallawa at apple.com

This bug can happen if the image decoding thread is closed after it finished decoding the partially loaded frame. The dead decoding thread can shuts down itself if the SynchronizedFixedQueue notifies it that it has been closed. This can happen if the dispatcher makes this thread active. But before this happens, new image data is received, the image renderer is invalidated and a new decoding request is made. So a new decoding thread is created and a frame request is pushed to the SynchronizedFixedQueue. The dead thread still can access the SynchronizedFixedQueue but it did not get a chance to be active between closing the SynchronizedFixedQueue and reopening it. So the dead thread dequeues the new decoding request. When it finishes decoding, it realizes it is already dead so it drops the decoded frame. So although we received new image data we do not draw a newer image frame. If this happens after receiving all the data, the full image full won't be rendered.

This is the calling stack that can lead to this bug:

// Receiving image data and render repaint.
BitmapImage::draw()
ImageSource::requestFrameAsyncDecodingAtIndex()
ImageFrameCache::requestFrameAsyncDecodingAtIndex()
ImageFrameCache::startAsyncDecodingQueue()
WorkQueue::create()                                 // Creates a WorkQueue, say WQ1.
  ImageDecoder::createFrameImageAtIndex()           // Happens in the decoding thread WQ1.
  callOnMainThread()                                // Gets dispatched from WQ1.
    ImageFrameCache::cacheNativeImageAtIndexAsync() // Get called from callOnMainThread() from the decoding thread WQ1.
    BitmapImage::imageFrameAvailableAtIndex()       // The renderer is invalidated
    ImageSource::stopAsyncDecodingQueue()
    ImageFrameCache::stopAsyncDecodingQueue()
    SynchronizedFixedQueue::close()
BitmapImage::draw()                                 // The new frame is drawn.

// Receiving image data and render repaint.
BitmapImage::draw()
ImageSource::requestFrameAsyncDecodingAtIndex()
ImageFrameCache::requestFrameAsyncDecodingAtIndex()
ImageFrameCache::startAsyncDecodingQueue()
WorkQueue::create()                                 // Creates a WorkQueue, say WQ2
  ImageDecoder::createFrameImageAtIndex()           // Happens in the dead decoding thread WQ1
  callOnMainThread()                                // Gets dispatched from WQ1.
     m_decodingQueue != protectedQueue              // This frame is dropped to the floor and the render does not get repainted.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170923/962cda11/attachment.html>

More information about the webkit-unassigned mailing list