GPU: Remove memory duplication in async uploads. Now that gpu::Buffer is ref-counted, we can avoid duplicating memory for security (to prevent use-after-free). BUG=177063, 353822 Review URL: https://codereview.chromium.org/211493006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@259807 0039d316-1c4b-4281-b951-d872f2087c98

commit: c8021e0389e481a019865d77773c17f1d8492cdc [log] [tgz]
author: [email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98> Thu Mar 27 06:10:12 2014
committer: [email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98> Thu Mar 27 06:10:12 2014
tree: 307d36abcb1a252d9c90f0fef1eaa601354dcc5a
parent: f645be519c2a95fb0540c62d5f957527ac9e9d6f [diff] [blame]
diff --git a/gpu/command_buffer/service/gles2_cmd_decoder.cc b/gpu/command_buffer/service/gles2_cmd_decoder.cc
index 427227c..e6a12701 100644
--- a/gpu/command_buffer/service/gles2_cmd_decoder.cc
+++ b/gpu/command_buffer/service/gles2_cmd_decoder.cc

@@ -10392,20 +10392,12 @@
     return error::kNoError;
   }
 
-  // We know the memory/size is safe, so get the real shared memory since
-  // it might need to be duped to prevent use-after-free of the memory.
-  scoped_refptr<gpu::Buffer> buffer = GetSharedMemoryBuffer(c.pixels_shm_id);
-  base::SharedMemory* shared_memory = buffer->shared_memory();
-  uint32 shm_size = buffer->size();
-  uint32 shm_data_offset = c.pixels_shm_offset;
-  uint32 shm_data_size = pixels_size;
-
   // Setup the parameters.
   AsyncTexImage2DParams tex_params = {
       target, level, static_cast<GLenum>(internal_format),
       width, height, border, format, type};
-  AsyncMemoryParams mem_params = {
-      shared_memory, shm_size, shm_data_offset, shm_data_size};
+  AsyncMemoryParams mem_params(
+      GetSharedMemoryBuffer(c.pixels_shm_id), c.pixels_shm_offset, pixels_size);
 
   // Set up the async state if needed, and make the texture
   // immutable so the async state stays valid. The level info
@@ -10482,19 +10474,11 @@
     }
   }
 
-  // We know the memory/size is safe, so get the real shared memory since
-  // it might need to be duped to prevent use-after-free of the memory.
-  scoped_refptr<gpu::Buffer> buffer = GetSharedMemoryBuffer(c.data_shm_id);
-  base::SharedMemory* shared_memory = buffer->shared_memory();
-  uint32 shm_size = buffer->size();
-  uint32 shm_data_offset = c.data_shm_offset;
-  uint32 shm_data_size = data_size;
-
   // Setup the parameters.
   AsyncTexSubImage2DParams tex_params = {target, level, xoffset, yoffset,
                                               width, height, format, type};
-  AsyncMemoryParams mem_params = {shared_memory, shm_size,
-                                       shm_data_offset, shm_data_size};
+  AsyncMemoryParams mem_params(
+      GetSharedMemoryBuffer(c.data_shm_id), c.data_shm_offset, data_size);
   AsyncPixelTransferDelegate* delegate =
       async_pixel_transfer_manager_->GetPixelTransferDelegate(texture_ref);
   if (!delegate) {
commit	c8021e0389e481a019865d77773c17f1d8492cdc	[log] [tgz]
author	[email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98>	Thu Mar 27 06:10:12 2014
committer	[email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98>	Thu Mar 27 06:10:12 2014
tree	307d36abcb1a252d9c90f0fef1eaa601354dcc5a
parent	f645be519c2a95fb0540c62d5f957527ac9e9d6f [diff] [blame]