Skip to content

cogl/journal: Don't sometimes hold a ref on the framebuffer

d42f1873 introduced a semi circular reference between the CoglFramebuffer, and CoglJournal, where CoglJournal would keep a reference on the CoglFramebuffer when there were any entries in the journal log.

To avoid risking leaking these objects indefinitely, when freeing objects without doing anything that triggered a flush, CoglFramebuffer had a "filter" on cogl_object_unref() calls, which knew about under what conditions CoglJournal had a reference to it. When it could detect that there were only the journal itself holding such a reference, it'd flush the journal, effectively releasing the reference the journal held, thus freeing itself, as well as the journal.

When CoglFramebuffer was ported to be implemented using GObject instead of CoglObject, this "filter" was missed, causing not only awkward but infrequent leaks, but also situations where we'd flush journals when only the journal itself held the last reference to the framebuffer, meaning the journal would free the framebuffer, thus itself, in the middle of flushing, causing memory corruption and crashes.

A way to detect this, by asserting on CoglObject reference count during flush, is by adding the g_assert() as described below, which will assert instead cause memory corruption.

void _cogl_journal_flush (CoglJournal *journal { ... _cogl_journal_discard (journal);

  • g_assert (journal->_parent.ref_count > 0); ... }

Fix this by making CoglFramebuffer the owner of the journal, which it already was, and remove any circle referencing that was there before, as it is not needed given that the CoglFramebuffer pointer is guaranteed to be valid for the lifetime of CoglJournal as the framebuffer is the owner of the journal.

However, to not miss flushing before tearing down, which is important as this flushes painting calls to the driver that is important for e.g. using the result of those journal entries, flush the journal the first time cogl_framebuffer_dispose() is called, before doing anything else.

This also adds a test case. Without having broken the circular reference, the test would fail on g_assert_null (offscreen), as it would have been "leaked" at this point, but the actual memory corruption would be a result of the cogl_texture_get_data() call, which flushes the framebuffer, and causes the 'mid-flush' destruction of the journal described above. Note that the texture keeps track of dependent framebuffers, but it does not hold any references to them.

Closes: #1474 (closed)

Edited by Jonas Ådahl

Merge request reports