[webkit-changes] [244027] trunk/Source/WebCore

[youenn]

Title: [244027] trunk/Source/WebCore

Revision

244027

Author

you...@apple.com

Date

2019-04-08 10:29:51 -0700 (Mon, 08 Apr 2019)

Log Message

Make sure UniqueIDBDatabaseConnection unregisters itself even if its database is gone
https://bugs.webkit.org/show_bug.cgi?id=196651

Reviewed by Brady Eidson.

In UniqueIDBDatabase methods, many operations are refing the transaction
so that it stays alive until a quota check decision is made.
This extends the lifetime of the transaction which may be lasting
longer than its database that may be cleared without waiting for the quota check decisions.

We therefore need to make sure that the transaction is cleaning itself correctly at destruction time.

Make sure that the transaction is unregistering itself from its IDBServer.
To do so, the transaction keeps a weak ref to the IDBServer.

This is timing sensitive hence difficult to test.

* Modules/indexeddb/server/IDBServer.h:
* Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp:
(WebCore::IDBServer::UniqueIDBDatabaseConnection::didAbortTransaction):
Like done below for UniqueIDBDatabaseConnection::didCommitTransaction,
add a check to ensure that either the database is we are in an error case.
* Modules/indexeddb/server/UniqueIDBDatabaseTransaction.cpp:
(WebCore::IDBServer::UniqueIDBDatabaseTransaction::UniqueIDBDatabaseTransaction):
(WebCore::IDBServer::UniqueIDBDatabaseTransaction::~UniqueIDBDatabaseTransaction):
* Modules/indexeddb/server/UniqueIDBDatabaseTransaction.h:

Modified Paths

• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/Modules/indexeddb/server/IDBServer.h
• trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp
• trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseTransaction.cpp
• trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseTransaction.h

Diff

Modified: trunk/Source/WebCore/ChangeLog (244026 => 244027)

--- trunk/Source/WebCore/ChangeLog	2019-04-08 17:29:05 UTC (rev 244026)
+++ trunk/Source/WebCore/ChangeLog	2019-04-08 17:29:51 UTC (rev 244027)
@@ -1,3 +1,32 @@
+2019-04-08  Youenn Fablet  <you...@apple.com>
+
+        Make sure UniqueIDBDatabaseConnection unregisters itself even if its database is gone
+        https://bugs.webkit.org/show_bug.cgi?id=196651
+
+        Reviewed by Brady Eidson.
+
+        In UniqueIDBDatabase methods, many operations are refing the transaction
+        so that it stays alive until a quota check decision is made.
+        This extends the lifetime of the transaction which may be lasting
+        longer than its database that may be cleared without waiting for the quota check decisions.
+
+        We therefore need to make sure that the transaction is cleaning itself correctly at destruction time.
+
+        Make sure that the transaction is unregistering itself from its IDBServer.
+        To do so, the transaction keeps a weak ref to the IDBServer.
+
+        This is timing sensitive hence difficult to test.
+
+        * Modules/indexeddb/server/IDBServer.h:
+        * Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp:
+        (WebCore::IDBServer::UniqueIDBDatabaseConnection::didAbortTransaction):
+        Like done below for UniqueIDBDatabaseConnection::didCommitTransaction,
+        add a check to ensure that either the database is we are in an error case.
+        * Modules/indexeddb/server/UniqueIDBDatabaseTransaction.cpp:
+        (WebCore::IDBServer::UniqueIDBDatabaseTransaction::UniqueIDBDatabaseTransaction):
+        (WebCore::IDBServer::UniqueIDBDatabaseTransaction::~UniqueIDBDatabaseTransaction):
+        * Modules/indexeddb/server/UniqueIDBDatabaseTransaction.h:
+
 2019-04-08  Christopher Reid  <chris.r...@sony.com>
 
         Undefined Behavior: m_experimentalImageMenuEnabled isn't initialized in HTMLImageElement when SERVICE_CONTROLS is disabled

Modified: trunk/Source/WebCore/Modules/indexeddb/server/IDBServer.h (244026 => 244027)

