Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
[embedlite] Avoid dereferencing null allocator pointer. Contributes t…
…o JB#49875 The allocator (TextureForwarder) passed to the SharedSurface is only needed for the IPC child and should be null for the parent. Although the value passed by EmbedLiteCompositorBridgeParent::PrepareOffscreen() was always null in practice, this was obfuscated by the fact that the ShadowLayerForwarder, used as a proxy for the TextureForwarder, was guaranteed to be returned as null by mLayerManager [1]. This change sets the allocator to null explicitly to avoid calling the null ShadowForwarder to retreive it, which would cause a segfault. The allocator is ultimately stored and used by the SurfaceFactory, and there are several other code paths that also set this to null, so this appears to be safe [2]. [1] mLayerManager has type LayerManagerComposite, which inherits LayerManager::AsShadowForwarder() and always returns null. The method is virtual and mLayerManager is cast as LayerManagerComposite, so this return cannot be overridden. [2] The most obvious is for SurfaceFactor_Basic, used by GLScreenBuffer. See the SurfaceFactoryBasic constructor at gfx/gl/SharedSurfaceGL.cpp line 101 which calls SurfaceFactory(SharedSurfaceType::Basic, gl, caps, nullptr, flags)
- Loading branch information