Title: [240090] trunk/Source/WebCore
- Revision
- 240090
- Author
- sihui_...@apple.com
- Date
- 2019-01-16 15:52:36 -0800 (Wed, 16 Jan 2019)
Log Message
IndexedDB: UniqueIDBDatabase should not be freed if the database task queue is not empty.
https://bugs.webkit.org/show_bug.cgi?id=193093
Reviewed by Brady Eidson.
performUnconditionalDeleteBackingStore killed the database task queue immediately, but performPrefetchCursor
task may be scheduled behind performUnconditionalDeleteBackingStore on database thread.
* Modules/indexeddb/server/UniqueIDBDatabase.cpp:
(WebCore::IDBServer::UniqueIDBDatabase::shutdownForClose):
(WebCore::IDBServer::UniqueIDBDatabase::performPrefetchCursor):
(WebCore::IDBServer::UniqueIDBDatabase::isDoneWithHardClose):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (240089 => 240090)
--- trunk/Source/WebCore/ChangeLog 2019-01-16 23:50:26 UTC (rev 240089)
+++ trunk/Source/WebCore/ChangeLog 2019-01-16 23:52:36 UTC (rev 240090)
@@ -1,3 +1,18 @@
+2019-01-16 Sihui Liu <sihui_...@apple.com>
+
+ IndexedDB: UniqueIDBDatabase should not be freed if the database task queue is not empty.
+ https://bugs.webkit.org/show_bug.cgi?id=193093
+
+ Reviewed by Brady Eidson.
+
+ performUnconditionalDeleteBackingStore killed the database task queue immediately, but performPrefetchCursor
+ task may be scheduled behind performUnconditionalDeleteBackingStore on database thread.
+
+ * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
+ (WebCore::IDBServer::UniqueIDBDatabase::shutdownForClose):
+ (WebCore::IDBServer::UniqueIDBDatabase::performPrefetchCursor):
+ (WebCore::IDBServer::UniqueIDBDatabase::isDoneWithHardClose):
+
2019-01-16 Alex Christensen <achristen...@webkit.org>
Internal build fix.
Modified: trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp (240089 => 240090)
--- trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp 2019-01-16 23:50:26 UTC (rev 240089)
+++ trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp 2019-01-16 23:52:36 UTC (rev 240090)
@@ -292,7 +292,10 @@
m_backingStoreSupportsSimultaneousTransactions = false;
m_backingStoreIsEphemeral = false;
- ASSERT(m_databaseQueue.isEmpty());
+ if (!m_databaseQueue.isEmpty()) {
+ postDatabaseTask(createCrossThreadTask(*this, &UniqueIDBDatabase::shutdownForClose));
+ return;
+ }
m_databaseQueue.kill();
postDatabaseTaskReply(createCrossThreadTask(*this, &UniqueIDBDatabase::didShutdownForClose));
@@ -1271,10 +1274,10 @@
ASSERT(m_cursorPrefetches.contains(cursorIdentifier));
LOG(IndexedDB, "(db) UniqueIDBDatabase::performPrefetchCursor");
- if (m_backingStore->prefetchCursor(transactionIdentifier, cursorIdentifier))
+ if (m_hardClosedForUserDelete || !m_backingStore->prefetchCursor(transactionIdentifier, cursorIdentifier))
+ m_cursorPrefetches.remove(cursorIdentifier);
+ else
postDatabaseTask(createCrossThreadTask(*this, &UniqueIDBDatabase::performPrefetchCursor, transactionIdentifier, cursorIdentifier));
- else
- m_cursorPrefetches.remove(cursorIdentifier);
}
void UniqueIDBDatabase::didPerformIterateCursor(uint64_t callbackIdentifier, const IDBError& error, const IDBGetResult& result)
@@ -1784,7 +1787,7 @@
bool UniqueIDBDatabase::isDoneWithHardClose()
{
- return m_databaseQueue.isKilled() && m_clientClosePendingDatabaseConnections.isEmpty() && m_serverClosePendingDatabaseConnections.isEmpty();
+ return m_databaseReplyQueue.isKilled() && m_clientClosePendingDatabaseConnections.isEmpty() && m_serverClosePendingDatabaseConnections.isEmpty();
}
static void errorOpenDBRequestForUserDelete(ServerOpenDBRequest& request)
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
