Title: [186556] branches/safari-600.1.4.17-branch/Source/WebCore
- Revision
- 186556
- Author
- matthew_han...@apple.com
- Date
- 2015-07-08 18:03:38 -0700 (Wed, 08 Jul 2015)
Log Message
Merge r183398. rdar://problem/21716555
Modified Paths
Diff
Modified: branches/safari-600.1.4.17-branch/Source/WebCore/ChangeLog (186555 => 186556)
--- branches/safari-600.1.4.17-branch/Source/WebCore/ChangeLog 2015-07-09 01:03:35 UTC (rev 186555)
+++ branches/safari-600.1.4.17-branch/Source/WebCore/ChangeLog 2015-07-09 01:03:38 UTC (rev 186556)
@@ -1,5 +1,22 @@
2015-07-08 Matthew Hanson <matthew_han...@apple.com>
+ Merge r183398. rdar://problem/21716555
+
+ 2015-04-27 Darin Adler <da...@apple.com>
+
+ Crashes under IDBDatabase::closeConnection
+ https://bugs.webkit.org/show_bug.cgi?id=141745
+
+ Reviewed by Alexey Proskuryakov.
+
+ * Modules/indexeddb/IDBDatabase.cpp:
+ (WebCore::IDBDatabase::~IDBDatabase): Do the work of close/closeConnection without
+ actually calling those functions.
+ (WebCore::IDBDatabase::closeConnection): Protect the database so it's not destroyed
+ in the middle of this function's execution.
+
+2015-07-08 Matthew Hanson <matthew_han...@apple.com>
+
Merge r182918. rdar://problem/21716544
2015-04-16 Brady Eidson <beid...@apple.com>
Modified: branches/safari-600.1.4.17-branch/Source/WebCore/Modules/indexeddb/IDBDatabase.cpp (186555 => 186556)
--- branches/safari-600.1.4.17-branch/Source/WebCore/Modules/indexeddb/IDBDatabase.cpp 2015-07-09 01:03:35 UTC (rev 186555)
+++ branches/safari-600.1.4.17-branch/Source/WebCore/Modules/indexeddb/IDBDatabase.cpp 2015-07-09 01:03:38 UTC (rev 186556)
@@ -70,7 +70,26 @@
IDBDatabase::~IDBDatabase()
{
- close();
+ // This does what IDBDatabase::close does, but without any ref/deref of the
+ // database since it is already in the process of being deleted. The logic here
+ // is also simpler since we know there are no transactions (since they ref the
+ // database when they are alive).
+
+ ASSERT(m_transactions.isEmpty());
+
+ if (!m_closePending) {
+ m_closePending = true;
+ m_backend->close(m_databaseCallbacks);
+ }
+
+ if (auto* context = scriptExecutionContext()) {
+ // Remove any pending versionchange events scheduled to fire on this
+ // connection. They would have been scheduled by the backend when another
+ // connection called setVersion, but the frontend connection is being
+ // closed before they could fire.
+ for (auto& event : m_enqueuedEvents)
+ context->eventQueue().cancelEvent(*event);
+ }
}
int64_t IDBDatabase::nextTransactionId()
@@ -284,6 +303,8 @@
ASSERT(m_transactions.isEmpty());
// This can destroy the last reference to the database.
+ // Closing may result in deallocating the last transaction, which could result in deleting
+ // this IDBDatabase. We need the deallocation to happen after we are through.
Ref<IDBDatabase> protect(*this);
m_backend->close(m_databaseCallbacks);
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes