Bug 134517

Summary: Possible crash in IconDatabase in WebCore::IconDatabase::dispatchDidRemoveAllIconsOnMainThread
Product: WebKit Reporter: Brady Eidson <beidson>
Component: WebKit2Assignee: Brady Eidson <beidson>
Status: RESOLVED FIXED    
Severity: Normal CC: bunhere, cdumez, commit-queue, gyuyoung.kim, japhet, sergio
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
Patch v1 eric.carlson: review+

Description Brady Eidson 2014-07-01 15:29:01 PDT 
Possible crash in IconDatabase in WebCore::IconDatabase::dispatchDidRemoveAllIconsOnMainThread

The main thread callbacks from the background thread reference "this".  But in WebKit2 land with WebContexts coming and going, there's no guarantee "this" will still be around.

My proposed fix is for the WebCore::IconDatabase's owner (In this case WebIconDatabase) to detect the situation where the WebCore::IconDatabase is not yet finished and hang around until it is.

<rdar://problem/17437687>
Comment 1 Brady Eidson 2014-07-01 15:37:47 PDT 
Created attachment 234207 [details]
Patch v1
Comment 2 Eric Carlson 2014-07-03 08:17:41 PDT 
Comment on attachment 234207 [details]
Patch v1

View in context: https://bugs.webkit.org/attachment.cgi?id=234207&action=review

> Source/WebCore/loader/icon/IconDatabase.cpp:2083
> +    // If there's still callbacks in flight from the sync thread we cannot possibly be closed.

Grammar nit: "If there are still callbacks"

> Source/WebCore/loader/icon/IconDatabase.cpp:2087
> +    // Even if there's no more pending callbacks the database might otherwise still be open.

Ditto.
Comment 3 Brady Eidson 2014-07-03 09:19:46 PDT 
http://trac.webkit.org/changeset/170754