REGRESSION(r239887): Crash under IDBConnectionToClient::didDeleteDatabase(WebCore...
authorsihui_liu@apple.com <sihui_liu@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 8 Feb 2019 00:45:34 +0000 (00:45 +0000)
committersihui_liu@apple.com <sihui_liu@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 8 Feb 2019 00:45:34 +0000 (00:45 +0000)
https://bugs.webkit.org/show_bug.cgi?id=194402
<rdar://problem/47858241>

Reviewed by Geoffrey Garen.

r239887 removed a reference cycle of IDBConnectionToClient so that IDBConnectionToClient would no longer be
around forever. Therefore, ServerOpenRequest should keep a reference to IDBConnectionToClient to make sure it
is valid during access.

* Modules/indexeddb/server/ServerOpenDBRequest.cpp:
(WebCore::IDBServer::ServerOpenDBRequest::maybeNotifyRequestBlocked):
(WebCore::IDBServer::ServerOpenDBRequest::notifyDidDeleteDatabase):
* Modules/indexeddb/server/ServerOpenDBRequest.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@241170 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/Modules/indexeddb/server/ServerOpenDBRequest.cpp
Source/WebCore/Modules/indexeddb/server/ServerOpenDBRequest.h

index c8e4288..8f02883 100644 (file)
@@ -1,3 +1,20 @@
+2019-02-07  Sihui Liu  <sihui_liu@apple.com>
+
+        REGRESSION(r239887): Crash under IDBConnectionToClient::didDeleteDatabase(WebCore::IDBResultData const&)
+        https://bugs.webkit.org/show_bug.cgi?id=194402
+        <rdar://problem/47858241>
+
+        Reviewed by Geoffrey Garen.
+
+        r239887 removed a reference cycle of IDBConnectionToClient so that IDBConnectionToClient would no longer be
+        around forever. Therefore, ServerOpenRequest should keep a reference to IDBConnectionToClient to make sure it
+        is valid during access.
+
+        * Modules/indexeddb/server/ServerOpenDBRequest.cpp:
+        (WebCore::IDBServer::ServerOpenDBRequest::maybeNotifyRequestBlocked):
+        (WebCore::IDBServer::ServerOpenDBRequest::notifyDidDeleteDatabase):
+        * Modules/indexeddb/server/ServerOpenDBRequest.h:
+
 2019-02-07  Timothy Hatcher  <timothy@apple.com>
 
         Overflow element scrollbar is light for dark mode content.
index 403b4d4..f183c31 100644 (file)
@@ -60,7 +60,7 @@ void ServerOpenDBRequest::maybeNotifyRequestBlocked(uint64_t currentVersion)
         return;
 
     uint64_t requestedVersion = isOpenRequest() ?  m_requestData.requestedVersion() : 0;
-    m_connection.notifyOpenDBRequestBlocked(m_requestData.requestIdentifier(), currentVersion, requestedVersion);
+    m_connection->notifyOpenDBRequestBlocked(m_requestData.requestIdentifier(), currentVersion, requestedVersion);
 
     m_notifiedBlocked = true;
 }
@@ -69,7 +69,7 @@ void ServerOpenDBRequest::notifyDidDeleteDatabase(const IDBDatabaseInfo& info)
 {
     ASSERT(isDeleteRequest());
 
-    m_connection.didDeleteDatabase(IDBResultData::deleteDatabaseSuccess(m_requestData.requestIdentifier(), info));
+    m_connection->didDeleteDatabase(IDBResultData::deleteDatabaseSuccess(m_requestData.requestIdentifier(), info));
 }
 
 void ServerOpenDBRequest::notifiedConnectionsOfVersionChange(HashSet<uint64_t>&& connectionIdentifiers)
index 349c8f4..ee66678 100644 (file)
@@ -63,7 +63,7 @@ public:
 private:
     ServerOpenDBRequest(IDBConnectionToClient&, const IDBRequestData&);
 
-    IDBConnectionToClient& m_connection;
+    Ref<IDBConnectionToClient> m_connection;
     IDBRequestData m_requestData;
 
     bool m_notifiedBlocked { false };