Modified: trunk/Source/WebCore/ChangeLog (259089 => 259090)
--- trunk/Source/WebCore/ChangeLog 2020-03-26 23:06:30 UTC (rev 259089)
+++ trunk/Source/WebCore/ChangeLog 2020-03-26 23:09:59 UTC (rev 259090)
@@ -1,3 +1,27 @@
+2020-03-26 Sihui Liu <sihui_...@apple.com>
+
+ REGRESSION(r259034): access to null UniqueIDBDatabase in UniqueIDBDatabaseConnection::~UniqueIDBDatabaseConnection()
+ https://bugs.webkit.org/show_bug.cgi?id=209618
+ <rdar://problem/60919105>
+
+ Reviewed by Geoffrey Garen.
+
+ It's possible UniqueIDBDatabase is destroyed before UniqueIDBDatabaseConnection in
+ UniqueIDBDatabase::connectionClosedFromClient, so it's better not access
+ UniqueIDBDatabase in ~UniqueIDBDatabaseConnection() and let UniqueIDBDatabaseConnection have a IDBServer member.
+
+ * Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp:
+ (WebCore::IDBServer::UniqueIDBDatabaseConnection::UniqueIDBDatabaseConnection):
+ (WebCore::IDBServer::UniqueIDBDatabaseConnection::~UniqueIDBDatabaseConnection):
+ (WebCore::IDBServer::UniqueIDBDatabaseConnection::abortTransactionWithoutCallback):
+ (WebCore::IDBServer::UniqueIDBDatabaseConnection::connectionClosedFromClient):
+ (WebCore::IDBServer::UniqueIDBDatabaseConnection::didFireVersionChangeEvent):
+ (WebCore::IDBServer::UniqueIDBDatabaseConnection::didFinishHandlingVersionChange):
+ (WebCore::IDBServer::UniqueIDBDatabaseConnection::establishTransaction):
+ * Modules/indexeddb/server/UniqueIDBDatabaseConnection.h:
+ (WebCore::IDBServer::UniqueIDBDatabaseConnection::database):
+ (WebCore::IDBServer::UniqueIDBDatabaseConnection::server):
+
2020-03-26 Daniel Bates <daba...@apple.com>
Remove hitTestOrder from ElementContext as it is no longer need
Modified: trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp (259089 => 259090)
--- trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp 2020-03-26 23:06:30 UTC (rev 259089)
+++ trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp 2020-03-26 23:09:59 UTC (rev 259090)
@@ -43,11 +43,12 @@
}
UniqueIDBDatabaseConnection::UniqueIDBDatabaseConnection(UniqueIDBDatabase& database, ServerOpenDBRequest& request)
- : m_database(&database)
+ : m_database(makeWeakPtr(database))
+ , m_server(database.server())
, m_connectionToClient(request.connection())
, m_openRequestIdentifier(request.requestData().requestIdentifier())
{
- server()->registerDatabaseConnection(*this);
+ m_server.registerDatabaseConnection(*this);
m_connectionToClient->registerDatabaseConnection(*this);
}
@@ -55,7 +56,7 @@
{
ASSERT(m_transactionMap.isEmpty());
- server()->unregisterDatabaseConnection(*this);
+ m_server.unregisterDatabaseConnection(*this);
m_connectionToClient->unregisterDatabaseConnection(*this);
}
@@ -67,11 +68,10 @@
void UniqueIDBDatabaseConnection::abortTransactionWithoutCallback(UniqueIDBDatabaseTransaction& transaction)
{
ASSERT(m_transactionMap.contains(transaction.info().identifier()));
+ ASSERT(m_database);
const auto& transactionIdentifier = transaction.info().identifier();
- RefPtr<UniqueIDBDatabaseConnection> protectedThis(this);
-
- m_database->abortTransaction(transaction, [this, protectedThis, transactionIdentifier](const IDBError&) {
+ m_database->abortTransaction(transaction, [this, transactionIdentifier](const IDBError&) {
ASSERT(m_transactionMap.contains(transactionIdentifier));
m_transactionMap.remove(transactionIdentifier);
});
@@ -88,6 +88,7 @@
{
LOG(IndexedDB, "UniqueIDBDatabaseConnection::connectionClosedFromClient - %s - %" PRIu64, m_openRequestIdentifier.loggingString().utf8().data(), identifier());
+ ASSERT(m_database);
m_database->connectionClosedFromClient(*this);
}
@@ -95,6 +96,7 @@
{
LOG(IndexedDB, "UniqueIDBDatabaseConnection::didFireVersionChangeEvent - %s - %" PRIu64, m_openRequestIdentifier.loggingString().utf8().data(), identifier());
+ ASSERT(m_database);
m_database->didFireVersionChangeEvent(*this, requestIdentifier, connectionClosed);
}
@@ -102,6 +104,7 @@
{
LOG(IndexedDB, "UniqueIDBDatabaseConnection::didFinishHandlingVersionChange - %s - %" PRIu64, transactionIdentifier.loggingString().utf8().data(), identifier());
+ ASSERT(m_database);
m_database->didFinishHandlingVersionChange(*this, transactionIdentifier);
}
@@ -137,6 +140,7 @@
Ref<UniqueIDBDatabaseTransaction> transaction = UniqueIDBDatabaseTransaction::create(*this, info);
m_transactionMap.set(transaction->info().identifier(), &transaction.get());
+ ASSERT(m_database);
m_database->enqueueTransaction(WTFMove(transaction));
}
Modified: trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseConnection.h (259089 => 259090)
--- trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseConnection.h 2020-03-26 23:06:30 UTC (rev 259089)
+++ trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseConnection.h 2020-03-26 23:09:59 UTC (rev 259090)
@@ -53,8 +53,8 @@
~UniqueIDBDatabaseConnection();
const IDBResourceIdentifier& openRequestIdentifier() { return m_openRequestIdentifier; }
- UniqueIDBDatabase* database() { return m_database; }
- IDBServer* server() { return &m_database->server(); }
+ UniqueIDBDatabase* database() { return m_database.get(); }
+ IDBServer* server() { return &m_server; }
IDBConnectionToClient& connectionToClient() { return m_connectionToClient; }
void connectionPendingCloseFromClient();
@@ -89,7 +89,8 @@
private:
UniqueIDBDatabaseConnection(UniqueIDBDatabase&, ServerOpenDBRequest&);
- UniqueIDBDatabase* m_database;
+ WeakPtr<UniqueIDBDatabase> m_database;
+ IDBServer& m_server;
Ref<IDBConnectionToClient> m_connectionToClient;
IDBResourceIdentifier m_openRequestIdentifier;
