[webkit-changes] [218573] releases/WebKitGTK/webkit-2.16

[carlosgc]

Title: [218573] releases/WebKitGTK/webkit-2.16

Revision

218573

Author

carlo...@webkit.org

Date

2017-06-20 01:59:44 -0700 (Tue, 20 Jun 2017)

Log Message

Merge r218041 - Crash when IndexedDB's getAll is used inside a Web Worker.
https://bugs.webkit.org/show_bug.cgi?id=172434

Reviewed by Andy Estes.

Source/WebCore:

Test: storage/indexeddb/modern/worker-getall.html

* Modules/indexeddb/IDBGetAllResult.cpp:
(WebCore::IDBGetAllResult::IDBGetAllResult): Add an isolated-copying constructor.
(WebCore::IDBGetAllResult::isolatedCopy):
* Modules/indexeddb/IDBGetAllResult.h:

* Modules/indexeddb/shared/IDBResultData.cpp:
(WebCore::IDBResultData::isolatedCopy): Actually copy the IDBGetAllResult.

LayoutTests:

* storage/indexeddb/modern/resources/worker-getall.js: Added.
* storage/indexeddb/modern/worker-getall-expected.txt: Added.
* storage/indexeddb/modern/worker-getall.html: Added.

Modified Paths

• releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog
• releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog
• releases/WebKitGTK/webkit-2.16/Source/WebCore/Modules/indexeddb/IDBGetAllResult.cpp
• releases/WebKitGTK/webkit-2.16/Source/WebCore/Modules/indexeddb/IDBGetAllResult.h
• releases/WebKitGTK/webkit-2.16/Source/WebCore/Modules/indexeddb/shared/IDBResultData.cpp

Added Paths

• releases/WebKitGTK/webkit-2.16/LayoutTests/storage/indexeddb/modern/resources/worker-getall.js
• releases/WebKitGTK/webkit-2.16/LayoutTests/storage/indexeddb/modern/worker-getall-expected.txt
• releases/WebKitGTK/webkit-2.16/LayoutTests/storage/indexeddb/modern/worker-getall.html

Diff

Modified: releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog (218572 => 218573)

--- releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog	2017-06-20 08:52:13 UTC (rev 218572)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog	2017-06-20 08:59:44 UTC (rev 218573)
@@ -1,3 +1,14 @@
+2017-06-09  Brady Eidson  <beid...@apple.com>
+
+        Crash when IndexedDB's getAll is used inside a Web Worker.
+        https://bugs.webkit.org/show_bug.cgi?id=172434
+
+        Reviewed by Andy Estes.
+
+        * storage/indexeddb/modern/resources/worker-getall.js: Added.
+        * storage/indexeddb/modern/worker-getall-expected.txt: Added.
+        * storage/indexeddb/modern/worker-getall.html: Added.
+
 2017-06-08  Ryosuke Niwa  <rn...@webkit.org>
 
         Crash inside InsertNodeBeforeCommand via InsertParagraphSeparatorCommand

Added: releases/WebKitGTK/webkit-2.16/LayoutTests/storage/indexeddb/modern/resources/worker-getall.js (0 => 218573)

--- releases/WebKitGTK/webkit-2.16/LayoutTests/storage/indexeddb/modern/resources/worker-getall.js	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/storage/indexeddb/modern/resources/worker-getall.js	2017-06-20 08:59:44 UTC (rev 218573)
@@ -0,0 +1,32 @@
+const errorHandler = function (event) {
+  console.error(event.target.error);
+}
+
+console.log('Deleting database...');
+var deleteRequest = indexedDB.deleteDatabase('test');
+deleteRequest._onerror_ = deleteRequest._onblocked_ = deleteRequest._onsuccess_ = function () {
+    console.log('Opening database...');
+    var openRequest = indexedDB.open('test');
+    openRequest._onerror_ = errorHandler;
+    openRequest._onupgradeneeded_ = function () {
+        var db = openRequest.result;
+        db.createObjectStore('test', {keyPath: 'a'});
+    }
+    openRequest._onsuccess_ = function (event) {
+        var db = event.target.result;
+
+        var tx = db.transaction('test', 'readwrite');
+        tx._onerror_ = errorHandler;
+        tx._onabort_ = errorHandler;
+        tx._oncomplete_ = function () {
+            console.log('All done!');
+			postMessage('All done!');
+        };
+
+        var getAllRequest = tx.objectStore('test').getAll();
+        getAllRequest._onerror_ = errorHandler;
+        getAllRequest._onsuccess_ = function () {
+            console.log('Success!');
+        };
+    };
+};

Added: releases/WebKitGTK/webkit-2.16/LayoutTests/storage/indexeddb/modern/worker-getall-expected.txt (0 => 218573)

--- releases/WebKitGTK/webkit-2.16/LayoutTests/storage/indexeddb/modern/worker-getall-expected.txt	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/storage/indexeddb/modern/worker-getall-expected.txt	2017-06-20 08:59:44 UTC (rev 218573)
@@ -0,0 +1 @@
+If this test completes without crashing, it passed.

Added: releases/WebKitGTK/webkit-2.16/LayoutTests/storage/indexeddb/modern/worker-getall.html (0 => 218573)

--- releases/WebKitGTK/webkit-2.16/LayoutTests/storage/indexeddb/modern/worker-getall.html	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/storage/indexeddb/modern/worker-getall.html	2017-06-20 08:59:44 UTC (rev 218573)
@@ -0,0 +1,14 @@
+<script type="text/_javascript_">
+if (testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+
+var w = new Worker('resources/worker-getall.js');
+w._onmessage_ = function() {
+    if (testRunner)
+        testRunner.notifyDone();
+}
+
+</script>
+If this test completes without crashing, it passed.

Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog (218572 => 218573)

--- releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog	2017-06-20 08:52:13 UTC (rev 218572)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog	2017-06-20 08:59:44 UTC (rev 218573)
@@ -1,3 +1,20 @@
+2017-06-09  Brady Eidson  <beid...@apple.com>
+
+        Crash when IndexedDB's getAll is used inside a Web Worker.
+        https://bugs.webkit.org/show_bug.cgi?id=172434
+
+        Reviewed by Andy Estes.
+
+        Test: storage/indexeddb/modern/worker-getall.html
+
+        * Modules/indexeddb/IDBGetAllResult.cpp:
+        (WebCore::IDBGetAllResult::IDBGetAllResult): Add an isolated-copying constructor.
+        (WebCore::IDBGetAllResult::isolatedCopy):
+        * Modules/indexeddb/IDBGetAllResult.h:
+        
+        * Modules/indexeddb/shared/IDBResultData.cpp:
+        (WebCore::IDBResultData::isolatedCopy): Actually copy the IDBGetAllResult.
+
 2017-06-08  Ryosuke Niwa  <rn...@webkit.org>
 
         Crash inside InsertNodeBeforeCommand via InsertParagraphSeparatorCommand

Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/Modules/indexeddb/IDBGetAllResult.cpp (218572 => 218573)

--- releases/WebKitGTK/webkit-2.16/Source/WebCore/Modules/indexeddb/IDBGetAllResult.cpp	2017-06-20 08:52:13 UTC (rev 218572)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/Modules/indexeddb/IDBGetAllResult.cpp	2017-06-20 08:59:44 UTC (rev 218573)
@@ -42,24 +42,31 @@
         targetVector.uncheckedAppend(element.isolatedCopy());
 }
 
+IDBGetAllResult::IDBGetAllResult(const IDBGetAllResult& that, IsolatedCopyTag)
+{
+    isolatedCopy(that, *this);
+}
+
 IDBGetAllResult IDBGetAllResult::isolatedCopy() const
 {
-    IDBGetAllResult result;
-    result.m_type = m_type;
+    return { *this, IsolatedCopy };
+}
 
-    if (WTF::holds_alternative<std::nullptr_t>(m_results))
-        return result;
+void IDBGetAllResult::isolatedCopy(const IDBGetAllResult& source, IDBGetAllResult& destination)
+{
+    destination.m_type = source.m_type;
 
-    switch (m_type) {
+    if (WTF::holds_alternative<std::nullptr_t>(source.m_results))
+        return;
+
+    switch (source.m_type) {
     case IndexedDB::GetAllType::Keys:
-        isolatedCopyOfVariant<IDBKeyData>(m_results, result.m_results);
+        isolatedCopyOfVariant<IDBKeyData>(source.m_results, destination.m_results);
         break;
     case IndexedDB::GetAllType::Values:
-        isolatedCopyOfVariant<IDBValue>(m_results, result.m_results);
+        isolatedCopyOfVariant<IDBValue>(source.m_results, destination.m_results);
         break;
     }
-
-    return result;
 }
 
 void IDBGetAllResult::addKey(IDBKeyData&& key)

Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/Modules/indexeddb/IDBGetAllResult.h (218572 => 218573)

--- releases/WebKitGTK/webkit-2.16/Source/WebCore/Modules/indexeddb/IDBGetAllResult.h	2017-06-20 08:52:13 UTC (rev 218572)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/Modules/indexeddb/IDBGetAllResult.h	2017-06-20 08:59:44 UTC (rev 218573)
@@ -54,6 +54,8 @@
         }
     }
 
+    enum IsolatedCopyTag { IsolatedCopy };
+    IDBGetAllResult(const IDBGetAllResult&, IsolatedCopyTag);
     IDBGetAllResult isolatedCopy() const;
 
     IndexedDB::GetAllType type() const { return m_type; }
@@ -69,6 +71,8 @@
     WEBCORE_EXPORT Vector<String> allBlobFilePaths() const;
 
 private:
+    static void isolatedCopy(const IDBGetAllResult& source, IDBGetAllResult& destination);
+
     IndexedDB::GetAllType m_type { IndexedDB::GetAllType::Keys };
     WTF::Variant<Vector<IDBKeyData>, Vector<IDBValue>, std::nullptr_t> m_results { nullptr };
 };

Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/Modules/indexeddb/shared/IDBResultData.cpp (218572 => 218573)

--- releases/WebKitGTK/webkit-2.16/Source/WebCore/Modules/indexeddb/shared/IDBResultData.cpp	2017-06-20 08:52:13 UTC (rev 218572)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/Modules/indexeddb/shared/IDBResultData.cpp	2017-06-20 08:59:44 UTC (rev 218573)
@@ -94,6 +94,8 @@
         destination.m_resultKey = std::make_unique<IDBKeyData>(*source.m_resultKey, IDBKeyData::IsolatedCopy);
     if (source.m_getResult)
         destination.m_getResult = std::make_unique<IDBGetResult>(*source.m_getResult, IDBGetResult::IsolatedCopy);
+    if (source.m_getAllResult)
+        destination.m_getAllResult = std::make_unique<IDBGetAllResult>(*source.m_getAllResult, IDBGetAllResult::IsolatedCopy);
 }
 
 IDBResultData IDBResultData::error(const IDBResourceIdentifier& requestIdentifier, const IDBError& error)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes