Changeset 248969 in webkit


Ignore:
Timestamp:
Aug 21, 2019 3:32:23 PM (5 years ago)
Author:
Chris Dumez
Message:

Crash under StringImpl::~StringImpl() in IDBServer::computeSpaceUsedForOrigin()
https://bugs.webkit.org/show_bug.cgi?id=200989
<rdar://problem/54565546>

Reviewed by Alex Christensen.

Make sure we call isolatedCopy() on IDBServer::m_databaseDirectoryPath before using it from
background threads.

  • Modules/indexeddb/server/IDBServer.cpp:

(WebCore::IDBServer::IDBServer::createBackingStore):
(WebCore::IDBServer::IDBServer::performGetAllDatabaseNames):
(WebCore::IDBServer::IDBServer::removeDatabasesModifiedSinceForVersion):
(WebCore::IDBServer::IDBServer::performCloseAndDeleteDatabasesModifiedSince):
(WebCore::IDBServer::IDBServer::removeDatabasesWithOriginsForVersion):
(WebCore::IDBServer::IDBServer::performCloseAndDeleteDatabasesForOrigins):
(WebCore::IDBServer::IDBServer::computeSpaceUsedForOrigin):
(WebCore::IDBServer::IDBServer::upgradeFilesIfNecessary):

  • Modules/indexeddb/server/IDBServer.h:

(WebCore::IDBServer::IDBServer::databaseDirectoryPath const):

Location:
trunk/Source/WebCore
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebCore/ChangeLog

    r248967 r248969  
     12019-08-21  Chris Dumez  <cdumez@apple.com>
     2
     3        Crash under StringImpl::~StringImpl() in IDBServer::computeSpaceUsedForOrigin()
     4        https://bugs.webkit.org/show_bug.cgi?id=200989
     5        <rdar://problem/54565546>
     6
     7        Reviewed by Alex Christensen.
     8
     9        Make sure we call isolatedCopy() on IDBServer::m_databaseDirectoryPath before using it from
     10        background threads.
     11
     12        * Modules/indexeddb/server/IDBServer.cpp:
     13        (WebCore::IDBServer::IDBServer::createBackingStore):
     14        (WebCore::IDBServer::IDBServer::performGetAllDatabaseNames):
     15        (WebCore::IDBServer::IDBServer::removeDatabasesModifiedSinceForVersion):
     16        (WebCore::IDBServer::IDBServer::performCloseAndDeleteDatabasesModifiedSince):
     17        (WebCore::IDBServer::IDBServer::removeDatabasesWithOriginsForVersion):
     18        (WebCore::IDBServer::IDBServer::performCloseAndDeleteDatabasesForOrigins):
     19        (WebCore::IDBServer::IDBServer::computeSpaceUsedForOrigin):
     20        (WebCore::IDBServer::IDBServer::upgradeFilesIfNecessary):
     21        * Modules/indexeddb/server/IDBServer.h:
     22        (WebCore::IDBServer::IDBServer::databaseDirectoryPath const):
     23
    1242019-08-21  Chris Dumez  <cdumez@apple.com>
    225
  • trunk/Source/WebCore/Modules/indexeddb/server/IDBServer.cpp

    r248856 r248969  
    133133    ASSERT(!isMainThread());
    134134
    135     if (m_databaseDirectoryPath.isEmpty())
     135    auto databaseDirectoryPath = this->databaseDirectoryPath();
     136    if (databaseDirectoryPath.isEmpty())
    136137        return MemoryIDBBackingStore::create(m_sessionID, identifier);
    137138
    138     return makeUnique<SQLiteIDBBackingStore>(m_sessionID, identifier, m_databaseDirectoryPath, m_backingStoreTemporaryFileHandler);
     139    return makeUnique<SQLiteIDBBackingStore>(m_sessionID, identifier, databaseDirectoryPath, m_backingStoreTemporaryFileHandler);
    139140}
    140141
     
    467468void IDBServer::performGetAllDatabaseNames(uint64_t serverConnectionIdentifier, const SecurityOriginData& mainFrameOrigin, const SecurityOriginData& openingOrigin, uint64_t callbackID)
    468469{
    469     String oldDirectory = IDBDatabaseIdentifier::databaseDirectoryRelativeToRoot(mainFrameOrigin, openingOrigin, m_databaseDirectoryPath, "v0");
     470    auto databaseDirectoryPath = this->databaseDirectoryPath();
     471    String oldDirectory = IDBDatabaseIdentifier::databaseDirectoryRelativeToRoot(mainFrameOrigin, openingOrigin, databaseDirectoryPath, "v0");
    470472    Vector<String> files = FileSystem::listDirectory(oldDirectory, "*"_s);
    471473    Vector<String> databases;
     
    475477    }
    476478
    477     String directory = IDBDatabaseIdentifier::databaseDirectoryRelativeToRoot(mainFrameOrigin, openingOrigin, m_databaseDirectoryPath, "v1");
     479    String directory = IDBDatabaseIdentifier::databaseDirectoryRelativeToRoot(mainFrameOrigin, openingOrigin, databaseDirectoryPath, "v1");
    478480    files = FileSystem::listDirectory(directory, "*"_s);
    479481    for (auto& file : files) {
     
    640642void IDBServer::removeDatabasesModifiedSinceForVersion(WallTime modifiedSince, const String& version)
    641643{
    642     String versionPath = FileSystem::pathByAppendingComponent(m_databaseDirectoryPath, version);
     644    String versionPath = FileSystem::pathByAppendingComponent(databaseDirectoryPath(), version);
    643645    for (auto& originPath : FileSystem::listDirectory(versionPath, "*")) {
    644646        String databaseIdentifier = FileSystem::lastComponentOfPathIgnoringTrailingSlash(originPath);
     
    650652void IDBServer::performCloseAndDeleteDatabasesModifiedSince(WallTime modifiedSince, uint64_t callbackID)
    651653{
    652     if (!m_databaseDirectoryPath.isEmpty()) {
     654    if (!databaseDirectoryPath().isEmpty()) {
    653655        removeDatabasesModifiedSinceForVersion(modifiedSince, "v0");
    654656        removeDatabasesModifiedSinceForVersion(modifiedSince, "v1");
     
    660662void IDBServer::removeDatabasesWithOriginsForVersion(const Vector<SecurityOriginData> &origins, const String& version)
    661663{
    662     String versionPath = FileSystem::pathByAppendingComponent(m_databaseDirectoryPath, version);
     664    String versionPath = FileSystem::pathByAppendingComponent(databaseDirectoryPath(), version);
    663665    for (const auto& origin : origins) {
    664666        String originPath = FileSystem::pathByAppendingComponent(versionPath, origin.databaseIdentifier());
     
    674676void IDBServer::performCloseAndDeleteDatabasesForOrigins(const Vector<SecurityOriginData>& origins, uint64_t callbackID)
    675677{
    676     if (!m_databaseDirectoryPath.isEmpty()) {
     678    if (!databaseDirectoryPath().isEmpty()) {
    677679        removeDatabasesWithOriginsForVersion(origins, "v0");
    678680        removeDatabasesWithOriginsForVersion(origins, "v1");
     
    768770    ASSERT(!isMainThread());
    769771
    770     auto oldVersionOriginDirectory = IDBDatabaseIdentifier::databaseDirectoryRelativeToRoot(origin.topOrigin, origin.clientOrigin, m_databaseDirectoryPath, "v0");
    771     auto newVersionOriginDirectory = IDBDatabaseIdentifier::databaseDirectoryRelativeToRoot(origin.topOrigin, origin.clientOrigin, m_databaseDirectoryPath, "v1");
     772    auto databaseDirectoryPath = this->databaseDirectoryPath();
     773    auto oldVersionOriginDirectory = IDBDatabaseIdentifier::databaseDirectoryRelativeToRoot(origin.topOrigin, origin.clientOrigin, databaseDirectoryPath, "v0");
     774    auto newVersionOriginDirectory = IDBDatabaseIdentifier::databaseDirectoryRelativeToRoot(origin.topOrigin, origin.clientOrigin, databaseDirectoryPath, "v1");
    772775    auto size = SQLiteIDBBackingStore::databasesSizeForFolder(oldVersionOriginDirectory) + SQLiteIDBBackingStore::databasesSizeForFolder(newVersionOriginDirectory);
    773776
     
    814817void IDBServer::upgradeFilesIfNecessary()
    815818{
    816     if (m_databaseDirectoryPath.isEmpty() || !FileSystem::fileExists(m_databaseDirectoryPath))
    817         return;
    818 
    819     String newVersionDirectory = FileSystem::pathByAppendingComponent(m_databaseDirectoryPath, "v1");
     819    auto databaseDirectoryPath = this->databaseDirectoryPath();
     820    if (databaseDirectoryPath.isEmpty() || !FileSystem::fileExists(databaseDirectoryPath))
     821        return;
     822
     823    String newVersionDirectory = FileSystem::pathByAppendingComponent(databaseDirectoryPath, "v1");
    820824    if (!FileSystem::fileExists(newVersionDirectory))
    821825        FileSystem::makeAllDirectories(newVersionDirectory);
  • trunk/Source/WebCore/Modules/indexeddb/server/IDBServer.h

    r248856 r248969  
    130130
    131131    UniqueIDBDatabase& getOrCreateUniqueIDBDatabase(const IDBDatabaseIdentifier&);
     132   
     133    String databaseDirectoryPath() const { return m_databaseDirectoryPath.isolatedCopy(); }
    132134
    133135    void performGetAllDatabaseNames(uint64_t serverConnectionIdentifier, const SecurityOriginData& mainFrameOrigin, const SecurityOriginData& openingOrigin, uint64_t callbackID);
Note: See TracChangeset for help on using the changeset viewer.