[webkit-changes] [248971] trunk/Source/WebCore

[cdumez]

Title: [248971] trunk/Source/WebCore

Revision

248971

Author

cdu...@apple.com

Date

2019-08-21 15:45:46 -0700 (Wed, 21 Aug 2019)

Log Message

Crash under StringImpl::endsWith() in SQLiteIDBBackingStore::fullDatabaseDirectoryWithUpgrade()
https://bugs.webkit.org/show_bug.cgi?id=200990
<rdar://problem/54566439>

Reviewed by Alex Christensen.

Make sure we call isolatedCopy() on SQLiteIDBBackingStore::m_databaseRootDirectory before using
it from background threads.

* Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
(WebCore::IDBServer::SQLiteIDBBackingStore::fullDatabaseDirectoryWithUpgrade):
(WebCore::IDBServer::SQLiteIDBBackingStore::databasesSizeForOrigin const):
(WebCore::IDBServer::SQLiteIDBBackingStore::deleteBackingStore):
* Modules/indexeddb/server/SQLiteIDBBackingStore.h:
(WebCore::IDBServer::SQLiteIDBBackingStore::databaseRootDirectory const):

Modified Paths

• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.cpp
• trunk/Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.h

Diff

Modified: trunk/Source/WebCore/ChangeLog (248970 => 248971)

--- trunk/Source/WebCore/ChangeLog	2019-08-21 22:42:48 UTC (rev 248970)
+++ trunk/Source/WebCore/ChangeLog	2019-08-21 22:45:46 UTC (rev 248971)
@@ -1,5 +1,23 @@
 2019-08-21  Chris Dumez  <cdu...@apple.com>
 
+        Crash under StringImpl::endsWith() in SQLiteIDBBackingStore::fullDatabaseDirectoryWithUpgrade()
+        https://bugs.webkit.org/show_bug.cgi?id=200990
+        <rdar://problem/54566439>
+
+        Reviewed by Alex Christensen.
+
+        Make sure we call isolatedCopy() on SQLiteIDBBackingStore::m_databaseRootDirectory before using
+        it from background threads.
+
+        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
+        (WebCore::IDBServer::SQLiteIDBBackingStore::fullDatabaseDirectoryWithUpgrade):
+        (WebCore::IDBServer::SQLiteIDBBackingStore::databasesSizeForOrigin const):
+        (WebCore::IDBServer::SQLiteIDBBackingStore::deleteBackingStore):
+        * Modules/indexeddb/server/SQLiteIDBBackingStore.h:
+        (WebCore::IDBServer::SQLiteIDBBackingStore::databaseRootDirectory const):
+
+2019-08-21  Chris Dumez  <cdu...@apple.com>
+
         Crash under StringImpl::~StringImpl() in IDBServer::computeSpaceUsedForOrigin()
         https://bugs.webkit.org/show_bug.cgi?id=200989
         <rdar://problem/54565546>

Modified: trunk/Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.cpp (248970 => 248971)

--- trunk/Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.cpp	2019-08-21 22:42:48 UTC (rev 248970)
+++ trunk/Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.cpp	2019-08-21 22:45:46 UTC (rev 248971)
@@ -765,9 +765,10 @@
 
 String SQLiteIDBBackingStore::fullDatabaseDirectoryWithUpgrade()
 {
-    String oldOriginDirectory = m_identifier.databaseDirectoryRelativeToRoot(m_databaseRootDirectory, "v0");
+    auto databaseRootDirectory = this->databaseRootDirectory();
+    String oldOriginDirectory = m_identifier.databaseDirectoryRelativeToRoot(databaseRootDirectory, "v0");
     String oldDatabaseDirectory = FileSystem::pathByAppendingComponent(oldOriginDirectory, filenameForDatabaseName());
-    String newOriginDirectory = m_identifier.databaseDirectoryRelativeToRoot(m_databaseRootDirectory, "v1");
+    String newOriginDirectory = m_identifier.databaseDirectoryRelativeToRoot(databaseRootDirectory, "v1");
     String fileNameHash = SQLiteFileSystem::computeHashForFileName(m_identifier.databaseName());
     Vector<String> directoriesWithSameHash = FileSystem::listDirectory(newOriginDirectory, fileNameHash + "*");
     String newDatabaseDirectory = FileSystem::pathByAppendingComponent(newOriginDirectory, fileNameHash);
@@ -856,8 +857,9 @@
 
 uint64_t SQLiteIDBBackingStore::databasesSizeForOrigin() const
 {
-    String oldVersionOriginDirectory = m_identifier.databaseDirectoryRelativeToRoot(m_databaseRootDirectory, "v0");
-    String newVersionOriginDirectory = m_identifier.databaseDirectoryRelativeToRoot(m_databaseRootDirectory, "v1");
+    auto databaseRootDirectory = this->databaseRootDirectory();
+    String oldVersionOriginDirectory = m_identifier.databaseDirectoryRelativeToRoot(databaseRootDirectory, "v0");
+    String newVersionOriginDirectory = m_identifier.databaseDirectoryRelativeToRoot(databaseRootDirectory, "v1");
     return databasesSizeForFolder(oldVersionOriginDirectory) + databasesSizeForFolder(newVersionOriginDirectory);
 }
 
@@ -2560,7 +2562,7 @@
 
     SQLiteFileSystem::deleteDatabaseFile(dbFilename);
     SQLiteFileSystem::deleteEmptyDatabaseDirectory(m_databaseDirectory);
-    SQLiteFileSystem::deleteEmptyDatabaseDirectory(m_identifier.databaseDirectoryRelativeToRoot(m_databaseRootDirectory));
+    SQLiteFileSystem::deleteEmptyDatabaseDirectory(m_identifier.databaseDirectoryRelativeToRoot(databaseRootDirectory()));
 }
 
 void SQLiteIDBBackingStore::unregisterCursor(SQLiteIDBCursor& cursor)

Modified: trunk/Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.h (248970 => 248971)

--- trunk/Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.h	2019-08-21 22:42:48 UTC (rev 248970)
+++ trunk/Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.h	2019-08-21 22:45:46 UTC (rev 248971)
@@ -108,6 +108,8 @@
     String filenameForDatabaseName() const;
     String fullDatabasePath() const;
     String fullDatabaseDirectoryWithUpgrade();
+    
+    String databaseRootDirectory() const { return m_databaseRootDirectory.isolatedCopy(); }
 
     bool ensureValidRecordsTable();
     bool ensureValidIndexRecordsTable();

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes