Regression(r204239): Caused flaky crashes under ~Database()
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 8 Aug 2016 19:39:36 +0000 (19:39 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 8 Aug 2016 19:39:36 +0000 (19:39 +0000)
https://bugs.webkit.org/show_bug.cgi?id=160665
<rdar://problem/27748065>

Reviewed by Brady Eidson.

Make sure the scriptExecution context only gets ref'd / deref'd
on the context thread. Document / WorkerGlobalScope are not
ThreadSafeRefCounted.

No new tests, already covered by:
storage/websql/open-database-creation-callback.html

* Modules/webdatabase/Database.cpp:
(WebCore::Database::~Database):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@204262 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/Modules/webdatabase/Database.cpp

index 0879da6..0b2b1b5 100644 (file)
@@ -1,3 +1,21 @@
+2016-08-08  Chris Dumez  <cdumez@apple.com>
+
+        Regression(r204239): Caused flaky crashes under ~Database()
+        https://bugs.webkit.org/show_bug.cgi?id=160665
+        <rdar://problem/27748065>
+
+        Reviewed by Brady Eidson.
+
+        Make sure the scriptExecution context only gets ref'd / deref'd
+        on the context thread. Document / WorkerGlobalScope are not
+        ThreadSafeRefCounted.
+
+        No new tests, already covered by:
+        storage/websql/open-database-creation-callback.html
+
+        * Modules/webdatabase/Database.cpp:
+        (WebCore::Database::~Database):
+
 2016-08-08  John Wilander  <wilander@apple.com>
 
         Don't set document.domain to an IP address fragment
index 1316f1d..b8103f1 100644 (file)
@@ -243,12 +243,10 @@ Database::~Database()
 {
     // The reference to the ScriptExecutionContext needs to be cleared on the JavaScript thread.  If we're on that thread already, we can just let the RefPtr's destruction do the dereffing.
     if (!m_scriptExecutionContext->isContextThread()) {
-        // Grab a pointer to the script execution here because we're releasing it when we pass it to
-        // DerefContextTask::create.
-        RefPtr<ScriptExecutionContext> passedContext = WTFMove(m_scriptExecutionContext);
-        passedContext->postTask({ScriptExecutionContext::Task::CleanupTask, [passedContext] (ScriptExecutionContext& context) {
-            ASSERT_UNUSED(context, &context == passedContext);
-            RefPtr<ScriptExecutionContext> scriptExecutionContext(passedContext);
+        Ref<ScriptExecutionContext> passedContext = m_scriptExecutionContext.releaseNonNull();
+        auto& contextRef = passedContext.get();
+        contextRef.postTask({ScriptExecutionContext::Task::CleanupTask, [passedContext = WTFMove(passedContext)] (ScriptExecutionContext& context) {
+            ASSERT_UNUSED(context, &context == passedContext.ptr());
         }});
     }