зеркало из https://github.com/mozilla/gecko-dev.git
42e6712830
A default constructed SurfacePipe contains a NullSurfaceSink as its filter in mHead. This filter does nothing and is merely a placeholder. Since most SurfacePipe objects are constructed with the default constructor, and NullSurfaceSink has no (modified) state, we use a singleton to represent it. Normally the SurfacePipe owns its filter, so it needs to do a special check for NullSurfaceSink to ensure it doesn't free it explicitly. A Decoder object contains a default constructed SurfacePipe until it needs to create the first frame from an image. This is a very brief window because it does not take very long or much data to get to this stage of decoding. The NullSurfaceSink singleton is freed upon shutdown, however some ISurfaceProvider objects may be lingering after this. If their Decoder has yet to create the first frame, that means the SurfacePipe actually contains a dangling pointer to the already freed singleton. To make things worse, it actually tried to free the filter because it didn't match the singleton (it got freed!). As such, this change removes NullSurfaceSink entirely. We never use the SurfacePipe before initializing it with a proper filter, and it would be considered a programming error to do so. Instead let SurfacePipe::mHead be null, and assert that it is not null when any operations are performed on the SurfacePipe. |
||
|---|---|---|
| .. | ||
| moz.build | ||
| nsImageModule.cpp | ||
| nsImageModule.h | ||