gpu: fix memory corruption in cache_gc_cb()
gsk_gpu_device_gc() may release the last ref on the GskGpuDevice, leading to memory corruption when setting priv->cache_gc_source = 0. Includes a bit of refactoring, so the ref/unref wraps nicely around the actual code. Fixes crashes seen after using the inspector and closing the window, thereby closing all windows of a display and releasing all references to the device. Fixes #6861
This commit is contained in:
Michael Catanzaro
committed by
Benjamin Otte
Benjamin Otte
parent
d32fd76b31
commit
4c40395a38
@@ -62,17 +62,24 @@ cache_gc_cb (gpointer data)
|
|||||||
GskGpuDevice *self = data;
|
GskGpuDevice *self = data;
|
||||||
GskGpuDevicePrivate *priv = gsk_gpu_device_get_instance_private (self);
|
GskGpuDevicePrivate *priv = gsk_gpu_device_get_instance_private (self);
|
||||||
gint64 timestamp;
|
gint64 timestamp;
|
||||||
|
gboolean result = G_SOURCE_CONTINUE;
|
||||||
|
|
||||||
timestamp = g_get_monotonic_time ();
|
timestamp = g_get_monotonic_time ();
|
||||||
GSK_DEBUG (CACHE, "Periodic GC (timestamp %lld)", (long long) timestamp);
|
GSK_DEBUG (CACHE, "Periodic GC (timestamp %lld)", (long long) timestamp);
|
||||||
|
|
||||||
|
/* gc can collect the device if all windows are closed and only
|
||||||
|
* the cache is keeping it alive */
|
||||||
|
g_object_ref (self);
|
||||||
|
|
||||||
if (gsk_gpu_device_gc (self, timestamp))
|
if (gsk_gpu_device_gc (self, timestamp))
|
||||||
{
|
{
|
||||||
priv->cache_gc_source = 0;
|
priv->cache_gc_source = 0;
|
||||||
return G_SOURCE_REMOVE;
|
result = G_SOURCE_REMOVE;
|
||||||
}
|
}
|
||||||
|
|
||||||
return G_SOURCE_CONTINUE;
|
g_object_unref (self);
|
||||||
|
|
||||||
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
|
|||||||
Reference in New Issue
Block a user