--- trunk/Source/WebCore/Modules/indexeddb/server/IDBServer.h	2019-04-08 17:29:05 UTC (rev 244026)
+++ trunk/Source/WebCore/Modules/indexeddb/server/IDBServer.h	2019-04-08 17:29:51 UTC (rev 244027)
@@ -41,6 +41,7 @@
 #include <wtf/Ref.h>
 #include <wtf/RefCounted.h>
 #include <wtf/RefPtr.h>
+#include <wtf/WeakPtr.h>
 
 namespace WebCore {
 
@@ -57,7 +58,7 @@
 
 class IDBBackingStoreTemporaryFileHandler;
 
-class IDBServer : public RefCounted<IDBServer>, public CrossThreadTaskHandler {
+class IDBServer : public RefCounted<IDBServer>, public CrossThreadTaskHandler, public CanMakeWeakPtr<IDBServer> {
 public:
     using QuotaManagerGetter = WTF::Function<StorageQuotaManager*(PAL::SessionID, const ClientOrigin&)>;
     static Ref<IDBServer> create(PAL::SessionID, IDBBackingStoreTemporaryFileHandler&, QuotaManagerGetter&&, WTF::Function<void(bool)>&& isClosingDatabaseCallback = [](bool) { });

Modified: trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp (244026 => 244027)

--- trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp	2019-04-08 17:29:05 UTC (rev 244026)
+++ trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp	2019-04-08 17:29:51 UTC (rev 244027)
@@ -169,8 +169,7 @@
     auto transactionIdentifier = transaction.info().identifier();
     auto takenTransaction = m_transactionMap.take(transactionIdentifier);
 
-    ASSERT(m_database);
-    ASSERT(takenTransaction || m_database->hardClosedForUserDelete());
+    ASSERT(takenTransaction || (!m_database && !error.isNull()) || (m_database && m_database->hardClosedForUserDelete()));
     if (takenTransaction)
         m_connectionToClient->didAbortTransaction(transactionIdentifier, error);
 }

Modified: trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseTransaction.cpp (244026 => 244027)

--- trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseTransaction.cpp	2019-04-08 17:29:05 UTC (rev 244026)
+++ trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseTransaction.cpp	2019-04-08 17:29:51 UTC (rev 244027)
@@ -53,17 +53,18 @@
     if (m_transactionInfo.mode() == IDBTransactionMode::Versionchange)
         m_originalDatabaseInfo = std::make_unique<IDBDatabaseInfo>(database->info());
 
-    database->server().registerTransaction(*this);
+    auto& server = database->server();
+    m_server = makeWeakPtr(server);
+    server.registerTransaction(*this);
 }
 
 UniqueIDBDatabaseTransaction::~UniqueIDBDatabaseTransaction()
 {
-    auto database = m_databaseConnection->database();
-    if (!database)
-        return;
+    if (auto database = m_databaseConnection->database())
+        database->transactionDestroyed(*this);
 
-    database->transactionDestroyed(*this);
-    database->server().unregisterTransaction(*this);
+    if (m_server)
+        m_server->unregisterTransaction(*this);
 }
 
 IDBDatabaseInfo* UniqueIDBDatabaseTransaction::originalDatabaseInfo() const

Modified: trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseTransaction.h (244026 => 244027)

--- trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseTransaction.h	2019-04-08 17:29:05 UTC (rev 244026)
+++ trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseTransaction.h	2019-04-08 17:29:51 UTC (rev 244027)
@@ -50,6 +50,7 @@
 
 namespace IDBServer {
 
+class IDBServer;
 class UniqueIDBDatabaseConnection;
 
 class UniqueIDBDatabaseTransaction : public RefCounted<UniqueIDBDatabaseTransaction> {
@@ -93,6 +94,7 @@
 
     Ref<UniqueIDBDatabaseConnection> m_databaseConnection;
     IDBTransactionInfo m_transactionInfo;
+    WeakPtr<IDBServer> m_server;
 
     std::unique_ptr<IDBDatabaseInfo> m_originalDatabaseInfo;
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes