Branch: refs/heads/webkitglib/2.52
Home: https://github.com/WebKit/WebKit
Commit: 34bffff51c84eea24735eddb59d025a1d125fb6f
https://github.com/WebKit/WebKit/commit/34bffff51c84eea24735eddb59d025a1d125fb6f
Author: Claudio Saavedra <[email protected]>
Date: 2026-03-16 (Mon, 16 Mar 2026)
Changed paths:
M Source/WebKit/NetworkProcess/storage/IDBStorageManager.cpp
M Source/WebKit/NetworkProcess/storage/IDBStorageManager.h
Log Message:
-----------
Cherry-pick 309248@main (5861503be1bb).
https://bugs.webkit.org/show_bug.cgi?id=309780
IDB: ASSERT(spaceCheckResult == SpaceCheckResult::Pass) failed in
WebCore::IDBServer::UniqueIDBDatabase::abortTransaction()
https://bugs.webkit.org/show_bug.cgi?id=309780
Reviewed by Sihui Liu.
During destruction of the IDBStorageManager, transactions are aborted.
Because UniqueIDBDatabase::abortTransaction() is called without a
SpaceCheckResult, one is requested via a call to
UniqueIDBDatabaseManager::requestSpace(). But this is happening
while the OriginStorageManager that installs a lambda to perform
the space check is already being destructed, so the lambda
will default to call the completion handler with false.
This will cause the innermost call to UniqueIDBDatabase::abortTransaction()
to happen with SpaceCheckResult::Fail, hitting the assertion mentioned.
For details, refer to the stacktrace in the bug report.
We can track the IDBStorageManager closure so that when
requestSpace() is called, we can directly grant or deny the
request depending on the size requested.
* Source/WebKit/NetworkProcess/storage/IDBStorageManager.cpp:
(WebKit::IDBStorageManager::~IDBStorageManager):
(WebKit::IDBStorageManager::requestSpace):
* Source/WebKit/NetworkProcess/storage/IDBStorageManager.h:
Canonical link: https://commits.webkit.org/309248@main
Canonical link: https://commits.webkit.org/305877.206@webkitglib/2.52
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
