Bug 159432

Summary: IDBDatabase can null deref its ScriptExecutionContext inside connectionToServerLost
Product: WebKit Reporter: Brady Eidson <beidson>
Component: WebCore Misc.Assignee: Brady Eidson <beidson>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, alecflett, commit-queue, jsbell
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 149117    
Attachments:
Description Flags
Patch achristensen: review+

Description Brady Eidson 2016-07-05 12:44:01 PDT
IDBDatabase can null deref its ScriptExecutionContext inside connectionToServerLost

If an IDBDatabase object is still live when a page navigates, then it loses its ScriptExecutionContext.

Then - if before GC happens that would delete the database object - the database process connection is dropped, this callback doesn't do the right thing.

I can make it do the right thing, but a targeted test will not be possible.
Comment 1 Brady Eidson 2016-07-05 12:44:44 PDT
<rdar://problem/27169924>
Comment 2 Brady Eidson 2016-07-05 13:26:14 PDT
Created attachment 282813 [details]
Patch
Comment 3 Alex Christensen 2016-07-05 13:33:34 PDT
Comment on attachment 282813 [details]
Patch

Could we make m_activeTransactions a HashMap to Refs instead of RefPtrs?
Comment 4 Brady Eidson 2016-07-05 13:35:48 PDT
(In reply to comment #3)
> Comment on attachment 282813 [details]
> Patch
> 
> Could we make m_activeTransactions a HashMap to Refs instead of RefPtrs?

Sure, but that's outside the scope of this patch.
Comment 5 Brady Eidson 2016-07-05 14:39:13 PDT
https://trac.webkit.org/changeset/202833