Changeset 243622 in webkit


Ignore:
Timestamp:
Mar 28, 2019 2:26:38 PM (5 years ago)
Author:
jiewen_tan@apple.com
Message:

IDBRequest::dispatchEvent should check nullability of m_transaction before operations that rely on it to be non null
https://bugs.webkit.org/show_bug.cgi?id=196319
<rdar://problem/49355279>

Reviewed by Alex Christensen.

The test that triggers this crash is on Bug 196276.

  • Modules/indexeddb/IDBRequest.cpp:

(WebCore::IDBRequest::dispatchEvent):

Location:
trunk/Source/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r243621 r243622  
     12019-03-27  Jiewen Tan  <jiewen_tan@apple.com>
     2
     3        IDBRequest::dispatchEvent should check nullability of m_transaction before operations that rely on it to be non null
     4        https://bugs.webkit.org/show_bug.cgi?id=196319
     5        <rdar://problem/49355279>
     6
     7        Reviewed by Alex Christensen.
     8
     9        The test that triggers this crash is on Bug 196276.
     10
     11        * Modules/indexeddb/IDBRequest.cpp:
     12        (WebCore::IDBRequest::dispatchEvent):
     13
    1142019-03-28  Ryosuke Niwa  <rniwa@webkit.org>
    215

  • trunk/Source/WebCore/Modules/indexeddb/IDBRequest.cpp

    r242986 r243622  
    331331        m_hasPendingActivity = isOpenDBRequest() && (event.type() == eventNames().upgradeneededEvent || event.type() == eventNames().blockedEvent);
    332332
     333    m_dispatchingEvent = false;
     334    if (!m_transaction)
     335        return;
     336
    333337    // The request should only remain in the transaction's request list if it represents a pending cursor operation, or this is an open request that was blocked.
    334     if (m_transaction && !m_pendingCursor && event.type() != eventNames().blockedEvent)
     338    if (!m_pendingCursor && event.type() != eventNames().blockedEvent)
    335339        m_transaction->removeRequest(*this);
    336340
    337341    if (m_hasUncaughtException)
    338342        m_transaction->abortDueToFailedRequest(DOMException::create(AbortError, "IDBTransaction will abort due to uncaught exception in an event handler"_s));
    339     else if (!event.defaultPrevented() && event.type() == eventNames().errorEvent && m_transaction && !m_transaction->isFinishedOrFinishing()) {
     343    else if (!event.defaultPrevented() && event.type() == eventNames().errorEvent && !m_transaction->isFinishedOrFinishing()) {
    340344        ASSERT(m_domError);
    341345        m_transaction->abortDueToFailedRequest(*m_domError);
    342346    }
    343347
    344     if (m_transaction)
    345         m_transaction->finishedDispatchEventForRequest(*this);
    346 
    347     m_dispatchingEvent = false;
     348    m_transaction->finishedDispatchEventForRequest(*this);
    348349}
    349350
Note: See TracChangeset for help on using the changeset viewer.