Changeset 241967 in webkit
- Timestamp:
- Feb 22, 2019 3:41:16 PM (5 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r241949 r241967 1 2019-02-22 Sihui Liu <sihui_liu@apple.com> 2 3 Crash under IDBServer::IDBConnectionToClient::identifier() const 4 https://bugs.webkit.org/show_bug.cgi?id=194843 5 <rdar://problem/48203102> 6 7 Reviewed by Geoffrey Garen. 8 9 UniqueIDBDatabase should ignore requests from connections that are already closed. 10 11 Tests are hard to create without some tricks on UniqueIDBDatabase so this fix is verified manually. 12 One test is created by adding delay to UniqueIDBDatabase::openBackingStore on the background thread to make sure 13 disconnection of web process happens before UniqueIDBDatabase::didOpenBackingStore, because didOpenBackingStore 14 may start a version change transaction and ask for identifier from the connection that is already gone. 15 16 * Modules/indexeddb/server/IDBConnectionToClient.cpp: 17 (WebCore::IDBServer::IDBConnectionToClient::connectionToClientClosed): 18 * Modules/indexeddb/server/IDBConnectionToClient.h: 19 (WebCore::IDBServer::IDBConnectionToClient::isClosed): 20 * Modules/indexeddb/server/UniqueIDBDatabase.cpp: 21 (WebCore::IDBServer::UniqueIDBDatabase::clearStalePendingOpenDBRequests): 22 (WebCore::IDBServer::UniqueIDBDatabase::handleDatabaseOperations): 23 (WebCore::IDBServer::UniqueIDBDatabase::operationAndTransactionTimerFired): 24 * Modules/indexeddb/server/UniqueIDBDatabase.h: 25 1 26 2019-02-22 Wenson Hsieh <wenson_hsieh@apple.com> 2 27 -
trunk/Source/WebCore/Modules/indexeddb/server/IDBConnectionToClient.cpp
r239887 r241967 208 208 } 209 209 210 m_isClosed = true; 210 211 m_databaseConnections.clear(); 211 212 } -
trunk/Source/WebCore/Modules/indexeddb/server/IDBConnectionToClient.h
r239887 r241967 80 80 void unregisterDatabaseConnection(UniqueIDBDatabaseConnection&); 81 81 void connectionToClientClosed(); 82 82 bool isClosed() { return m_isClosed; } 83 83 private: 84 84 IDBConnectionToClient(IDBConnectionToClientDelegate&); … … 86 86 WeakPtr<IDBConnectionToClientDelegate> m_delegate; 87 87 HashSet<UniqueIDBDatabaseConnection*> m_databaseConnections; 88 bool m_isClosed { false }; 88 89 }; 89 90 -
trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp
r241913 r241967 345 345 } 346 346 347 void UniqueIDBDatabase::clearStalePendingOpenDBRequests() 348 { 349 while (!m_pendingOpenDBRequests.isEmpty() && m_pendingOpenDBRequests.first()->connection().isClosed()) 350 m_pendingOpenDBRequests.removeFirst(); 351 } 352 347 353 void UniqueIDBDatabase::handleDatabaseOperations() 348 354 { … … 354 360 return; 355 361 356 if (m_versionChangeDatabaseConnection || m_versionChangeTransaction || m_currentOpenDBRequest) { 362 clearStalePendingOpenDBRequests(); 363 364 if (m_versionChangeDatabaseConnection || m_versionChangeTransaction || (m_currentOpenDBRequest && !m_currentOpenDBRequest->connection().isClosed())) { 357 365 // We can't start any new open-database operations right now, but we might be able to start handling a delete operation. 358 366 if (!m_currentOpenDBRequest && !m_pendingOpenDBRequests.isEmpty() && m_pendingOpenDBRequests.first()->isDeleteRequest()) … … 366 374 } 367 375 368 if (m_pendingOpenDBRequests.isEmpty()) 369 return; 376 if (m_pendingOpenDBRequests.isEmpty()) { 377 m_currentOpenDBRequest = nullptr; 378 return; 379 } 370 380 371 381 m_currentOpenDBRequest = m_pendingOpenDBRequests.takeFirst(); … … 1576 1586 // The current operation might require multiple attempts to handle, so try to 1577 1587 // make further progress on it now. 1578 if (m_currentOpenDBRequest )1588 if (m_currentOpenDBRequest && !m_currentOpenDBRequest->connection().isClosed()) 1579 1589 handleCurrentOperation(); 1580 1581 if (!m_currentOpenDBRequest) 1590 else 1582 1591 handleDatabaseOperations(); 1583 1592 -
trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.h
r241468 r241967 215 215 216 216 bool prepareToFinishTransaction(UniqueIDBDatabaseTransaction&); 217 218 void clearStalePendingOpenDBRequests(); 217 219 218 220 void postDatabaseTask(CrossThreadTask&&);
Note: See TracChangeset
for help on using the changeset viewer.