Skip to site navigation (Press enter)

[webkit-changes] [94383] trunk/Source/WebCore

michaeln Thu, 01 Sep 2011 19:26:38 -0700

Title: [94383] trunk/Source/WebCore

Revision: 94383
Author: [email protected]
Date: 2011-09-01 19:27:34 -0700 (Thu, 01 Sep 2011)

Log Message

[Chromium] Fix a crashing bug due to raciness around SQL database shutdown.
https://bugs.webkit.org/show_bug.cgi?id=67457


The removeOpenDatabase() method can get called multiple times.
Subsequent calls to it should be harmeless instead of cause a crash.

Reviewed by David Levin.

* storage/chromium/DatabaseTrackerChromium.cpp:
(WebCore::DatabaseTracker::removeOpenDatabase):

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/storage/chromium/DatabaseTrackerChromium.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (94382 => 94383)


--- trunk/Source/WebCore/ChangeLog	2011-09-02 02:12:28 UTC (rev 94382)
+++ trunk/Source/WebCore/ChangeLog	2011-09-02 02:27:34 UTC (rev 94383)
@@ -1,3 +1,16 @@
+2011-09-01  Michael Nordman  <[email protected]>
+
+        [Chromium] Fix a crashing bug due to raciness around SQL database shutdown.
+        https://bugs.webkit.org/show_bug.cgi?id=67457
+
+        The removeOpenDatabase() method can get called multiple times.
+        Subsequent calls to it should be harmeless instead of cause a crash.
+
+        Reviewed by David Levin.
+
+        * storage/chromium/DatabaseTrackerChromium.cpp:
+        (WebCore::DatabaseTracker::removeOpenDatabase):
+
 2011-09-01  Kent Tamura  <[email protected]>
 
         The filename text color of a file upload control should be inherited.
@@ -186,6 +199,7 @@
 
         * page/DOMWindow.idl:
 
+>>>>>>> .r94382
 2011-09-01  Mark Rowe  <[email protected]>
 
         <rdar://problem/10063411> WebScriptObject.h declares an Objective-C method without a return type.

Modified: trunk/Source/WebCore/storage/chromium/DatabaseTrackerChromium.cpp (94382 => 94383)


--- trunk/Source/WebCore/storage/chromium/DatabaseTrackerChromium.cpp	2011-09-02 02:12:28 UTC (rev 94382)
+++ trunk/Source/WebCore/storage/chromium/DatabaseTrackerChromium.cpp	2011-09-02 02:27:34 UTC (rev 94383)
@@ -129,12 +129,19 @@
     MutexLocker openDatabaseMapLock(m_openDatabaseMapGuard);
     ASSERT(m_openDatabaseMap);
     DatabaseNameMap* nameMap = m_openDatabaseMap->get(originIdentifier);
-    ASSERT(nameMap);
+    if (!nameMap)
+        return;
+
     String name(database->stringIdentifier());
     DatabaseSet* databaseSet = nameMap->get(name);
-    ASSERT(databaseSet);
-    databaseSet->remove(database);
+    if (!databaseSet)
+        return;
 
+    DatabaseSet::iterator found = databaseSet->find(database);
+    if (found == databaseSet->end())
+        return;
+
+    databaseSet->remove(found);
     if (databaseSet->isEmpty()) {
         nameMap->remove(name);
         delete databaseSet;

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes