Closed
Bug 894925
Opened 11 years ago
Closed 11 years ago
ImageBridgeChild::DispatchImageClientUpdate doesn't attempt to keep ImageContainer alive
Categories
(Core :: Graphics: Layers, defect)
Core
Graphics: Layers
Tracking
()
RESOLVED
FIXED
mozilla25
People
(Reporter: mstange, Assigned: mstange)
References
(Blocks 1 open bug)
Details
Attachments
(2 files)
|
2.06 KB,
patch
|
nical
:
review+
|
Details | Diff | Splinter Review |
|
1.39 KB,
patch
|
nical
:
review+
|
Details | Diff | Splinter Review |
There's this code in ImageBridgeChild.cpp:
> static void UpdateImageClientNow(ImageClient* aClient, nsRefPtr<ImageContainer> aContainer)
> {
> MOZ_ASSERT(aClient);
> MOZ_ASSERT(aContainer);
> sImageBridgeChildSingleton->BeginTransaction();
> aClient->UpdateImage(aContainer, Layer::CONTENT_OPAQUE);
> sImageBridgeChildSingleton->EndTransaction();
> }
>
> //static
> void ImageBridgeChild::DispatchImageClientUpdate(ImageClient* aClient,
> ImageContainer* aContainer)
> {
> if (InImageBridgeChildThread()) {
> UpdateImageClientNow(aClient, aContainer);
> return;
> }
> nsRefPtr<ImageContainer> container = aContainer;
> sImageBridgeChildSingleton->GetMessageLoop()->PostTask(
> FROM_HERE,
> NewRunnableFunction(&UpdateImageClientNow, aClient, container));
> }
In bug 546837 I ran across crashes where an ImageContainer was accessed from UpdateImageClientNow after it had already been destroyed, because the runnable function only takes a raw pointer to the container and doesn't attempt to keep it alive.
Nical, will bug 858914 take care of this in some way, or do we need to add a strong reference somewhere here? Or is there something wrong on my end?
|
Assignee | |
Comment 1•11 years ago
|
||
Oops, actually, that's the code after I added the nsRefPtr. In fact it looks like this at the moment:
> static void UpdateImageClientNow(ImageClient* aClient, ImageContainer* aContainer)
> {
> MOZ_ASSERT(aClient);
> MOZ_ASSERT(aContainer);
> sImageBridgeChildSingleton->BeginTransaction();
> aClient->UpdateImage(aContainer, Layer::CONTENT_OPAQUE);
> sImageBridgeChildSingleton->EndTransaction();
> }
>
> //static
> void ImageBridgeChild::DispatchImageClientUpdate(ImageClient* aClient,
> ImageContainer* aContainer)
> {
> if (InImageBridgeChildThread()) {
> UpdateImageClientNow(aClient, aContainer);
> return;
> }
> sImageBridgeChildSingleton->GetMessageLoop()->PostTask(
> FROM_HERE,
> NewRunnableFunction(&UpdateImageClientNow, aClient, aContainer));
> }
|
||
Comment 2•11 years ago
|
||
Bug 858914 doesn't change this, so we indeed need to hold a strong ref here.
I suppose I would addref (in before dispatching or calling UpdateImageClientNiw) and release it (at the end of UpdateImageClientNow) manually.
|
|
Assignee | |
Comment 3•11 years ago
|
||
I'm not a big fan of manual reference counting. What do you think of this instead?
Assignee: nobody → mstange
Status: NEW → ASSIGNED
Attachment #777167 -
Flags: review?(nical.bugzilla)
|
|
Assignee | |
Comment 4•11 years ago
|
||
Or maybe this instead?
Attachment #777168 -
Flags: review?(nical.bugzilla)
|
|
Assignee | |
Comment 5•11 years ago
|
||
Also, do we need to hold a strong ref to the ImageClient, too?
|
|
||
Comment 6•11 years ago
|
||
Comment on attachment 777167 [details] [diff] [review]
with nsRefPtr, approach A
Review of attachment 777167 [details] [diff] [review]:
-----------------------------------------------------------------
I am not exactly sure how this interacts with all the magic that happens in NewRunnableFunction and the MakeTuple stuff underneath. If this works I am all for it!
Attachment #777167 -
Flags: review?(nical.bugzilla) → review+
|
|
||
Comment 7•11 years ago
|
||
Comment on attachment 777168 [details] [diff] [review]
with nsRefPtr, approach B
Review of attachment 777168 [details] [diff] [review]:
-----------------------------------------------------------------
I like this explicit approach (but again it's just me not feeling at ease with the template magic going on in NewRunnableFunction, so if you are certain that both approaches work, pick the one one you prefer), and also you are right, please add a strong ref to the ImageClient too.
Attachment #777168 -
Flags: review?(nical.bugzilla) → review+
|
|
Assignee | |
Comment 8•11 years ago
|
||
(In reply to Nicolas Silva [:nical] from comment #7)
> I like this explicit approach (but again it's just me not feeling at ease
> with the template magic going on in NewRunnableFunction, so if you are
> certain that both approaches work, pick the one one you prefer)
I prefer approach B, too.
, and also
> you are right, please add a strong ref to the ImageClient too.
OK. Should I do that in DispatchReleaseImageClient, too?
|
|
||
Comment 9•11 years ago
|
||
Yes, please and also the other dispatched functions (CreateImageClientNow, etc.)
|
|
Assignee | |
Comment 10•11 years ago
|
||
Actually it looks like nothing needs to be done for ImageClient. The only way for the ImageClient to go away is through the ->Release() call in ReleaseImageClientNow, and that's guaranteed not to happen as long as its owner ImageContainer is alive.
|
|
Assignee | |
Comment 11•11 years ago
|
||
|
||
Comment 12•11 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla25
You need to log in
before you can comment on or make changes to this bug.
Description
•