Changeset 202821 in webkit


Ignore:
Timestamp:
Jul 5, 2016 11:04:28 AM (8 years ago)
Author:
beidson@apple.com
Message:

TransactionOperations can get destroyed on the wrong thread.
https://bugs.webkit.org/show_bug.cgi?id=159103

Reviewed by Alex Christensen.

No new tests (Very racy, not feasible to write a dedicated test for, caught on bots occasionally as-is).

  • Modules/indexeddb/IDBActiveDOMObject.h:

(WebCore::IDBActiveDOMObject::callFunctionOnOriginThread):

  • Modules/indexeddb/client/IDBConnectionProxy.cpp:

(WebCore::IDBClient::IDBConnectionProxy::completeOperation): Pass the last ref to the operation to its

origin thread to be deleted there.

  • Modules/indexeddb/client/TransactionOperation.h:

(WebCore::IDBClient::TransactionOperation::performCompleteOnOriginThread):

Location:
trunk/Source/WebCore
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r202815 r202821  
     12016-07-05  Brady Eidson  <beidson@apple.com>
     2
     3        TransactionOperations can get destroyed on the wrong thread.
     4        https://bugs.webkit.org/show_bug.cgi?id=159103
     5
     6        Reviewed by Alex Christensen.
     7
     8        No new tests (Very racy, not feasible to write a dedicated test for, caught on bots occasionally as-is).
     9
     10        * Modules/indexeddb/IDBActiveDOMObject.h:
     11        (WebCore::IDBActiveDOMObject::callFunctionOnOriginThread):
     12       
     13        * Modules/indexeddb/client/IDBConnectionProxy.cpp:
     14        (WebCore::IDBClient::IDBConnectionProxy::completeOperation): Pass the last ref to the operation to its
     15          origin thread to be deleted there.
     16       
     17        * Modules/indexeddb/client/TransactionOperation.h:
     18        (WebCore::IDBClient::TransactionOperation::performCompleteOnOriginThread):
     19
    1202016-07-05  Youenn Fablet  <youenn@apple.com>
    221

  • trunk/Source/WebCore/Modules/indexeddb/IDBActiveDOMObject.h

    r201504 r202821  
    6464    }
    6565
     66    void callFunctionOnOriginThread(Function<void ()>&& function)
     67    {
     68        if (originThreadID() == currentThread()) {
     69            function();
     70            return;
     71        }
     72
     73        Locker<Lock> lock(m_scriptExecutionContextLock);
     74
     75        ScriptExecutionContext* context = scriptExecutionContext();
     76        if (!context)
     77            return;
     78
     79        context->postTask(WTFMove(function));
     80    }
     81
    6682protected:
    6783    IDBActiveDOMObject(ScriptExecutionContext* context)

  • trunk/Source/WebCore/Modules/indexeddb/client/IDBConnectionProxy.cpp

    r202809 r202821  
    224224        return;
    225225
    226     operation->performCompleteOnOriginThread(resultData);
     226    operation->performCompleteOnOriginThread(resultData, WTFMove(operation));
    227227}
    228228

  • trunk/Source/WebCore/Modules/indexeddb/client/TransactionOperation.h

    r201356 r202821  
    6363    }
    6464
    65     void performCompleteOnOriginThread(const IDBResultData& data)
     65    void performCompleteOnOriginThread(const IDBResultData& data, RefPtr<TransactionOperation>&& lastRef)
    6666    {
    6767        ASSERT(isMainThread());
     
    6969        if (m_originThreadID == currentThread())
    7070            completed(data);
    71         else
     71        else {
    7272            m_transaction->performCallbackOnOriginThread(*this, &TransactionOperation::completed, data);
     73            m_transaction->callFunctionOnOriginThread([lastRef = WTFMove(lastRef)]() {
     74            });
     75        }
    7376    }
    7477
Note: See TracChangeset for help on using the changeset viewer.