Title: [181369] releases/WebKitGTK/webkit-2.8/Source/WebKit2
- Revision
- 181369
- Author
- carlo...@webkit.org
- Date
- 2015-03-11 00:41:07 -0700 (Wed, 11 Mar 2015)
Log Message
Merge r181272 - bmalloc: tryFastMalloc shouldn't crash
https://bugs.webkit.org/show_bug.cgi?id=142443
Reviewed by Anders Carlsson.
Part 1: Stop using tryFastRealloc.
* Shared/ShareableBitmap.cpp:
(WebKit::ShareableBitmap::resize): Deleted.
* Shared/ShareableBitmap.h: Removed the resize function because it has
no clients.
* WebProcess/Plugins/PluginProxy.cpp:
(WebKit::PluginProxy::updateBackingStore): Changed to allocate a new
backing store instead of resizing the old one. This has three advantages:
(1) Might be more memory-efficient, since you don't have to keep the old
one around while allocating the new one.
(2) Avoids the overhead of realloc() copying the contents of the old
backing store even though we only want uninitialized memory.
(3) Makes resize failure consistent with initial allocation failure.
Previously, while initial allocation failure would set the backing store
to null, resize failure would keep the old wrong backing store and then
tell it not to paint. Now, resize failure also sets the backing store to
null.
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.8/Source/WebKit2/ChangeLog (181368 => 181369)
--- releases/WebKitGTK/webkit-2.8/Source/WebKit2/ChangeLog 2015-03-11 07:10:08 UTC (rev 181368)
+++ releases/WebKitGTK/webkit-2.8/Source/WebKit2/ChangeLog 2015-03-11 07:41:07 UTC (rev 181369)
@@ -1,3 +1,33 @@
+2015-03-09 Geoffrey Garen <gga...@apple.com>
+
+ bmalloc: tryFastMalloc shouldn't crash
+ https://bugs.webkit.org/show_bug.cgi?id=142443
+
+ Reviewed by Anders Carlsson.
+
+ Part 1: Stop using tryFastRealloc.
+
+ * Shared/ShareableBitmap.cpp:
+ (WebKit::ShareableBitmap::resize): Deleted.
+ * Shared/ShareableBitmap.h: Removed the resize function because it has
+ no clients.
+
+ * WebProcess/Plugins/PluginProxy.cpp:
+ (WebKit::PluginProxy::updateBackingStore): Changed to allocate a new
+ backing store instead of resizing the old one. This has three advantages:
+
+ (1) Might be more memory-efficient, since you don't have to keep the old
+ one around while allocating the new one.
+
+ (2) Avoids the overhead of realloc() copying the contents of the old
+ backing store even though we only want uninitialized memory.
+
+ (3) Makes resize failure consistent with initial allocation failure.
+ Previously, while initial allocation failure would set the backing store
+ to null, resize failure would keep the old wrong backing store and then
+ tell it not to paint. Now, resize failure also sets the backing store to
+ null.
+
2015-03-05 Carlos Garcia Campos <cgar...@igalia.com>
REGRESSION(r180924): ASSERTION FAILED: !from.isEmpty() in WebCore::TransformationMatrix::rectToRect
Modified: releases/WebKitGTK/webkit-2.8/Source/WebKit2/Shared/ShareableBitmap.cpp (181368 => 181369)
--- releases/WebKitGTK/webkit-2.8/Source/WebKit2/Shared/ShareableBitmap.cpp 2015-03-11 07:10:08 UTC (rev 181368)
+++ releases/WebKitGTK/webkit-2.8/Source/WebKit2/Shared/ShareableBitmap.cpp 2015-03-11 07:41:07 UTC (rev 181369)
@@ -138,29 +138,6 @@
fastFree(m_data);
}
-bool ShareableBitmap::resize(const IntSize& size)
-{
- // We can't resize backing stores that are backed by shared memory.
- ASSERT(!isBackedBySharedMemory());
-
- if (size == m_size)
- return true;
-
- size_t newNumBytes = numBytesForSize(size);
-
- // Try to resize.
- char* newData = 0;
- if (!tryFastRealloc(m_data, newNumBytes).getValue(newData)) {
- // We failed, but the backing store is still kept in a consistent state.
- return false;
- }
-
- m_size = size;
- m_data = newData;
-
- return true;
-}
-
void* ShareableBitmap::data() const
{
if (isBackedBySharedMemory())
Modified: releases/WebKitGTK/webkit-2.8/Source/WebKit2/Shared/ShareableBitmap.h (181368 => 181369)
--- releases/WebKitGTK/webkit-2.8/Source/WebKit2/Shared/ShareableBitmap.h 2015-03-11 07:10:08 UTC (rev 181368)
+++ releases/WebKitGTK/webkit-2.8/Source/WebKit2/Shared/ShareableBitmap.h 2015-03-11 07:41:07 UTC (rev 181369)
@@ -95,8 +95,6 @@
const WebCore::IntSize& size() const { return m_size; }
WebCore::IntRect bounds() const { return WebCore::IntRect(WebCore::IntPoint(), size()); }
- bool resize(const WebCore::IntSize& size);
-
// Create a graphics context that can be used to paint into the backing store.
std::unique_ptr<WebCore::GraphicsContext> createGraphicsContext();
Modified: releases/WebKitGTK/webkit-2.8/Source/WebKit2/WebProcess/Plugins/PluginProxy.cpp (181368 => 181369)
--- releases/WebKitGTK/webkit-2.8/Source/WebKit2/WebProcess/Plugins/PluginProxy.cpp 2015-03-11 07:10:08 UTC (rev 181368)
+++ releases/WebKitGTK/webkit-2.8/Source/WebKit2/WebProcess/Plugins/PluginProxy.cpp 2015-03-11 07:41:07 UTC (rev 181369)
@@ -593,18 +593,15 @@
IntSize backingStoreSize = m_pluginSize;
backingStoreSize.scale(contentsScaleFactor());
-
- if (!m_backingStore) {
- m_backingStore = ShareableBitmap::create(backingStoreSize, ShareableBitmap::SupportsAlpha);
- return true;
- }
- if (backingStoreSize != m_backingStore->size()) {
- // The backing store already exists, just resize it.
- return m_backingStore->resize(backingStoreSize);
+ if (m_backingStore) {
+ if (m_backingStore->size() == backingStoreSize)
+ return false;
+ m_backingStore = nullptr; // Give malloc a chance to recycle our backing store.
}
- return false;
+ m_backingStore = ShareableBitmap::create(backingStoreSize, ShareableBitmap::SupportsAlpha);
+ return !!m_backingStore;
}
uint64_t PluginProxy::windowNPObjectID()
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
