Changeset 279255 in webkit

Timestamp:

Jun 24, 2021, 5:06:06 PM (4 years ago)

Author:

commit-queue@webkit.org

Message:

Source/WebCore:
Crash in IDBTransaction::dispatchEvent when m_openDBRequest is null.
​https://bugs.webkit.org/show_bug.cgi?id=226885

Patch by Venky Dass <​yaranamavenkataramana@apple.com> on 2021-06-24
Reviewed by Sihui Liu.

Added a test to create null openDBRequest so that it can crash.

Test: storage/indexeddb/request-with-null-open-db-request.html

• Modules/indexeddb/IDBTransaction.cpp:

(WebCore::IDBTransaction::dispatchEvent):

LayoutTests:
Crash in IDBTransaction::dispatchEvent when m_openDBRequest is null.
​https://bugs.webkit.org/show_bug.cgi?id=226885

Patch by Venky Dass <​yaranamavenkataramana@apple.com> on 2021-06-24
Reviewed by Sihui Liu.

• storage/indexeddb/request-with-null-open-db-request-expected.txt: Added.
• storage/indexeddb/request-with-null-open-db-request.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/storage/indexeddb/request-with-null-open-db-request-expected.txt (added)
• LayoutTests/storage/indexeddb/request-with-null-open-db-request.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/Modules/indexeddb/IDBTransaction.cpp (modified) (2 diffs)
• Source/WebCore/Modules/indexeddb/IDBTransaction.h (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2021-06-24  Venky Dass  <yaranamavenkataramana@apple.com>
+
+        Crash in IDBTransaction::dispatchEvent when m_openDBRequest is null.
+        https://bugs.webkit.org/show_bug.cgi?id=226885
+
+        Reviewed by Sihui Liu.
+
+        * storage/indexeddb/request-with-null-open-db-request-expected.txt: Added.
+        * storage/indexeddb/request-with-null-open-db-request.html: Added.
+
 2021-06-24  Jer Noble  <jer.noble@apple.com>
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2021-06-24  Venky Dass  <yaranamavenkataramana@apple.com>
+
+        Crash in IDBTransaction::dispatchEvent when m_openDBRequest is null. 
+        https://bugs.webkit.org/show_bug.cgi?id=226885
+
+        Reviewed by Sihui Liu.
+
+        Added a test to create null openDBRequest so that it can crash.  
+
+        Test: storage/indexeddb/request-with-null-open-db-request.html
+
+        * Modules/indexeddb/IDBTransaction.cpp:
+        (WebCore::IDBTransaction::dispatchEvent):
+
 2021-06-24  Jer Noble  <jer.noble@apple.com>
 

trunk/Source/WebCore/Modules/indexeddb/IDBTransaction.cpp

@@ -585 +585 @@
         return;
 
+    m_abortOrCommitEvent = event.ptr();
     queueTaskToDispatchEvent(*this, TaskSource::DatabaseAccess, WTFMove(event));
 }
@@ -595 +596 @@
     ASSERT(scriptExecutionContext());
     ASSERT(!isContextStopped());
+    
+
+    auto protectedThis = makeRef(*this);
+
+    EventDispatcher::dispatchEvent({ this, m_database.ptr() }, event);
+    
+    if (m_abortOrCommitEvent != &event)
+        return;
+    
     ASSERT(event.type() == eventNames().completeEvent || event.type() == eventNames().abortEvent);
-
-    auto protectedThis = makeRef(*this);
-
-    EventDispatcher::dispatchEvent({ this, m_database.ptr() }, event);
     m_didDispatchAbortOrCommit = true;
 
     if (isVersionChange()) {
-        ASSERT(m_openDBRequest);
         m_openDBRequest->versionChangeTransactionDidFinish();
 

trunk/Source/WebCore/Modules/indexeddb/IDBTransaction.h

@@ -251 +251 @@
     Deque<IDBClient::TransactionOperation*> m_transactionOperationsInProgressQueue;
     Deque<RefPtr<IDBClient::TransactionOperation>> m_abortQueue;
+    Event* m_abortOrCommitEvent;
     HashMap<RefPtr<IDBClient::TransactionOperation>, IDBResultData> m_transactionOperationResultMap;