Modified: branches/safari-603-branch/Source/WebCore/ChangeLog (210714 => 210715)
--- branches/safari-603-branch/Source/WebCore/ChangeLog 2017-01-13 06:10:43 UTC (rev 210714)
+++ branches/safari-603-branch/Source/WebCore/ChangeLog 2017-01-13 06:10:46 UTC (rev 210715)
@@ -1,5 +1,25 @@
2017-01-12 Matthew Hanson <[email protected]>
+ Merge r210684. rdar://problem/29775711
+
+ 2017-01-12 Brady Eidson <[email protected]>
+
+ REGRESSION (r209977): Crash in UniqueIDBDatabase::executeNextDatabaseTask.
+ https://bugs.webkit.org/show_bug.cgi?id=166984
+
+ Reviewed by Alex Christensen.
+
+ No new tests (Unable to reproduce, speculative fix).
+
+ * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
+ (WebCore::IDBServer::UniqueIDBDatabase::performIterateCursor): If we're not already prefetching for this cursor,
+ starting doing so after holding a protector ref.
+ (WebCore::IDBServer::UniqueIDBDatabase::performPrefetchCursor): If we're now done prefetching for this cursor,
+ schedule the protector ref to be destroyed on the main thread.
+ * Modules/indexeddb/server/UniqueIDBDatabase.h:
+
+2017-01-12 Matthew Hanson <[email protected]>
+
Merge r210679. rdar://problem/29910273
2017-01-12 Youenn Fablet <[email protected]>
Modified: branches/safari-603-branch/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp (210714 => 210715)
--- branches/safari-603-branch/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp 2017-01-13 06:10:43 UTC (rev 210714)
+++ branches/safari-603-branch/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp 2017-01-13 06:10:46 UTC (rev 210715)
@@ -1232,8 +1232,13 @@
IDBGetResult result;
IDBError error = m_backingStore->iterateCursor(transactionIdentifier, cursorIdentifier, data, result);
- if (error.isNull())
- postDatabaseTask(createCrossThreadTask(*this, &UniqueIDBDatabase::performPrefetchCursor, transactionIdentifier, cursorIdentifier));
+ if (error.isNull()) {
+ auto addResult = m_prefetchProtectors.add(cursorIdentifier, nullptr);
+ if (addResult.isNewEntry) {
+ addResult.iterator->value = this;
+ postDatabaseTask(createCrossThreadTask(*this, &UniqueIDBDatabase::performPrefetchCursor, transactionIdentifier, cursorIdentifier));
+ }
+ }
postDatabaseTaskReply(createCrossThreadTask(*this, &UniqueIDBDatabase::didPerformIterateCursor, callbackIdentifier, error, result));
}
@@ -1241,10 +1246,13 @@
void UniqueIDBDatabase::performPrefetchCursor(const IDBResourceIdentifier& transactionIdentifier, const IDBResourceIdentifier& cursorIdentifier)
{
ASSERT(!isMainThread());
+ ASSERT(m_prefetchProtectors.contains(cursorIdentifier));
LOG(IndexedDB, "(db) UniqueIDBDatabase::performPrefetchCursor");
if (m_backingStore->prefetchCursor(transactionIdentifier, cursorIdentifier))
postDatabaseTask(createCrossThreadTask(*this, &UniqueIDBDatabase::performPrefetchCursor, transactionIdentifier, cursorIdentifier));
+ else
+ postDatabaseTaskReply(Function<void ()>([prefetchProtector = m_prefetchProtectors.take(cursorIdentifier)]() { }));
}
void UniqueIDBDatabase::didPerformIterateCursor(uint64_t callbackIdentifier, const IDBError& error, const IDBGetResult& result)
Modified: branches/safari-603-branch/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.h (210714 => 210715)
--- branches/safari-603-branch/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.h 2017-01-13 06:10:43 UTC (rev 210714)
+++ branches/safari-603-branch/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.h 2017-01-13 06:10:46 UTC (rev 210715)
@@ -271,6 +271,8 @@
bool m_hardClosedForUserDelete { false };
RefPtr<UniqueIDBDatabase> m_hardCloseProtector;
+
+ HashMap<IDBResourceIdentifier, RefPtr<UniqueIDBDatabase>> m_prefetchProtectors;
};
} // namespace IDBServer
