IndexedDB: UniqueIDBDatabase should not be freed if the database task queue is not...
authorsihui_liu@apple.com <sihui_liu@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 16 Jan 2019 23:52:36 +0000 (23:52 +0000)
committersihui_liu@apple.com <sihui_liu@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 16 Jan 2019 23:52:36 +0000 (23:52 +0000)
https://bugs.webkit.org/show_bug.cgi?id=193093

Reviewed by Brady Eidson.

performUnconditionalDeleteBackingStore killed the database task queue immediately, but performPrefetchCursor
task may be scheduled behind performUnconditionalDeleteBackingStore on database thread.

* Modules/indexeddb/server/UniqueIDBDatabase.cpp:
(WebCore::IDBServer::UniqueIDBDatabase::shutdownForClose):
(WebCore::IDBServer::UniqueIDBDatabase::performPrefetchCursor):
(WebCore::IDBServer::UniqueIDBDatabase::isDoneWithHardClose):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@240090 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp

index 9ef8e48..674a200 100644 (file)
@@ -1,3 +1,18 @@
+2019-01-16  Sihui Liu  <sihui_liu@apple.com>
+
+        IndexedDB: UniqueIDBDatabase should not be freed if the database task queue is not empty.
+        https://bugs.webkit.org/show_bug.cgi?id=193093
+
+        Reviewed by Brady Eidson.
+
+        performUnconditionalDeleteBackingStore killed the database task queue immediately, but performPrefetchCursor
+        task may be scheduled behind performUnconditionalDeleteBackingStore on database thread.
+
+        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
+        (WebCore::IDBServer::UniqueIDBDatabase::shutdownForClose):
+        (WebCore::IDBServer::UniqueIDBDatabase::performPrefetchCursor):
+        (WebCore::IDBServer::UniqueIDBDatabase::isDoneWithHardClose):
+
 2019-01-16  Alex Christensen  <achristensen@webkit.org>
 
         Internal build fix.
index 7ce94ba..238320d 100644 (file)
@@ -292,7 +292,10 @@ void UniqueIDBDatabase::shutdownForClose()
     m_backingStoreSupportsSimultaneousTransactions = false;
     m_backingStoreIsEphemeral = false;
 
-    ASSERT(m_databaseQueue.isEmpty());
+    if (!m_databaseQueue.isEmpty()) {
+        postDatabaseTask(createCrossThreadTask(*this, &UniqueIDBDatabase::shutdownForClose));
+        return;
+    }
     m_databaseQueue.kill();
 
     postDatabaseTaskReply(createCrossThreadTask(*this, &UniqueIDBDatabase::didShutdownForClose));
@@ -1271,10 +1274,10 @@ void UniqueIDBDatabase::performPrefetchCursor(const IDBResourceIdentifier& trans
     ASSERT(m_cursorPrefetches.contains(cursorIdentifier));
     LOG(IndexedDB, "(db) UniqueIDBDatabase::performPrefetchCursor");
 
-    if (m_backingStore->prefetchCursor(transactionIdentifier, cursorIdentifier))
-        postDatabaseTask(createCrossThreadTask(*this, &UniqueIDBDatabase::performPrefetchCursor, transactionIdentifier, cursorIdentifier));
-    else
+    if (m_hardClosedForUserDelete || !m_backingStore->prefetchCursor(transactionIdentifier, cursorIdentifier))
         m_cursorPrefetches.remove(cursorIdentifier);
+    else
+        postDatabaseTask(createCrossThreadTask(*this, &UniqueIDBDatabase::performPrefetchCursor, transactionIdentifier, cursorIdentifier));
 }
 
 void UniqueIDBDatabase::didPerformIterateCursor(uint64_t callbackIdentifier, const IDBError& error, const IDBGetResult& result)
@@ -1784,7 +1787,7 @@ void UniqueIDBDatabase::maybeFinishHardClose()
 
 bool UniqueIDBDatabase::isDoneWithHardClose()
 {
-    return m_databaseQueue.isKilled() && m_clientClosePendingDatabaseConnections.isEmpty() && m_serverClosePendingDatabaseConnections.isEmpty();
+    return m_databaseReplyQueue.isKilled() && m_clientClosePendingDatabaseConnections.isEmpty() && m_serverClosePendingDatabaseConnections.isEmpty();
 }
 
 static void errorOpenDBRequestForUserDelete(ServerOpenDBRequest& request)