Modified: trunk/Source/WTF/ChangeLog (281383 => 281384)
--- trunk/Source/WTF/ChangeLog 2021-08-22 00:26:53 UTC (rev 281383)
+++ trunk/Source/WTF/ChangeLog 2021-08-22 01:33:10 UTC (rev 281384)
@@ -1,3 +1,14 @@
+2021-08-21 Sihui Liu <sihui_...@apple.com>
+
+ IndexedDB: crash when triggering IDBOpenRequest completion back on a worker thread
+ https://bugs.webkit.org/show_bug.cgi?id=229375
+
+ Protect callee in CrossThreadTask if it inherits from ThreadSafeRefCounted<T>.
+
+ Reviewed by Brady Eidson.
+
+ * wtf/CrossThreadTask.h:
+
2021-08-20 Mark Lam <mark....@apple.com>
Make ptrTagName and tagForPtr WTF_EXPORT_PRIVATE.
Modified: trunk/Source/WTF/wtf/CrossThreadTask.h (281383 => 281384)
--- trunk/Source/WTF/wtf/CrossThreadTask.h 2021-08-22 00:26:53 UTC (rev 281383)
+++ trunk/Source/WTF/wtf/CrossThreadTask.h 2021-08-22 01:33:10 UTC (rev 281384)
@@ -87,7 +87,7 @@
callMemberFunctionForCrossThreadTaskImpl(object, function, std::forward<ArgsTuple>(args), ArgsIndicies());
}
-template<typename T, typename std::enable_if<std::is_base_of<ThreadSafeRefCounted<T>, T>::value, int>::type = 0, typename... Parameters, typename... Arguments>
+template<typename T, typename std::enable_if<std::is_base_of<ThreadSafeRefCountedBase, T>::value, int>::type = 0, typename... Parameters, typename... Arguments>
CrossThreadTask createCrossThreadTask(T& callee, void (T::*method)(Parameters...), const Arguments&... arguments)
{
return CrossThreadTask([callee = makeRefPtr(&callee), method, arguments = std::make_tuple(crossThreadCopy(arguments)...)]() mutable {
@@ -95,7 +95,7 @@
});
}
-template<typename T, typename std::enable_if<!std::is_base_of<ThreadSafeRefCounted<T>, T>::value, int>::type = 0, typename... Parameters, typename... Arguments>
+template<typename T, typename std::enable_if<!std::is_base_of<ThreadSafeRefCountedBase, T>::value, int>::type = 0, typename... Parameters, typename... Arguments>
CrossThreadTask createCrossThreadTask(T& callee, void (T::*method)(Parameters...), const Arguments&... arguments)
{
return CrossThreadTask([callee = &callee, method, arguments = std::make_tuple(crossThreadCopy(arguments)...)]() mutable {
Modified: trunk/Source/WebCore/ChangeLog (281383 => 281384)
--- trunk/Source/WebCore/ChangeLog 2021-08-22 00:26:53 UTC (rev 281383)
+++ trunk/Source/WebCore/ChangeLog 2021-08-22 01:33:10 UTC (rev 281384)
@@ -1,3 +1,16 @@
+2021-08-21 Sihui Liu <sihui_...@apple.com>
+
+ IndexedDB: crash when triggering IDBOpenRequest completion back on a worker thread
+ https://bugs.webkit.org/show_bug.cgi?id=229375
+
+ Reviewed by Brady Eidson.
+
+ Client may dispatch custom events to an IDBRequest, and we should only change request state based on events
+ created internally.
+
+ * Modules/indexeddb/IDBRequest.cpp:
+ (WebCore::IDBRequest::dispatchEvent):
+
2021-08-21 Zalan Bujtas <za...@apple.com>
[IFC][Integration] Group non-standard CSS properties
Modified: trunk/Source/WebCore/Modules/indexeddb/IDBRequest.cpp (281383 => 281384)
--- trunk/Source/WebCore/Modules/indexeddb/IDBRequest.cpp 2021-08-22 00:26:53 UTC (rev 281383)
+++ trunk/Source/WebCore/Modules/indexeddb/IDBRequest.cpp 2021-08-22 01:33:10 UTC (rev 281384)
@@ -308,7 +308,8 @@
else if (m_transaction && !m_transaction->didDispatchAbortOrCommit())
targets = { this, m_transaction.get(), &m_transaction->database() };
- m_hasPendingActivity = false;
+ if (event.isTrusted())
+ m_hasPendingActivity = false;
{
TransactionActivator activator(m_transaction.get());
