[webkit-changes] [186556] branches/safari-600.1.4.17-branch/Source/WebCore

Wed, 08 Jul 2015 18:03:51 -0700

Title: [186556] branches/safari-600.1.4.17-branch/Source/WebCore
Revision
186556
Author
matthew_han...@apple.com
Date
2015-07-08 18:03:38 -0700 (Wed, 08 Jul 2015)

Log Message

Merge r183398. rdar://problem/21716555


Modified Paths

Diff

Modified: branches/safari-600.1.4.17-branch/Source/WebCore/ChangeLog (186555 => 186556)


--- branches/safari-600.1.4.17-branch/Source/WebCore/ChangeLog	2015-07-09 01:03:35 UTC (rev 186555)
+++ branches/safari-600.1.4.17-branch/Source/WebCore/ChangeLog	2015-07-09 01:03:38 UTC (rev 186556)
@@ -1,5 +1,22 @@
 2015-07-08  Matthew Hanson  <matthew_han...@apple.com>
 
+        Merge r183398. rdar://problem/21716555
+
+    2015-04-27  Darin Adler  <da...@apple.com>
+
+            Crashes under IDBDatabase::closeConnection
+            https://bugs.webkit.org/show_bug.cgi?id=141745
+
+            Reviewed by Alexey Proskuryakov.
+
+            * Modules/indexeddb/IDBDatabase.cpp:
+            (WebCore::IDBDatabase::~IDBDatabase): Do the work of close/closeConnection without
+            actually calling those functions.
+            (WebCore::IDBDatabase::closeConnection): Protect the database so it's not destroyed
+            in the middle of this function's execution.
+
+2015-07-08  Matthew Hanson  <matthew_han...@apple.com>
+
         Merge r182918. rdar://problem/21716544
 
     2015-04-16  Brady Eidson  <beid...@apple.com>

Modified: branches/safari-600.1.4.17-branch/Source/WebCore/Modules/indexeddb/IDBDatabase.cpp (186555 => 186556)


--- branches/safari-600.1.4.17-branch/Source/WebCore/Modules/indexeddb/IDBDatabase.cpp	2015-07-09 01:03:35 UTC (rev 186555)
+++ branches/safari-600.1.4.17-branch/Source/WebCore/Modules/indexeddb/IDBDatabase.cpp	2015-07-09 01:03:38 UTC (rev 186556)
@@ -70,7 +70,26 @@
 
 IDBDatabase::~IDBDatabase()
 {
-    close();
+    // This does what IDBDatabase::close does, but without any ref/deref of the
+    // database since it is already in the process of being deleted. The logic here
+    // is also simpler since we know there are no transactions (since they ref the
+    // database when they are alive).
+
+    ASSERT(m_transactions.isEmpty());
+
+    if (!m_closePending) {
+        m_closePending = true;
+        m_backend->close(m_databaseCallbacks);
+    }
+
+    if (auto* context = scriptExecutionContext()) {
+        // Remove any pending versionchange events scheduled to fire on this
+        // connection. They would have been scheduled by the backend when another
+        // connection called setVersion, but the frontend connection is being
+        // closed before they could fire.
+        for (auto& event : m_enqueuedEvents)
+            context->eventQueue().cancelEvent(*event);
+    }
 }
 
 int64_t IDBDatabase::nextTransactionId()
@@ -284,6 +303,8 @@
     ASSERT(m_transactions.isEmpty());
 
     // This can destroy the last reference to the database.
+    // Closing may result in deallocating the last transaction, which could result in deleting
+    // this IDBDatabase. We need the deallocation to happen after we are through.
     Ref<IDBDatabase> protect(*this);
 
     m_backend->close(m_databaseCallbacks);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to