diff options
| author | Anu Aliyas <anu.aliyas@qt.io> | 2024-08-01 11:29:59 +0200 |
|---|---|---|
| committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2024-08-07 16:12:57 +0000 |
| commit | 57ba058ac34b6b7582a3b329bf3f5f8ee253e4e7 (patch) | |
| tree | f58849102ab390ed31c8a26531dcc7cce62832f3 | |
| parent | 5ee7901bc6d7fc44af19a464074413de1a836881 (diff) | |
Avoid crash on WebEngineView destruction with ASAN enabled
The chromium's raw_ptr implementation sets the pointer to null on
destruction if ASAN is enabled. This will lead to crash when trying to
access m_factory which is null from the NativeSkiaOutputDevice::Buffer
destructor. Both buffer and m_factory are members of the class
NativeSkiaOutputDevice. Member variables are deleted in bottom-to-top
order based on their declaration. So, by the time the buffer
destructor is invoked, m_factory is set to null. Used C++ raw pointer
instead of chromium’s raw_ptr and added a nullptr check.
Change-Id: Idfad2f5b1bb2adf8923a8fab872fdbaedf6c49f9
Pick-to: 6.7
Fixes: QTBUG-127611
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
(cherry picked from commit 9bcb567b6799bffe90b6d9f90da42fc331684947)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
| -rw-r--r-- | src/core/compositor/native_skia_output_device.cpp | 2 | ||||
| -rw-r--r-- | src/core/compositor/native_skia_output_device.h | 9 |
2 files changed, 5 insertions, 6 deletions
diff --git a/src/core/compositor/native_skia_output_device.cpp b/src/core/compositor/native_skia_output_device.cpp index 4420e8d59..3c916d114 100644 --- a/src/core/compositor/native_skia_output_device.cpp +++ b/src/core/compositor/native_skia_output_device.cpp @@ -212,7 +212,7 @@ NativeSkiaOutputDevice::Buffer::~Buffer() if (m_scopedSkiaWriteAccess) endWriteSkia(false); - if (!m_mailbox.IsZero()) + if (!m_mailbox.IsZero() && m_parent->m_factory) m_parent->m_factory->DestroySharedImage(m_mailbox); } diff --git a/src/core/compositor/native_skia_output_device.h b/src/core/compositor/native_skia_output_device.h index 2c35cef77..d2101c0fb 100644 --- a/src/core/compositor/native_skia_output_device.h +++ b/src/core/compositor/native_skia_output_device.h @@ -164,18 +164,17 @@ private: void SwapBuffersFinished(); + bool m_requiresAlpha; + gpu::SharedImageFactory *const m_factory; + gpu::SharedImageRepresentationFactory *const m_representationFactory; + viz::SkiaOutputSurfaceDependency *const m_deps; mutable QMutex m_mutex; Shape m_shape; std::unique_ptr<Buffer> m_middleBuffer; std::unique_ptr<Buffer> m_backBuffer; viz::OutputSurfaceFrame m_frame; bool m_readyToUpdate = false; - bool m_requiresAlpha; scoped_refptr<base::SingleThreadTaskRunner> m_gpuTaskRunner; - - const raw_ptr<gpu::SharedImageFactory> m_factory; - const raw_ptr<gpu::SharedImageRepresentationFactory> m_representationFactory; - const raw_ptr<viz::SkiaOutputSurfaceDependency> m_deps; }; } // namespace QtWebEngineCore |