Modern IDB: Possible crash deallocating IDBDatabaseInfo/IDBObjectStoreInfo/IDBIndexInfo.
authorbeidson@apple.com <beidson@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 1 Mar 2016 19:41:46 +0000 (19:41 +0000)
committerbeidson@apple.com <beidson@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 1 Mar 2016 19:41:46 +0000 (19:41 +0000)
https://bugs.webkit.org/show_bug.cgi?id=154860

Reviewed by Alex Christensen.

Covered by existing tests.

* Modules/indexeddb/shared/IDBDatabaseInfo.cpp:
(WebCore::IDBDatabaseInfo::IDBDatabaseInfo):
(WebCore::IDBDatabaseInfo::isolatedCopy):
* Modules/indexeddb/shared/IDBDatabaseInfo.h:

* Modules/indexeddb/shared/IDBTransactionInfo.cpp:
(WebCore::IDBTransactionInfo::isolatedCopy): If there's an IDBDatabaseInfo to copy,  that
  copy needs to be isolated.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197405 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/Modules/indexeddb/shared/IDBDatabaseInfo.cpp
Source/WebCore/Modules/indexeddb/shared/IDBDatabaseInfo.h
Source/WebCore/Modules/indexeddb/shared/IDBTransactionInfo.cpp

index 18df2a5..dbd6206 100644 (file)
@@ -1,3 +1,21 @@
+2016-03-01  Brady Eidson  <beidson@apple.com>
+
+        Modern IDB: Possible crash deallocating IDBDatabaseInfo/IDBObjectStoreInfo/IDBIndexInfo.
+        https://bugs.webkit.org/show_bug.cgi?id=154860
+
+        Reviewed by Alex Christensen.
+
+        Covered by existing tests.
+
+        * Modules/indexeddb/shared/IDBDatabaseInfo.cpp:
+        (WebCore::IDBDatabaseInfo::IDBDatabaseInfo):
+        (WebCore::IDBDatabaseInfo::isolatedCopy):
+        * Modules/indexeddb/shared/IDBDatabaseInfo.h:
+
+        * Modules/indexeddb/shared/IDBTransactionInfo.cpp:
+        (WebCore::IDBTransactionInfo::isolatedCopy): If there's an IDBDatabaseInfo to copy,  that
+          copy needs to be isolated.
+
 2016-03-01  Tim Horton  <timothy_horton@apple.com>
 
         Expose MediaElement and VideoElement to the Objective-C DOM bindings
index 7cdb91e..23ce920 100644 (file)
@@ -40,18 +40,18 @@ IDBDatabaseInfo::IDBDatabaseInfo(const String& name, uint64_t version)
 {
 }
 
-IDBDatabaseInfo IDBDatabaseInfo::isolatedCopy() const
+IDBDatabaseInfo::IDBDatabaseInfo(const IDBDatabaseInfo& other, IsolatedCopyTag)
+    : m_name(other.m_name.isolatedCopy())
+    , m_version(other.m_version)
+    , m_maxObjectStoreID(other.m_maxObjectStoreID)
 {
-    IDBDatabaseInfo info;
-
-    info.m_name = m_name.isolatedCopy();
-    info.m_version = m_version;
-    info.m_maxObjectStoreID = m_maxObjectStoreID;
-
-    for (auto entry : m_objectStoreMap)
-        info.m_objectStoreMap.set(entry.key, entry.value.isolatedCopy());
+    for (auto entry : other.m_objectStoreMap)
+        m_objectStoreMap.set(entry.key, entry.value.isolatedCopy());
+}
 
-    return info;
+IDBDatabaseInfo IDBDatabaseInfo::isolatedCopy() const
+{
+    return { *this, IDBDatabaseInfo::IsolatedCopy };
 }
 
 bool IDBDatabaseInfo::hasObjectStore(const String& name) const
index f1eaec9..cd7f9cd 100644 (file)
@@ -39,6 +39,9 @@ class IDBDatabaseInfo {
 public:
     IDBDatabaseInfo(const String& name, uint64_t version);
 
+    enum IsolatedCopyTag { IsolatedCopy };
+    IDBDatabaseInfo(const IDBDatabaseInfo&, IsolatedCopyTag);
+
     IDBDatabaseInfo isolatedCopy() const;
 
     const String& name() const { return m_name; }
index f448e95..16a52e4 100644 (file)
@@ -81,7 +81,7 @@ IDBTransactionInfo IDBTransactionInfo::isolatedCopy() const
         result.m_objectStores.uncheckedAppend(objectStore.isolatedCopy());
 
     if (m_originalDatabaseInfo)
-        result.m_originalDatabaseInfo = std::make_unique<IDBDatabaseInfo>(*m_originalDatabaseInfo);
+        result.m_originalDatabaseInfo = std::make_unique<IDBDatabaseInfo>(*m_originalDatabaseInfo, IDBDatabaseInfo::IsolatedCopy);
 
     return result;
 }