Modified: branches/safari-611.3.10.0-branch/Source/WTF/ChangeLog (281393 => 281394)
--- branches/safari-611.3.10.0-branch/Source/WTF/ChangeLog 2021-08-22 06:23:47 UTC (rev 281393)
+++ branches/safari-611.3.10.0-branch/Source/WTF/ChangeLog 2021-08-22 07:10:53 UTC (rev 281394)
@@ -1,3 +1,42 @@
+2021-08-22 Alan Coon <alanc...@apple.com>
+
+ Cherry-pick r281384. rdar://problem/82195071
+
+ IndexedDB: crash when triggering IDBOpenRequest completion back on a worker thread
+ https://bugs.webkit.org/show_bug.cgi?id=229375
+
+ Source/WebCore:
+
+ Reviewed by Brady Eidson.
+
+ Client may dispatch custom events to an IDBRequest, and we should only change request state based on events
+ created internally.
+
+ * Modules/indexeddb/IDBRequest.cpp:
+ (WebCore::IDBRequest::dispatchEvent):
+
+ Source/WTF:
+
+ Protect callee in CrossThreadTask if it inherits from ThreadSafeRefCounted<T>.
+
+ Reviewed by Brady Eidson.
+
+ * wtf/CrossThreadTask.h:
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@281384 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-08-21 Sihui Liu <sihui_...@apple.com>
+
+ IndexedDB: crash when triggering IDBOpenRequest completion back on a worker thread
+ https://bugs.webkit.org/show_bug.cgi?id=229375
+
+ Protect callee in CrossThreadTask if it inherits from ThreadSafeRefCounted<T>.
+
+ Reviewed by Brady Eidson.
+
+ * wtf/CrossThreadTask.h:
+
2021-06-10 Russell Epstein <repst...@apple.com>
Cherry-pick r278177. rdar://problem/79144899
Modified: branches/safari-611.3.10.0-branch/Source/WTF/wtf/CrossThreadTask.h (281393 => 281394)
--- branches/safari-611.3.10.0-branch/Source/WTF/wtf/CrossThreadTask.h 2021-08-22 06:23:47 UTC (rev 281393)
+++ branches/safari-611.3.10.0-branch/Source/WTF/wtf/CrossThreadTask.h 2021-08-22 07:10:53 UTC (rev 281394)
@@ -85,7 +85,7 @@
callMemberFunctionForCrossThreadTaskImpl(object, function, std::forward<ArgsTuple>(args), ArgsIndicies());
}
-template<typename T, typename std::enable_if<std::is_base_of<ThreadSafeRefCounted<T>, T>::value, int>::type = 0, typename... Parameters, typename... Arguments>
+template<typename T, typename std::enable_if<std::is_base_of<ThreadSafeRefCountedBase, T>::value, int>::type = 0, typename... Parameters, typename... Arguments>
CrossThreadTask createCrossThreadTask(T& callee, void (T::*method)(Parameters...), const Arguments&... arguments)
{
return CrossThreadTask([callee = makeRefPtr(&callee), method, arguments = std::make_tuple(crossThreadCopy(arguments)...)]() mutable {
@@ -93,7 +93,7 @@
});
}
-template<typename T, typename std::enable_if<!std::is_base_of<ThreadSafeRefCounted<T>, T>::value, int>::type = 0, typename... Parameters, typename... Arguments>
+template<typename T, typename std::enable_if<!std::is_base_of<ThreadSafeRefCountedBase, T>::value, int>::type = 0, typename... Parameters, typename... Arguments>
CrossThreadTask createCrossThreadTask(T& callee, void (T::*method)(Parameters...), const Arguments&... arguments)
{
return CrossThreadTask([callee = &callee, method, arguments = std::make_tuple(crossThreadCopy(arguments)...)]() mutable {
Modified: branches/safari-611.3.10.0-branch/Source/WebCore/ChangeLog (281393 => 281394)
--- branches/safari-611.3.10.0-branch/Source/WebCore/ChangeLog 2021-08-22 06:23:47 UTC (rev 281393)
+++ branches/safari-611.3.10.0-branch/Source/WebCore/ChangeLog 2021-08-22 07:10:53 UTC (rev 281394)
@@ -1,3 +1,44 @@
+2021-08-22 Alan Coon <alanc...@apple.com>
+
+ Cherry-pick r281384. rdar://problem/82195071
+
+ IndexedDB: crash when triggering IDBOpenRequest completion back on a worker thread
+ https://bugs.webkit.org/show_bug.cgi?id=229375
+
+ Source/WebCore:
+
+ Reviewed by Brady Eidson.
+
+ Client may dispatch custom events to an IDBRequest, and we should only change request state based on events
+ created internally.
+
+ * Modules/indexeddb/IDBRequest.cpp:
+ (WebCore::IDBRequest::dispatchEvent):
+
+ Source/WTF:
+
+ Protect callee in CrossThreadTask if it inherits from ThreadSafeRefCounted<T>.
+
+ Reviewed by Brady Eidson.
+
+ * wtf/CrossThreadTask.h:
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@281384 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-08-21 Sihui Liu <sihui_...@apple.com>
+
+ IndexedDB: crash when triggering IDBOpenRequest completion back on a worker thread
+ https://bugs.webkit.org/show_bug.cgi?id=229375
+
+ Reviewed by Brady Eidson.
+
+ Client may dispatch custom events to an IDBRequest, and we should only change request state based on events
+ created internally.
+
+ * Modules/indexeddb/IDBRequest.cpp:
+ (WebCore::IDBRequest::dispatchEvent):
+
2021-08-13 Russell Epstein <repst...@apple.com>
Cherry-pick r278729. rdar://problem/80310242
Modified: branches/safari-611.3.10.0-branch/Source/WebCore/Modules/indexeddb/IDBRequest.cpp (281393 => 281394)
--- branches/safari-611.3.10.0-branch/Source/WebCore/Modules/indexeddb/IDBRequest.cpp 2021-08-22 06:23:47 UTC (rev 281393)
+++ branches/safari-611.3.10.0-branch/Source/WebCore/Modules/indexeddb/IDBRequest.cpp 2021-08-22 07:10:53 UTC (rev 281394)
@@ -310,7 +310,8 @@
else if (m_transaction && !m_transaction->didDispatchAbortOrCommit())
targets = { this, m_transaction.get(), &m_transaction->database() };
- m_hasPendingActivity = false;
+ if (event.isTrusted())
+ m_hasPendingActivity = false;
{
TransactionActivator activator(m_transaction.get());