Fix crash in DoDescheduleUntilFinishedCHROMIUM()
gl::GLFence::Create() can return nullptr, in this case
the DoDescheduleUntilFinishedCHROMIUM() will crash. Fix the problem
by marking context lost if gl::GLFence::Create() returns nullptr.
Bug: 1221094
Change-Id: I87bd654e4486330c9dc15fb7d8e668acfb29d779
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2971647
Reviewed-by: Geoff Lang <geofflang@chromium.org>
Commit-Queue: Peng Huang <penghuang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#896571}
diff --git a/gpu/command_buffer/service/gles2_cmd_decoder_passthrough_doers.cc b/gpu/command_buffer/service/gles2_cmd_decoder_passthrough_doers.cc
index 90e5de37..e7a3f1f 100644
--- a/gpu/command_buffer/service/gles2_cmd_decoder_passthrough_doers.cc
+++ b/gpu/command_buffer/service/gles2_cmd_decoder_passthrough_doers.cc
@@ -4728,7 +4728,16 @@
if (!gl::GLFence::IsSupported()) {
return error::kNoError;
}
- deschedule_until_finished_fences_.push_back(gl::GLFence::Create());
+
+ auto fence = gl::GLFence::Create();
+ if (!fence) {
+ InsertError(GL_INVALID_OPERATION, "gl::GLFence::Create() failed.");
+ MarkContextLost(error::kUnknown);
+ group_->LoseContexts(error::kUnknown);
+ return error::kLostContext;
+ }
+
+ deschedule_until_finished_fences_.push_back(std::move(fence));
if (deschedule_until_finished_fences_.size() == 1) {
return error::kNoError;
