Merge r213448 - [GTK] WebProcess from WebKitGtk+ 2.15.x SIGSEVs in GI…

…FLZWContext::doLZW(unsigned char const*, unsigned long) at Source/WebCore/platform/image-decoders/gif/GIFImageReader.cpp:303 https://bugs.webkit.org/show_bug.cgi?id=167304 Reviewed by Carlos Garcia Campos. Add a lock to ensure that the GIFImageReader that we are using for decoding is not deleted while the decoding thread is using it. No new tests. * platform/image-decoders/gif/GIFImageDecoder.cpp: (WebCore::GIFImageDecoder::clearFrameBufferCache): git-svn-id: http://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.16@213815 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Igalia · Mar 13, 2017 · c943289 · c943289
1 parent d317128
commit c943289
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 0 deletions.
diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
@@ -1,3 +1,18 @@
+2017-03-06  Miguel Gomez  <magomez@igalia.com>
+
+        [GTK] WebProcess from WebKitGtk+ 2.15.x SIGSEVs in GIFLZWContext::doLZW(unsigned char const*, unsigned long) at Source/WebCore/platform/image-decoders/gif/GIFImageReader.cpp:303
+        https://bugs.webkit.org/show_bug.cgi?id=167304
+
+        Reviewed by Carlos Garcia Campos.
+
+        Add a lock to ensure that the GIFImageReader that we are using for decoding is not deleted while
+        the decoding thread is using it.
+
+        No new tests.
+
+        * platform/image-decoders/gif/GIFImageDecoder.cpp:
+        (WebCore::GIFImageDecoder::clearFrameBufferCache):
+
 2017-03-06  Vanessa Chipirrás Navalón  <vchipirras@igalia.com>
 
         [GStreamer] Adopt nullptr

diff --git a/Source/WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp b/Source/WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp
@@ -133,6 +133,10 @@ void GIFImageDecoder::clearFrameBufferCache(size_t clearBeforeFrame)
     if (m_frameBufferCache.isEmpty())
         return; // Nothing to do.
 
+    // Lock the decodelock here, as we are going to destroy the GIFImageReader and doing so while
+    // there's an ongoing decode will cause a crash.
+    LockHolder locker(m_decodeLock);
+
     // The "-1" here is tricky.  It does not mean that |clearBeforeFrame| is the
     // last frame we wish to preserve, but rather that we never want to clear
     // the very last frame in the cache: it's empty (so clearing it is