Skip to site navigation (Press enter)

[webkit-changes] [201402] trunk/Source/WebCore

beidson Wed, 25 May 2016 14:20:03 -0700

Title: [201402] trunk/Source/WebCore

Revision: 201402
Author: beid...@apple.com
Date: 2016-05-25 14:19:09 -0700 (Wed, 25 May 2016)

Log Message

Race condition calling back to an IDBOpenDBRequest during WorkerThread shutdown.
https://bugs.webkit.org/show_bug.cgi?id=158089


Reviewed by Alex Christensen.

No new tests (Only seen randomly under GuardMalloc).

Crash was seen once running under GuardMalloc. The error is obvious.

* Modules/indexeddb/client/IDBConnectionProxy.cpp:
(WebCore::IDBClient::IDBConnectionProxy::completeOpenDBRequest): Don't get a raw pointer out of the map.
  Instead store off as a RefPtr, as the map might be cleared out from the worker thread.

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/Modules/indexeddb/client/IDBConnectionProxy.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (201401 => 201402)


--- trunk/Source/WebCore/ChangeLog	2016-05-25 21:13:22 UTC (rev 201401)
+++ trunk/Source/WebCore/ChangeLog	2016-05-25 21:19:09 UTC (rev 201402)
@@ -1,3 +1,18 @@
+2016-05-25  Brady Eidson  <beid...@apple.com>
+
+        Race condition calling back to an IDBOpenDBRequest during WorkerThread shutdown.
+        https://bugs.webkit.org/show_bug.cgi?id=158089
+
+        Reviewed by Alex Christensen.
+
+        No new tests (Only seen randomly under GuardMalloc).
+
+        Crash was seen once running under GuardMalloc. The error is obvious.
+
+        * Modules/indexeddb/client/IDBConnectionProxy.cpp:
+        (WebCore::IDBClient::IDBConnectionProxy::completeOpenDBRequest): Don't get a raw pointer out of the map.
+          Instead store off as a RefPtr, as the map might be cleared out from the worker thread.
+
 2016-05-25  Chris Dumez  <cdu...@apple.com>
 
         Simplify and inline minimumValueForLength()

Modified: trunk/Source/WebCore/Modules/indexeddb/client/IDBConnectionProxy.cpp (201401 => 201402)


--- trunk/Source/WebCore/Modules/indexeddb/client/IDBConnectionProxy.cpp	2016-05-25 21:13:22 UTC (rev 201401)
+++ trunk/Source/WebCore/Modules/indexeddb/client/IDBConnectionProxy.cpp	2016-05-25 21:19:09 UTC (rev 201402)
@@ -104,7 +104,7 @@
 {
     ASSERT(isMainThread());
 
-    IDBOpenDBRequest* request;
+    RefPtr<IDBOpenDBRequest> request;
     {
         Locker<Lock> locker(m_openDBRequestMapLock);
         request = m_openDBRequestMap.get(resultData.requestIdentifier());

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes