Skip to site navigation (Press enter)

[webkit-changes] [281392] branches/safari-611.3.10.1-branch/Source

kocsen_chung Sat, 21 Aug 2021 23:23:03 -0700

Title: [281392] branches/safari-611.3.10.1-branch/Source

Revision: 281392
Author: kocsen_ch...@apple.com
Date: 2021-08-21 23:22:13 -0700 (Sat, 21 Aug 2021)

Log Message

Cherry-pick r281384. rdar://problem/82195071


    IndexedDB: crash when triggering IDBOpenRequest completion back on a worker thread
    https://bugs.webkit.org/show_bug.cgi?id=229375

    Source/WebCore:

    Reviewed by Brady Eidson.

    Client may dispatch custom events to an IDBRequest, and we should only change request state based on events
    created internally.

    * Modules/indexeddb/IDBRequest.cpp:
    (WebCore::IDBRequest::dispatchEvent):

    Source/WTF:

    Protect callee in CrossThreadTask if it inherits from ThreadSafeRefCounted<T>.

    Reviewed by Brady Eidson.

    * wtf/CrossThreadTask.h:

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@281384 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Modified Paths

branches/safari-611.3.10.1-branch/Source/WTF/ChangeLog
branches/safari-611.3.10.1-branch/Source/WTF/wtf/CrossThreadTask.h
branches/safari-611.3.10.1-branch/Source/WebCore/ChangeLog
branches/safari-611.3.10.1-branch/Source/WebCore/Modules/indexeddb/IDBRequest.cpp

Diff

Modified: branches/safari-611.3.10.1-branch/Source/WTF/ChangeLog (281391 => 281392)


--- branches/safari-611.3.10.1-branch/Source/WTF/ChangeLog	2021-08-22 05:52:17 UTC (rev 281391)
+++ branches/safari-611.3.10.1-branch/Source/WTF/ChangeLog	2021-08-22 06:22:13 UTC (rev 281392)
@@ -1,3 +1,42 @@
+2021-08-21  Kocsen Chung  <kocsen_ch...@apple.com>
+
+        Cherry-pick r281384. rdar://problem/82195071
+
+    IndexedDB: crash when triggering IDBOpenRequest completion back on a worker thread
+    https://bugs.webkit.org/show_bug.cgi?id=229375
+    
+    Source/WebCore:
+    
+    Reviewed by Brady Eidson.
+    
+    Client may dispatch custom events to an IDBRequest, and we should only change request state based on events
+    created internally.
+    
+    * Modules/indexeddb/IDBRequest.cpp:
+    (WebCore::IDBRequest::dispatchEvent):
+    
+    Source/WTF:
+    
+    Protect callee in CrossThreadTask if it inherits from ThreadSafeRefCounted<T>.
+    
+    Reviewed by Brady Eidson.
+    
+    * wtf/CrossThreadTask.h:
+    
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@281384 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2021-08-21  Sihui Liu  <sihui_...@apple.com>
+
+            IndexedDB: crash when triggering IDBOpenRequest completion back on a worker thread
+            https://bugs.webkit.org/show_bug.cgi?id=229375
+
+            Protect callee in CrossThreadTask if it inherits from ThreadSafeRefCounted<T>.
+
+            Reviewed by Brady Eidson.
+
+            * wtf/CrossThreadTask.h:
+
 2021-06-10  Russell Epstein  <repst...@apple.com>
 
         Cherry-pick r278177. rdar://problem/79144899

Modified: branches/safari-611.3.10.1-branch/Source/WTF/wtf/CrossThreadTask.h (281391 => 281392)


--- branches/safari-611.3.10.1-branch/Source/WTF/wtf/CrossThreadTask.h	2021-08-22 05:52:17 UTC (rev 281391)
+++ branches/safari-611.3.10.1-branch/Source/WTF/wtf/CrossThreadTask.h	2021-08-22 06:22:13 UTC (rev 281392)
@@ -85,7 +85,7 @@
     callMemberFunctionForCrossThreadTaskImpl(object, function, std::forward<ArgsTuple>(args), ArgsIndicies());
 }
 
-template<typename T, typename std::enable_if<std::is_base_of<ThreadSafeRefCounted<T>, T>::value, int>::type = 0, typename... Parameters, typename... Arguments>
+template<typename T, typename std::enable_if<std::is_base_of<ThreadSafeRefCountedBase, T>::value, int>::type = 0, typename... Parameters, typename... Arguments>
 CrossThreadTask createCrossThreadTask(T& callee, void (T::*method)(Parameters...), const Arguments&... arguments)
 {
     return CrossThreadTask([callee = makeRefPtr(&callee), method, arguments = std::make_tuple(crossThreadCopy(arguments)...)]() mutable {
@@ -93,7 +93,7 @@
     });
 }
 
-template<typename T, typename std::enable_if<!std::is_base_of<ThreadSafeRefCounted<T>, T>::value, int>::type = 0, typename... Parameters, typename... Arguments>
+template<typename T, typename std::enable_if<!std::is_base_of<ThreadSafeRefCountedBase, T>::value, int>::type = 0, typename... Parameters, typename... Arguments>
 CrossThreadTask createCrossThreadTask(T& callee, void (T::*method)(Parameters...), const Arguments&... arguments)
 {
     return CrossThreadTask([callee = &callee, method, arguments = std::make_tuple(crossThreadCopy(arguments)...)]() mutable {

Modified: branches/safari-611.3.10.1-branch/Source/WebCore/ChangeLog (281391 => 281392)


--- branches/safari-611.3.10.1-branch/Source/WebCore/ChangeLog	2021-08-22 05:52:17 UTC (rev 281391)
+++ branches/safari-611.3.10.1-branch/Source/WebCore/ChangeLog	2021-08-22 06:22:13 UTC (rev 281392)
@@ -1,3 +1,44 @@
+2021-08-21  Kocsen Chung  <kocsen_ch...@apple.com>
+
+        Cherry-pick r281384. rdar://problem/82195071
+
+    IndexedDB: crash when triggering IDBOpenRequest completion back on a worker thread
+    https://bugs.webkit.org/show_bug.cgi?id=229375
+    
+    Source/WebCore:
+    
+    Reviewed by Brady Eidson.
+    
+    Client may dispatch custom events to an IDBRequest, and we should only change request state based on events
+    created internally.
+    
+    * Modules/indexeddb/IDBRequest.cpp:
+    (WebCore::IDBRequest::dispatchEvent):
+    
+    Source/WTF:
+    
+    Protect callee in CrossThreadTask if it inherits from ThreadSafeRefCounted<T>.
+    
+    Reviewed by Brady Eidson.
+    
+    * wtf/CrossThreadTask.h:
+    
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@281384 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2021-08-21  Sihui Liu  <sihui_...@apple.com>
+
+            IndexedDB: crash when triggering IDBOpenRequest completion back on a worker thread
+            https://bugs.webkit.org/show_bug.cgi?id=229375
+
+            Reviewed by Brady Eidson.
+
+            Client may dispatch custom events to an IDBRequest, and we should only change request state based on events
+            created internally.
+
+            * Modules/indexeddb/IDBRequest.cpp:
+            (WebCore::IDBRequest::dispatchEvent):
+
 2021-07-02  Ruben Turcios  <rubent...@apple.com>
 
         Cherry-pick r278964. rdar://problem/79474157

Modified: branches/safari-611.3.10.1-branch/Source/WebCore/Modules/indexeddb/IDBRequest.cpp (281391 => 281392)


--- branches/safari-611.3.10.1-branch/Source/WebCore/Modules/indexeddb/IDBRequest.cpp	2021-08-22 05:52:17 UTC (rev 281391)
+++ branches/safari-611.3.10.1-branch/Source/WebCore/Modules/indexeddb/IDBRequest.cpp	2021-08-22 06:22:13 UTC (rev 281392)
@@ -310,7 +310,8 @@
     else if (m_transaction && !m_transaction->didDispatchAbortOrCommit())
         targets = { this, m_transaction.get(), &m_transaction->database() };
 
-    m_hasPendingActivity = false;
+    if (event.isTrusted())
+        m_hasPendingActivity = false;
 
     {
         TransactionActivator activator(m_transaction.get());

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes