WebKit Bugzilla
Attachment 362455 Details for
Bug 194843
: Crash under IDBServer::IDBConnectionToClient::identifier() const
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-194843-20190219171158.patch (text/plain), 4.74 KB, created by
Sihui Liu
on 2019-02-19 17:11:58 PST
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Sihui Liu
Created:
2019-02-19 17:11:58 PST
Size:
4.74 KB
patch
obsolete
>Subversion Revision: 241761 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index a6da53fe8e04ad79dd06c117c410a040b2b97e76..8991071a84574360f8abae7004f39c7b7200e775 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,22 @@ >+2019-02-19 Sihui Liu <sihui_liu@apple.com> >+ >+ Crash under IDBServer::IDBConnectionToClient::identifier() const >+ https://bugs.webkit.org/show_bug.cgi?id=194843 >+ <rdar://problem/48203102> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ When network process loses its conenction to web process, we should cancel the request from that connection, >+ otherwise UniqueIDBDatabase would try to complete the request and crash on requiring identifier from >+ non-existent connection. >+ >+ * Modules/indexeddb/server/UniqueIDBDatabase.cpp: >+ (WebCore::IDBServer::UniqueIDBDatabase::openDBRequestCancelled): >+ (WebCore::IDBServer::UniqueIDBDatabase::cancelRequestForIdentifier): >+ * Modules/indexeddb/server/UniqueIDBDatabase.h: >+ * Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp: >+ (WebCore::IDBServer::UniqueIDBDatabaseConnection::connectionClosedFromClient): >+ > 2019-02-19 Commit Queue <commit-queue@webkit.org> > > Unreviewed, rolling out r241722. >diff --git a/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp b/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp >index 722e7e94682d3456ad71bf5ec622b1e0c4356d63..ef7b40a4ac267beef2a9b40cca43e33e83bd58c8 100644 >--- a/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp >+++ b/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp >@@ -592,8 +592,7 @@ void UniqueIDBDatabase::openDBRequestCancelled(const IDBResourceIdentifier& requ > { > LOG(IndexedDB, "UniqueIDBDatabase::openDBRequestCancelled - %s", requestIdentifier.loggingString().utf8().data()); > >- if (m_currentOpenDBRequest && m_currentOpenDBRequest->requestData().requestIdentifier() == requestIdentifier) >- m_currentOpenDBRequest = nullptr; >+ cancelRequestForIdentifier(requestIdentifier); > > if (m_versionChangeDatabaseConnection && m_versionChangeDatabaseConnection->openRequestIdentifier() == requestIdentifier) { > ASSERT(!m_versionChangeTransaction || m_versionChangeTransaction->databaseConnection().openRequestIdentifier() == requestIdentifier); >@@ -601,7 +600,13 @@ void UniqueIDBDatabase::openDBRequestCancelled(const IDBResourceIdentifier& requ > > connectionClosedFromClient(*m_versionChangeDatabaseConnection); > } >+} > >+void UniqueIDBDatabase::cancelRequestForIdentifier(const IDBResourceIdentifier& requestIdentifier) >+{ >+ if (m_currentOpenDBRequest && m_currentOpenDBRequest->requestData().requestIdentifier() == requestIdentifier) >+ m_currentOpenDBRequest = nullptr; >+ > for (auto& request : m_pendingOpenDBRequests) { > if (request->requestData().requestIdentifier() == requestIdentifier) { > m_pendingOpenDBRequests.remove(request); >diff --git a/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.h b/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.h >index 83c0c908a54e59b463a0f670da9e192554e29977..e2f0bc71c00440cc9bd55567f640d36027d10fc0 100644 >--- a/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.h >+++ b/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.h >@@ -107,6 +107,7 @@ public: > void confirmConnectionClosedOnServer(UniqueIDBDatabaseConnection&); > void didFireVersionChangeEvent(UniqueIDBDatabaseConnection&, const IDBResourceIdentifier& requestIdentifier); > void openDBRequestCancelled(const IDBResourceIdentifier& requestIdentifier); >+ void cancelRequestForIdentifier(const IDBResourceIdentifier& requestIdentifier); > void confirmDidCloseFromServer(UniqueIDBDatabaseConnection&); > > void enqueueTransaction(Ref<UniqueIDBDatabaseTransaction>&&); >diff --git a/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp b/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp >index e814fb1687aca11392b986cc8291a8fa42d0990c..f80ba8cc549016be68fc40c3924078aabe818808 100644 >--- a/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp >+++ b/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp >@@ -93,8 +93,10 @@ void UniqueIDBDatabaseConnection::connectionClosedFromClient() > LOG(IndexedDB, "UniqueIDBDatabaseConnection::connectionClosedFromClient - %s - %" PRIu64, m_openRequestIdentifier.loggingString().utf8().data(), identifier()); > > ASSERT(m_database); >- if (m_database) >+ if (m_database) { >+ m_database->cancelRequestForIdentifier(m_openRequestIdentifier); > m_database->connectionClosedFromClient(*this); >+ } > } > > void UniqueIDBDatabaseConnection::confirmDidCloseFromServer()
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=362455">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 194843
:
362455
|
362678
|
362699
|
362747
|
362765