Title: [208803] trunk/Source/WebCore
- Revision
- 208803
- Author
- [email protected]
- Date
- 2016-11-16 12:26:59 -0800 (Wed, 16 Nov 2016)
Log Message
REGRESSION (r208672): Crash in com.apple.WebCore: WebCore::DatabaseContext::stopDatabases + 34
https://bugs.webkit.org/show_bug.cgi?id=164820
Reviewed by Sam Weinig.
Crash seen in existing regression tests; reliably reproducible in some test configurations.
* Modules/webdatabase/DatabaseContext.cpp:
(WebCore::DatabaseContext::contextDestroyed): Call through to base class before calling
stopDatabases, since that might cause this object to be deallocated.
(WebCore::DatabaseContext::stopDatabases): Be sure not to clear the possibly-last reference
to this database context until after all code that accesses data members, since it might
cause this object to be deallocated.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (208802 => 208803)
--- trunk/Source/WebCore/ChangeLog 2016-11-16 20:23:46 UTC (rev 208802)
+++ trunk/Source/WebCore/ChangeLog 2016-11-16 20:26:59 UTC (rev 208803)
@@ -1,3 +1,19 @@
+2016-11-16 Darin Adler <[email protected]>
+
+ REGRESSION (r208672): Crash in com.apple.WebCore: WebCore::DatabaseContext::stopDatabases + 34
+ https://bugs.webkit.org/show_bug.cgi?id=164820
+
+ Reviewed by Sam Weinig.
+
+ Crash seen in existing regression tests; reliably reproducible in some test configurations.
+
+ * Modules/webdatabase/DatabaseContext.cpp:
+ (WebCore::DatabaseContext::contextDestroyed): Call through to base class before calling
+ stopDatabases, since that might cause this object to be deallocated.
+ (WebCore::DatabaseContext::stopDatabases): Be sure not to clear the possibly-last reference
+ to this database context until after all code that accesses data members, since it might
+ cause this object to be deallocated.
+
2016-11-16 Beth Dakin <[email protected]>
Implement WebPlaybackControlsManager
Modified: trunk/Source/WebCore/Modules/webdatabase/DatabaseContext.cpp (208802 => 208803)
--- trunk/Source/WebCore/Modules/webdatabase/DatabaseContext.cpp 2016-11-16 20:23:46 UTC (rev 208802)
+++ trunk/Source/WebCore/Modules/webdatabase/DatabaseContext.cpp 2016-11-16 20:26:59 UTC (rev 208803)
@@ -119,8 +119,8 @@
// It is not safe to just delete the context here.
void DatabaseContext::contextDestroyed()
{
+ ActiveDOMObject::contextDestroyed();
stopDatabases();
- ActiveDOMObject::contextDestroyed();
}
// stop() is from stopActiveDOMObjects() which indicates that the owner Frame
@@ -163,11 +163,6 @@
// FIXME: What guarantees this is never called after the script execution context is null?
ASSERT(scriptExecutionContext());
- if (scriptExecutionContext()->databaseContext()) {
- ASSERT(scriptExecutionContext()->databaseContext() == this);
- scriptExecutionContext()->setDatabaseContext(nullptr);
- }
-
// Though we initiate termination of the DatabaseThread here in
// stopDatabases(), we can't clear the m_databaseThread ref till we get to
// the destructor. This is because the Databases that are managed by
@@ -177,14 +172,19 @@
// why our ref count is 0 then and we're destructing). Then, the
// m_databaseThread RefPtr destructor will deref and delete the
// DatabaseThread.
-
- if (m_databaseThread && !m_hasRequestedTermination) {
+ bool result = m_databaseThread && !m_hasRequestedTermination;
+ if (result) {
m_databaseThread->requestTermination(synchronizer);
m_hasRequestedTermination = true;
- return true;
}
- return false;
+ auto& context = *scriptExecutionContext();
+ if (context.databaseContext()) {
+ ASSERT(context.databaseContext() == this);
+ context.setDatabaseContext(nullptr);
+ }
+
+ return result;
}
bool DatabaseContext::allowDatabaseAccess() const
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
