web_app_mac: UpdateAppShortcutsSubdirLocalizedName non-thread-safe use of gfx::Image |
|||
Issue descriptionChrome Version: 61 OS: Mac What steps will reproduce the problem? (1) Patch in https://chromium-review.googlesource.com/c/578915/ which adds a thread checker to gfx::Image. (2) From a Debug build, run unit_tests --gtest_filter='WebAppShortcutCreatorTest.*' What is the expected result? No fail. What happens instead? RUN ] WebAppShortcutCreatorTest.RunShortcut [52123:25091:0719/234505.722607:36901941352984:FATAL:image.cc(365)] Check failed: AccessIsThreadSafe(). 0 unit_tests 0x0000000106aa145c base::debug::StackTrace::StackTrace(unsigned long) + 28 1 unit_tests 0x0000000106ac4a40 logging::LogMessage::~LogMessage() + 224 2 unit_tests 0x000000010754b29d gfx::Image::AsNSImage() const + 109 3 unit_tests 0x0000000108ffe5e5 (anonymous namespace)::ImageRepForGFXImage(gfx::Image const&) + 21 4 unit_tests 0x0000000108ffd946 (anonymous namespace)::SetWorkspaceIconOnFILEThread(base::FilePath const&, std::unique_ptr<ResourceIDToImage>) + 230 The sequence that leads to this crash: 1. FILE thread: UpdateAppShortcutsSubdirLocalizedName PostTask to UI thread: GetImageResourcesOnUIThread 2. UI thread: GetImageResourcesOnUIThread calls ui::ResourceBundle::GetNativeImageNamed(), retrieving gfx::Image instances shared with static references on the UI thread. 3. FILE thread: SetWorkspaceIconOnFILEThread calls gfx::Image::AsNSImage on these images. AsNSImage is not thread-safe because other code running simultaneously on the UI thread may be updating the image cache. Possible solutions: A. Call AsNSImage in GetImageResourcesOnUIThread, and pass a std::map<int, NSImage*> across to SetWorkspaceIconOnFILEThread instead. B. Do what tapted@ suggested in https://crbug.com/742145#c12 and make the gfx::Image update its internal cache atomically. A is my preferred option as it avoids all thread safety issues in gfx::Image; the latter only works because SetWorkspaceIconOnFILEThread never copies a gfx::Image object.
,
Jul 20 2017
Looks like this was added very recently in r468712 to fix non-thread-safe access to ResourceBundle. It seems it just squeezed the threading error through to gfx::Image::AsNSImage. Speculative CL to fix (untested): https://chromium-review.googlesource.com/578539
,
Jul 21 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/ff2f8fe037d727771999df4e234f5bfb03980bea commit ff2f8fe037d727771999df4e234f5bfb03980bea Author: Matt Giuca <mgiuca@chromium.org> Date: Fri Jul 21 05:09:24 2017 web_app_mac: Call ImageRepForGFXImage on the UI thread, not FILE. Fixes a thread-unsafe call to gfx::Image::AsNSImage on an image object from a resource bundle owned by the UI thread. Bug: 746815 Change-Id: I0eb06aab2823ff1b42c4fb35df3806f32169c744 Reviewed-on: https://chromium-review.googlesource.com/578539 Commit-Queue: Matt Giuca <mgiuca@chromium.org> Reviewed-by: Trent Apted <tapted@chromium.org> Cr-Commit-Position: refs/heads/master@{#488586} [modify] https://crrev.com/ff2f8fe037d727771999df4e234f5bfb03980bea/chrome/browser/web_applications/web_app_mac.mm
,
Jul 21 2017
|
|||
►
Sign in to add a comment |
|||
Comment 1 by mgiuca@chromium.org
, Jul 20 2017