mirror of
https://github.com/servo/servo
synced 2026-05-13 02:17:06 +02:00
1a99f74c36
Many WebGL objects refer to a `WebGLRenderingContext` and rely on it for messaging to the `WebGLThread`. This poses a problem, because WebGL objects often need to send a message to the `WebGLThread` during their `Drop` implementation. If the `Drop` is triggered as part of garbage collection, references to the `WebGLRenderingContext` might be invalid, if they were garbage collected first as part of the same harvest. This change makes it so that all of these objects store a `WeakRef` instead of a `Dom<>`. The `WeakRef` is only used if it can be rooted, otherwise a `ContextLost` error is given. In cases where only messaging is needed, a cloned `WebGLMsgSender` is used to perform messages regardless of whether the context is garbage collected or not. This isn't a replacement for #37622, but should make it easier to implement as the `WebGLMsgSender` and the `WeakRef` could be stored in the droppable portion of the DOM object. Testing: This fixes a use-after-free issue which is mainly detectable via ASAN builds. Since we do not run ASAN on CI, this is a bit hard to create automated tests for. I verified that this fixed the issue manually. Fixes: #40655. Signed-off-by: Martin Robinson <mrobinson@igalia.com>