Changeset 247337 in webkit


Ignore:
Timestamp:
Jul 10, 2019 5:43:07 PM (5 years ago)
Author:
sihui_liu@apple.com
Message:

Crash at WebCore::IDBServer::MemoryObjectStoreCursor::incrementReverseIterator
https://bugs.webkit.org/show_bug.cgi?id=199677
<rdar://problem/52334665>

Reviewed by Alex Christensen.

Add an early return in incrementReverseIterator when setFirstInRemainingRange fails to set m_iterator. This is
in line with what we did in incrementForwardIterator.

  • Modules/indexeddb/server/MemoryObjectStoreCursor.cpp:

(WebCore::IDBServer::MemoryObjectStoreCursor::incrementReverseIterator):

Location:
trunk/Source/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r247331 r247337  
     12019-07-10  Sihui Liu  <sihui_liu@apple.com>
     2
     3        Crash at WebCore::IDBServer::MemoryObjectStoreCursor::incrementReverseIterator
     4        https://bugs.webkit.org/show_bug.cgi?id=199677
     5        <rdar://problem/52334665>
     6
     7        Reviewed by Alex Christensen.
     8
     9        Add an early return in incrementReverseIterator when setFirstInRemainingRange fails to set m_iterator. This is
     10        in line with what we did in incrementForwardIterator.
     11
     12        * Modules/indexeddb/server/MemoryObjectStoreCursor.cpp:
     13        (WebCore::IDBServer::MemoryObjectStoreCursor::incrementReverseIterator):
     14
    1152019-07-10  Chris Dumez  <cdumez@apple.com>
    216

  • trunk/Source/WebCore/Modules/indexeddb/server/MemoryObjectStoreCursor.cpp

    r244436 r247337  
    271271    }
    272272
    273     if (*m_iterator == set.end())
     273    if (!m_iterator || *m_iterator == set.end())
    274274        return;
    275275
Note: See TracChangeset for help on using the changeset viewer.