Bug 159432 - IDBDatabase can null deref its ScriptExecutionContext inside connectionToServerLost
Summary: IDBDatabase can null deref its ScriptExecutionContext inside connectionToServ...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Brady Eidson
URL:
Keywords: InRadar
Depends on:
Blocks: 149117
  Show dependency treegraph
 
Reported: 2016-07-05 12:44 PDT by Brady Eidson
Modified: 2016-07-05 14:39 PDT (History)
4 users (show)

See Also:


Attachments
Patch (2.37 KB, patch)
2016-07-05 13:26 PDT, Brady Eidson
achristensen: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Brady Eidson 2016-07-05 12:44:01 PDT
IDBDatabase can null deref its ScriptExecutionContext inside connectionToServerLost

If an IDBDatabase object is still live when a page navigates, then it loses its ScriptExecutionContext.

Then - if before GC happens that would delete the database object - the database process connection is dropped, this callback doesn't do the right thing.

I can make it do the right thing, but a targeted test will not be possible.
Comment 1 Brady Eidson 2016-07-05 12:44:44 PDT
<rdar://problem/27169924>
Comment 2 Brady Eidson 2016-07-05 13:26:14 PDT
Created attachment 282813 [details]
Patch
Comment 3 Alex Christensen 2016-07-05 13:33:34 PDT
Comment on attachment 282813 [details]
Patch

Could we make m_activeTransactions a HashMap to Refs instead of RefPtrs?
Comment 4 Brady Eidson 2016-07-05 13:35:48 PDT
(In reply to comment #3)
> Comment on attachment 282813 [details]
> Patch
> 
> Could we make m_activeTransactions a HashMap to Refs instead of RefPtrs?

Sure, but that's outside the scope of this patch.
Comment 5 Brady Eidson 2016-07-05 14:39:13 PDT
https://trac.webkit.org/changeset/202833