Title: [183398] trunk/Source/WebCore
- Revision
- 183398
- Author
- [email protected]
- Date
- 2015-04-27 10:07:20 -0700 (Mon, 27 Apr 2015)
Log Message
Crashes under IDBDatabase::closeConnection
https://bugs.webkit.org/show_bug.cgi?id=141745
Reviewed by Alexey Proskuryakov.
* Modules/indexeddb/IDBDatabase.cpp:
(WebCore::IDBDatabase::~IDBDatabase): Do the work of close/closeConnection without
actually calling those functions.
(WebCore::IDBDatabase::closeConnection): Protect the database so it's not destroyed
in the middle of this function's execution.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (183397 => 183398)
--- trunk/Source/WebCore/ChangeLog 2015-04-27 14:56:18 UTC (rev 183397)
+++ trunk/Source/WebCore/ChangeLog 2015-04-27 17:07:20 UTC (rev 183398)
@@ -1,3 +1,16 @@
+2015-04-27 Darin Adler <[email protected]>
+
+ Crashes under IDBDatabase::closeConnection
+ https://bugs.webkit.org/show_bug.cgi?id=141745
+
+ Reviewed by Alexey Proskuryakov.
+
+ * Modules/indexeddb/IDBDatabase.cpp:
+ (WebCore::IDBDatabase::~IDBDatabase): Do the work of close/closeConnection without
+ actually calling those functions.
+ (WebCore::IDBDatabase::closeConnection): Protect the database so it's not destroyed
+ in the middle of this function's execution.
+
2015-04-27 Xabier Rodriguez Calvar <[email protected]> and Youenn Fablet <[email protected]>
[Streams API] ReadableStream constructor start function should be able to close the stream
Modified: trunk/Source/WebCore/Modules/indexeddb/IDBDatabase.cpp (183397 => 183398)
--- trunk/Source/WebCore/Modules/indexeddb/IDBDatabase.cpp 2015-04-27 14:56:18 UTC (rev 183397)
+++ trunk/Source/WebCore/Modules/indexeddb/IDBDatabase.cpp 2015-04-27 17:07:20 UTC (rev 183398)
@@ -71,7 +71,26 @@
IDBDatabase::~IDBDatabase()
{
- close();
+ // This does what IDBDatabase::close does, but without any ref/deref of the
+ // database since it is already in the process of being deleted. The logic here
+ // is also simpler since we know there are no transactions (since they ref the
+ // database when they are alive).
+
+ ASSERT(m_transactions.isEmpty());
+
+ if (!m_closePending) {
+ m_closePending = true;
+ m_backend->close(m_databaseCallbacks);
+ }
+
+ if (auto* context = scriptExecutionContext()) {
+ // Remove any pending versionchange events scheduled to fire on this
+ // connection. They would have been scheduled by the backend when another
+ // connection called setVersion, but the frontend connection is being
+ // closed before they could fire.
+ for (auto& event : m_enqueuedEvents)
+ context->eventQueue().cancelEvent(*event);
+ }
}
int64_t IDBDatabase::nextTransactionId()
@@ -284,6 +303,10 @@
ASSERT(m_closePending);
ASSERT(m_transactions.isEmpty());
+ // Closing may result in deallocating the last transaction, which could result in deleting
+ // this IDBDatabase. We need the deallocation to happen after we are through.
+ Ref<IDBDatabase> protect(*this);
+
m_backend->close(m_databaseCallbacks);
if (m_contextStopped || !scriptExecutionContext())
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
