Bug 209618

Summary: REGRESSION(r259034): access to null UniqueIDBDatabase in UniqueIDBDatabaseConnection::~UniqueIDBDatabaseConnection()
Product: WebKit Reporter: Sihui Liu <sihui_liu>
Component: New BugsAssignee: Sihui Liu <sihui_liu>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, alecflett, beidson, cdumez, ews-watchlist, ggaren, jsbell, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch none

Description Sihui Liu 2020-03-26 13:30:00 PDT 
~UniqueIDBDatabaseConnection should happen before ~UniqueIDBDatabase, but we protect UniqueIDBDatabaseConnection in UniqueIDBDatabase::connectionClosedFromClient.
Comment 1 Sihui Liu 2020-03-26 13:31:05 PDT 
<rdar://problem/60919105>
Comment 2 Sihui Liu 2020-03-26 13:39:05 PDT 
Created attachment 394654 [details]
Patch
Comment 3 Geoffrey Garen 2020-03-26 14:42:37 PDT 
Comment on attachment 394654 [details]
Patch

It's not great for correctness to rely on destruction order. We don't have a smart reliable way to guarantee destruction order.

I think a better solution in this case would be to change UniqueIDBDatabaseConnection to hold a direct pointer to IDBServer. That way, there's no need to deference UniqueIDBDatabase in the destructor. Also, it would be good to change UniqueIDBDatabaseConnection::m_database to be a WeakPtr, for memory safety. (That way, a bug like this will be detectable even without guard malloc, and will not become a security bug.)
Comment 4 Sihui Liu 2020-03-26 15:15:55 PDT 
Created attachment 394662 [details]
Patch
Comment 5 Geoffrey Garen 2020-03-26 15:20:10 PDT 
Comment on attachment 394662 [details]
Patch

r=me
Comment 6 EWS 2020-03-26 16:10:05 PDT 
Committed r259090: <https://trac.webkit.org/changeset/259090>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 394662 [details].