Fix crash if FlView is destroyed during a draw.#186848
Conversation
|
It looks like this pull request may not have tests. Please make sure to add tests or get an explicit test exemption before merging. If you are not sure if you need tests, consider this rule of thumb: the purpose of a test is to make sure someone doesn't accidentally revert the fix. Ask yourself, is there anything in your PR that you feel it is important we not accidentally revert back to how it was before your fix? Reviewers: Read the Tree Hygiene page and make sure this patch meets those guidelines before LGTMing. If you believe this PR qualifies for a test exemption, contact "@test-exemption-reviewer" in the #hackers channel in Discord (don't just cc them here, they won't see it!). The test exemption team is a small volunteer group, so all reviewers should feel empowered to ask for tests, without delegating that responsibility entirely to the test exemption group. |
github-actions
Bot
added
engine
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request modifies the lifecycle management of FlView in the Linux platform shell by introducing g_autoptr and explicit object referencing for idle callbacks. Feedback indicates that using g_autoptr within the callback is fragile and could lead to a use-after-free if the callback logic is changed to persist. Additionally, it is recommended to use g_idle_add_full with a GDestroyNotify to ensure the object reference is properly released even if the idle source is removed before execution, preventing potential memory leaks.
| // Redraw the view from the GTK thread. | ||
| static gboolean redraw_cb(gpointer user_data) { | ||
| FlView* self = FL_VIEW(user_data); | ||
| g_autoptr(FlView) self = FL_VIEW(user_data); |
There was a problem hiding this comment.
Using g_autoptr inside a GSourceFunc to manage the lifecycle of user_data is fragile. If the callback were ever modified to return G_SOURCE_CONTINUE (TRUE), the object would be unreferenced prematurely at the end of the first execution, leading to a use-after-free in subsequent iterations. It is safer to manage the lifecycle via the source's destroy notify in the caller.
FlView* self = FL_VIEW(user_data);|
|
||
| // Perform the redraw in the GTK thead. | ||
| g_idle_add(redraw_cb, self); | ||
| g_idle_add(redraw_cb, g_object_ref(self)); |
There was a problem hiding this comment.
Using g_idle_add_full with g_object_unref as the GDestroyNotify is the idiomatic and more robust way to manage the lifetime of the user_data object in GLib. This ensures that the reference is released even if the idle source is removed without the callback being executed (e.g., during application shutdown or if the source is explicitly removed), preventing a potential reference leak.
g_idle_add_full(G_PRIORITY_DEFAULT_IDLE, redraw_cb, g_object_ref(self), g_object_unref);
mattkae
force-pushed
the
linux-redraw-during-view-removal
branch
from
e53b51f to
fd4473b
Compare
|
@loic-sharma can you kick off the google testing? |
loic-sharma
left a comment
loic-sharma
left a comment
There was a problem hiding this comment.
Approving to run google testing
Ensure the object remains alive until the redraw callback completes. Triggered by rapidly opening and closing tooltips in the multi-window demo app. Command line error: g_mutex_clear() called on uninitialised or locked mutex
mattkae
force-pushed
the
linux-redraw-during-view-removal
branch
from
fd4473b to
d5312e4
Compare
|
Rebased to poke Google testing |
flutter/flutter@c8f2f16...e70534d 2026-05-28 [email protected] Linux glyph gamma correction (flutter/flutter#187122) 2026-05-28 [email protected] [iOS] Eliminate strong retain cycle from VSyncClient (flutter/flutter#187164) 2026-05-28 [email protected] Revert "[pubspec] Bump Dart SDK constraint to ^3.13.0 (#186957)" (flutter/flutter#187209) 2026-05-28 [email protected] Roll Skia from f1b8ba877c07 to 32acea791248 (3 revisions) (flutter/flutter#187220) 2026-05-27 [email protected] Roll Fuchsia Linux SDK from k9EizfEGJO4WwQN9-... to SBpmmPxqx3lAvGojE... (flutter/flutter#187211) 2026-05-27 [email protected] [Impeller] Add block-compressed texture format support (BC, ETC2, ASTC) (flutter/flutter#187077) 2026-05-27 [email protected] Disable analyzer (flutter/flutter#187205) 2026-05-27 [email protected] [Flutter GPU] Add explicit draw counts (reland) (flutter/flutter#187192) 2026-05-27 [email protected] [Flutter GPU] Inject per-backend defines into shader bundle compilation (flutter/flutter#187081) 2026-05-27 [email protected] Roll Skia from fa944af10f91 to f1b8ba877c07 (13 revisions) (flutter/flutter#187194) 2026-05-27 [email protected] Fixes bug when changing accessibilityFocusBlockType doesn't update ch… (flutter/flutter#186596) 2026-05-27 [email protected] Roll pub packages (flutter/flutter#187191) 2026-05-27 [email protected] [web, tool] Support recompiling shaders and unify asset processing (2nd try) (flutter/flutter#186902) 2026-05-27 [email protected] Fix crash if FlView is destroyed during a draw. (flutter/flutter#186848) 2026-05-27 [email protected] Roll Packages from fc795e5 to 4b424d7 (4 revisions) (flutter/flutter#187174) 2026-05-27 [email protected] Stop prefetching Swift packages in pub get (flutter/flutter#187113) 2026-05-27 [email protected] Update CI with newer android sdk package (flutter/flutter#187143) 2026-05-27 [email protected] Add a tag to the Linux platform properties in .ci.yaml that specifies x64 CPUs (flutter/flutter#187124) If this roll has caused a breakage, revert this CL and stop the roller using the controls here: https://autoroll.skia.org/r/flutter-packages Please CC [email protected],[email protected] on the revert to ensure that a human is aware of the problem. To file a bug in Packages: https://github.com/flutter/flutter/issues/new/choose To report a problem with the AutoRoller itself, please file a bug: https://issues.skia.org/issues/new?component=1389291&template=1850622 Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+doc/main/autoroll/README.md
4 participants
Ensure the object remains alive until the redraw callback completes.
Triggered by rapidly opening and closing tooltips in the multi-window demo app. Command line error:
g_mutex_clear() called on uninitialised or locked mutex