[webkit-changes] [284644] trunk/Source/WebKit

Thu, 21 Oct 2021 14:33:54 -0700

Title: [284644] trunk/Source/WebKit
Revision
284644
Author
simon.fra...@apple.com
Date
2021-10-21 14:33:01 -0700 (Thu, 21 Oct 2021)

Log Message

Rare crash under DisplayLink::displayLinkCallback()
https://bugs.webkit.org/show_bug.cgi?id=232101
<rdar://84153991>

Reviewed by Tim Horton.

The crash was a divide by zero under m_currentUpdate.nextUpdate(), indicating that
m_currentUpdate.updatesPerSecond was zero. Previous assumptions that this was caused
by weird display configs were wrong. The actual issue is a race condition where
the callback can fire while we're still inside CVDisplayLinkStart(), or at least
before we've updated m_currentUpdate.

The fix is to initialize m_currentUpdate before we call CVDisplayLinkStart().

* UIProcess/mac/DisplayLink.cpp:
(WebKit::DisplayLink::addObserver):

Modified Paths

Diff

Modified: trunk/Source/WebKit/ChangeLog (284643 => 284644)


--- trunk/Source/WebKit/ChangeLog	2021-10-21 21:22:09 UTC (rev 284643)
+++ trunk/Source/WebKit/ChangeLog	2021-10-21 21:33:01 UTC (rev 284644)
@@ -1,3 +1,22 @@
+2021-10-21  Simon Fraser  <simon.fra...@apple.com>
+
+        Rare crash under DisplayLink::displayLinkCallback()
+        https://bugs.webkit.org/show_bug.cgi?id=232101
+        <rdar://84153991>
+
+        Reviewed by Tim Horton.
+
+        The crash was a divide by zero under m_currentUpdate.nextUpdate(), indicating that
+        m_currentUpdate.updatesPerSecond was zero. Previous assumptions that this was caused
+        by weird display configs were wrong. The actual issue is a race condition where
+        the callback can fire while we're still inside CVDisplayLinkStart(), or at least
+        before we've updated m_currentUpdate.
+
+        The fix is to initialize m_currentUpdate before we call CVDisplayLinkStart().
+
+        * UIProcess/mac/DisplayLink.cpp:
+        (WebKit::DisplayLink::addObserver):
+
 2021-10-21  Per Arne Vollan <pvol...@apple.com>
 
         Launch Services database is not always sent to GPUP

Modified: trunk/Source/WebKit/UIProcess/mac/DisplayLink.cpp (284643 => 284644)


--- trunk/Source/WebKit/UIProcess/mac/DisplayLink.cpp	2021-10-21 21:22:09 UTC (rev 284643)
+++ trunk/Source/WebKit/UIProcess/mac/DisplayLink.cpp	2021-10-21 21:33:01 UTC (rev 284644)
@@ -101,16 +101,12 @@
 
     if (!CVDisplayLinkIsRunning(m_displayLink)) {
         LOG_WITH_STREAM(DisplayLink, stream << "[UI ] DisplayLink for display " << m_displayID << " starting CVDisplayLink with fps " << m_displayNominalFramesPerSecond);
+
+        m_currentUpdate = { 0, m_displayNominalFramesPerSecond };
+
         CVReturn error = CVDisplayLinkStart(m_displayLink);
         if (error)
             RELEASE_LOG_FAULT(DisplayLink, "DisplayLink: Could not start the display link: %d", error);
-
-        if (!m_displayNominalFramesPerSecond) {
-            RELEASE_LOG_FAULT(DisplayLink, "DisplayLink: displayNominalFramesPerSecond is 0, using %d", WebCore::FullSpeedFramesPerSecond);
-            m_displayNominalFramesPerSecond = WebCore::FullSpeedFramesPerSecond;
-        };
-
-        m_currentUpdate = { 0, m_displayNominalFramesPerSecond };
     }
 }
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to