Skip to site navigation (Press enter)

[webkit-changes] [210684] trunk/Source/WebCore

beidson Thu, 12 Jan 2017 15:49:12 -0800

Title: [210684] trunk/Source/WebCore

Revision: 210684
Author: [email protected]
Date: 2017-01-12 15:48:38 -0800 (Thu, 12 Jan 2017)

Log Message

REGRESSION (r209977): Crash in UniqueIDBDatabase::executeNextDatabaseTask.
https://bugs.webkit.org/show_bug.cgi?id=166984


Reviewed by Alex Christensen.

No new tests (Unable to reproduce, speculative fix).

* Modules/indexeddb/server/UniqueIDBDatabase.cpp:
(WebCore::IDBServer::UniqueIDBDatabase::performIterateCursor): If we're not already prefetching for this cursor,
  starting doing so after holding a protector ref.
(WebCore::IDBServer::UniqueIDBDatabase::performPrefetchCursor): If we're now done prefetching for this cursor,
  schedule the protector ref to be destroyed on the main thread.
* Modules/indexeddb/server/UniqueIDBDatabase.h:

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp
trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.h

Diff

Modified: trunk/Source/WebCore/ChangeLog (210683 => 210684)


--- trunk/Source/WebCore/ChangeLog	2017-01-12 23:45:24 UTC (rev 210683)
+++ trunk/Source/WebCore/ChangeLog	2017-01-12 23:48:38 UTC (rev 210684)
@@ -1,3 +1,19 @@
+2017-01-12  Brady Eidson  <[email protected]>
+
+        REGRESSION (r209977): Crash in UniqueIDBDatabase::executeNextDatabaseTask.
+        https://bugs.webkit.org/show_bug.cgi?id=166984
+
+        Reviewed by Alex Christensen.
+
+        No new tests (Unable to reproduce, speculative fix).
+
+        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
+        (WebCore::IDBServer::UniqueIDBDatabase::performIterateCursor): If we're not already prefetching for this cursor,
+          starting doing so after holding a protector ref.
+        (WebCore::IDBServer::UniqueIDBDatabase::performPrefetchCursor): If we're now done prefetching for this cursor,
+          schedule the protector ref to be destroyed on the main thread.
+        * Modules/indexeddb/server/UniqueIDBDatabase.h:
+
 2017-01-12  Youenn Fablet  <[email protected]>
 
         Make ApplicationCacheHost::maybeLoadSynchronously more robust

Modified: trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp (210683 => 210684)


--- trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp	2017-01-12 23:45:24 UTC (rev 210683)
+++ trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp	2017-01-12 23:48:38 UTC (rev 210684)
@@ -1233,8 +1233,13 @@
     IDBGetResult result;
     IDBError error = m_backingStore->iterateCursor(transactionIdentifier, cursorIdentifier, data, result);
 
-    if (error.isNull())
-        postDatabaseTask(createCrossThreadTask(*this, &UniqueIDBDatabase::performPrefetchCursor, transactionIdentifier, cursorIdentifier));
+    if (error.isNull()) {
+        auto addResult = m_prefetchProtectors.add(cursorIdentifier, nullptr);
+        if (addResult.isNewEntry) {
+            addResult.iterator->value = this;
+            postDatabaseTask(createCrossThreadTask(*this, &UniqueIDBDatabase::performPrefetchCursor, transactionIdentifier, cursorIdentifier));
+        }
+    }
 
     postDatabaseTaskReply(createCrossThreadTask(*this, &UniqueIDBDatabase::didPerformIterateCursor, callbackIdentifier, error, result));
 }
@@ -1242,10 +1247,13 @@
 void UniqueIDBDatabase::performPrefetchCursor(const IDBResourceIdentifier& transactionIdentifier, const IDBResourceIdentifier& cursorIdentifier)
 {
     ASSERT(!isMainThread());
+    ASSERT(m_prefetchProtectors.contains(cursorIdentifier));
     LOG(IndexedDB, "(db) UniqueIDBDatabase::performPrefetchCursor");
 
     if (m_backingStore->prefetchCursor(transactionIdentifier, cursorIdentifier))
         postDatabaseTask(createCrossThreadTask(*this, &UniqueIDBDatabase::performPrefetchCursor, transactionIdentifier, cursorIdentifier));
+    else
+        postDatabaseTaskReply(Function<void ()>([prefetchProtector = m_prefetchProtectors.take(cursorIdentifier)]() { }));
 }
 
 void UniqueIDBDatabase::didPerformIterateCursor(uint64_t callbackIdentifier, const IDBError& error, const IDBGetResult& result)

Modified: trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.h (210683 => 210684)


--- trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.h	2017-01-12 23:45:24 UTC (rev 210683)
+++ trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.h	2017-01-12 23:48:38 UTC (rev 210684)
@@ -271,6 +271,8 @@
 
     bool m_hardClosedForUserDelete { false };
     RefPtr<UniqueIDBDatabase> m_hardCloseProtector;
+
+    HashMap<IDBResourceIdentifier, RefPtr<UniqueIDBDatabase>> m_prefetchProtectors;
 };
 
 } // namespace IDBServer

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes