Bug 134517 - Possible crash in IconDatabase in WebCore::IconDatabase::dispatchDidRemoveAllIconsOnMainThread
Summary: Possible crash in IconDatabase in WebCore::IconDatabase::dispatchDidRemoveAll...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Brady Eidson
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2014-07-01 15:29 PDT by Brady Eidson
Modified: 2014-07-03 09:19 PDT (History)
6 users (show)

See Also:

Attachments
Patch v1 (11.61 KB, patch)
2014-07-01 15:37 PDT, Brady Eidson 		eric.carlson: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Brady Eidson 2014-07-01 15:29:01 PDT 
Possible crash in IconDatabase in WebCore::IconDatabase::dispatchDidRemoveAllIconsOnMainThread

The main thread callbacks from the background thread reference "this".  But in WebKit2 land with WebContexts coming and going, there's no guarantee "this" will still be around.

My proposed fix is for the WebCore::IconDatabase's owner (In this case WebIconDatabase) to detect the situation where the WebCore::IconDatabase is not yet finished and hang around until it is.

<rdar://problem/17437687>
Comment 1 Brady Eidson 2014-07-01 15:37:47 PDT 
Created attachment 234207 [details]
Patch v1
Comment 2 Eric Carlson 2014-07-03 08:17:41 PDT 
Comment on attachment 234207 [details]
Patch v1

View in context: https://bugs.webkit.org/attachment.cgi?id=234207&action=review

> Source/WebCore/loader/icon/IconDatabase.cpp:2083
> +    // If there's still callbacks in flight from the sync thread we cannot possibly be closed.

Grammar nit: "If there are still callbacks"

> Source/WebCore/loader/icon/IconDatabase.cpp:2087
> +    // Even if there's no more pending callbacks the database might otherwise still be open.

Ditto.
Comment 3 Brady Eidson 2014-07-03 09:19:46 PDT 
http://trac.webkit.org/changeset/170754