[webkit-changes] [197677] releases/WebKitGTK/webkit-2.12/Source/WebCore

[carlosgc]

Title: [197677] releases/WebKitGTK/webkit-2.12/Source/WebCore

Revision

197677

Author

carlo...@webkit.org

Date

2016-03-07 03:36:19 -0800 (Mon, 07 Mar 2016)

Log Message

Merge r197405 - Modern IDB: Possible crash deallocating IDBDatabaseInfo/IDBObjectStoreInfo/IDBIndexInfo.
https://bugs.webkit.org/show_bug.cgi?id=154860

Reviewed by Alex Christensen.

Covered by existing tests.

* Modules/indexeddb/shared/IDBDatabaseInfo.cpp:
(WebCore::IDBDatabaseInfo::IDBDatabaseInfo):
(WebCore::IDBDatabaseInfo::isolatedCopy):
* Modules/indexeddb/shared/IDBDatabaseInfo.h:

* Modules/indexeddb/shared/IDBTransactionInfo.cpp:
(WebCore::IDBTransactionInfo::isolatedCopy): If there's an IDBDatabaseInfo to copy,  that
  copy needs to be isolated.

Modified Paths

• releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog
• releases/WebKitGTK/webkit-2.12/Source/WebCore/Modules/indexeddb/shared/IDBDatabaseInfo.cpp
• releases/WebKitGTK/webkit-2.12/Source/WebCore/Modules/indexeddb/shared/IDBDatabaseInfo.h
• releases/WebKitGTK/webkit-2.12/Source/WebCore/Modules/indexeddb/shared/IDBTransactionInfo.cpp

Diff

Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog (197676 => 197677)

--- releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog	2016-03-07 11:34:42 UTC (rev 197676)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog	2016-03-07 11:36:19 UTC (rev 197677)
@@ -1,3 +1,21 @@
+2016-03-01  Brady Eidson  <beid...@apple.com>
+
+        Modern IDB: Possible crash deallocating IDBDatabaseInfo/IDBObjectStoreInfo/IDBIndexInfo.
+        https://bugs.webkit.org/show_bug.cgi?id=154860
+
+        Reviewed by Alex Christensen.
+
+        Covered by existing tests.
+
+        * Modules/indexeddb/shared/IDBDatabaseInfo.cpp:
+        (WebCore::IDBDatabaseInfo::IDBDatabaseInfo):
+        (WebCore::IDBDatabaseInfo::isolatedCopy):
+        * Modules/indexeddb/shared/IDBDatabaseInfo.h:
+
+        * Modules/indexeddb/shared/IDBTransactionInfo.cpp:
+        (WebCore::IDBTransactionInfo::isolatedCopy): If there's an IDBDatabaseInfo to copy,  that
+          copy needs to be isolated.
+
 2016-02-29  Zan Dobersek  <zdober...@igalia.com>
 
         TextureMapperGL: simplify TransformationMatrix copies in draw(), beginClip()

Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/Modules/indexeddb/shared/IDBDatabaseInfo.cpp (197676 => 197677)

--- releases/WebKitGTK/webkit-2.12/Source/WebCore/Modules/indexeddb/shared/IDBDatabaseInfo.cpp	2016-03-07 11:34:42 UTC (rev 197676)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/Modules/indexeddb/shared/IDBDatabaseInfo.cpp	2016-03-07 11:36:19 UTC (rev 197677)
@@ -40,18 +40,18 @@
 {
 }
 
+IDBDatabaseInfo::IDBDatabaseInfo(const IDBDatabaseInfo& other, IsolatedCopyTag)
+    : m_name(other.m_name.isolatedCopy())
+    , m_version(other.m_version)
+    , m_maxObjectStoreID(other.m_maxObjectStoreID)
+{
+    for (auto entry : other.m_objectStoreMap)
+        m_objectStoreMap.set(entry.key, entry.value.isolatedCopy());
+}
+
 IDBDatabaseInfo IDBDatabaseInfo::isolatedCopy() const
 {
-    IDBDatabaseInfo info;
-
-    info.m_name = m_name.isolatedCopy();
-    info.m_version = m_version;
-    info.m_maxObjectStoreID = m_maxObjectStoreID;
-
-    for (auto entry : m_objectStoreMap)
-        info.m_objectStoreMap.set(entry.key, entry.value.isolatedCopy());
-
-    return info;
+    return { *this, IDBDatabaseInfo::IsolatedCopy };
 }
 
 bool IDBDatabaseInfo::hasObjectStore(const String& name) const

Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/Modules/indexeddb/shared/IDBDatabaseInfo.h (197676 => 197677)

--- releases/WebKitGTK/webkit-2.12/Source/WebCore/Modules/indexeddb/shared/IDBDatabaseInfo.h	2016-03-07 11:34:42 UTC (rev 197676)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/Modules/indexeddb/shared/IDBDatabaseInfo.h	2016-03-07 11:36:19 UTC (rev 197677)
@@ -39,6 +39,9 @@
 public:
     IDBDatabaseInfo(const String& name, uint64_t version);
 
+    enum IsolatedCopyTag { IsolatedCopy };
+    IDBDatabaseInfo(const IDBDatabaseInfo&, IsolatedCopyTag);
+
     IDBDatabaseInfo isolatedCopy() const;
 
     const String& name() const { return m_name; }

Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/Modules/indexeddb/shared/IDBTransactionInfo.cpp (197676 => 197677)

--- releases/WebKitGTK/webkit-2.12/Source/WebCore/Modules/indexeddb/shared/IDBTransactionInfo.cpp	2016-03-07 11:34:42 UTC (rev 197676)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/Modules/indexeddb/shared/IDBTransactionInfo.cpp	2016-03-07 11:36:19 UTC (rev 197677)
@@ -81,7 +81,7 @@
         result.m_objectStores.uncheckedAppend(objectStore.isolatedCopy());
 
     if (m_originalDatabaseInfo)
-        result.m_originalDatabaseInfo = std::make_unique<IDBDatabaseInfo>(*m_originalDatabaseInfo);
+        result.m_originalDatabaseInfo = std::make_unique<IDBDatabaseInfo>(*m_originalDatabaseInfo, IDBDatabaseInfo::IsolatedCopy);
 
     return result;
 }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes