RESOLVED FIXED 199557
Fix thread safety issue in Database::scheduleTransactionCallback() 
https://bugs.webkit.org/show_bug.cgi?id=199557
Summary Fix thread safety issue in Database::scheduleTransactionCallback()
Chris Dumez
Reported 2019-07-06 16:30:49 PDT
Fix thread safety issue in Database::scheduleTransactionCallback(): Thread 17 Crashed:: WebCore: Database 0 com.apple.JavaScriptCore 0x000000012f5a735e WTFCrash + 14 (Assertions.cpp:305) 1 com.apple.WebCore 0x00000001183c23eb WTFCrashWithInfo(int, char const*, char const*, int) + 27 2 com.apple.WebCore 0x0000000119b5d14c WebCore::ContainerNode::WeakValueType* WTF::WeakPtrImpl::get<WebCore::ContainerNode>() + 140 (WeakPtr.h:65) 3 com.apple.WebCore 0x0000000119b5cf7a WTF::WeakPtrFactory<WebCore::ContainerNode>::createWeakPtr(WebCore::ContainerNode&) const + 138 (WeakPtr.h:142) 4 com.apple.WebCore 0x0000000119b530ff WTF::WeakPtr<WebCore::Document> WTF::makeWeakPtr<WebCore::Document>(WebCore::Document&) + 63 (WeakPtr.h:212) 5 com.apple.WebCore 0x000000011a91e1a0 WebCore::Document::postTask(WebCore::ScriptExecutionContext::Task&&) + 32 (Document.cpp:6121) 6 com.apple.WebCore 0x000000011a027bc0 WebCore::Database::scheduleTransactionCallback(WebCore::SQLTransaction*) + 128 (Database.cpp:711) 7 com.apple.WebCore 0x000000011a0729a7 WebCore::SQLTransaction::scheduleCallback(void (WebCore::SQLTransaction::*)()) + 151 (SQLTransaction.cpp:207) 8 com.apple.WebCore 0x000000011a07338d WebCore::SQLTransaction::openTransactionAndPreflight() + 1981 (SQLTransaction.cpp:284) 9 com.apple.WebCore 0x000000011a075219 WebCore::SQLTransactionBackend::openTransactionAndPreflight() + 25 (SQLTransactionBackend.cpp:486) 10 com.apple.WebCore 0x000000011a070f72 WebCore::SQLTransactionStateMachine<WebCore::SQLTransactionBackend>::runStateMachine() + 418 (SQLTransactionStateMachine.h:105) 11 com.apple.WebCore 0x000000011a070c07 WebCore::SQLTransaction::performNextStep() + 55 (SQLTransaction.cpp:107) 12 com.apple.WebCore 0x000000011a040bfb WebCore::DatabaseTransactionTask::doPerformTask() + 43 (DatabaseTask.cpp:160) 13 com.apple.WebCore 0x000000011a0406f0 WebCore::DatabaseTask::performTask() + 176 (DatabaseTask.cpp:78) 14 com.apple.WebCore 0x000000011a0413d2 WebCore::DatabaseThread::databaseThread() + 194 (DatabaseThread.cpp:102) 15 com.apple.WebCore 0x000000011a0557c8 WebCore::DatabaseThread::start()::$_1::operator()() const + 24 (DatabaseThread.cpp:68) 16 com.apple.WebCore 0x000000011a055789 WTF::Detail::CallableWrapper<WebCore::DatabaseThread::start()::$_1, void>::call() + 25 (Function.h:52) 17 com.apple.JavaScriptCore 0x000000012f5d1d6a WTF::Function<void ()>::operator()() const + 138 (Function.h:79) 18 com.apple.JavaScriptCore 0x000000012f6692f0 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 416 (Threading.cpp:149) 19 com.apple.JavaScriptCore 0x000000012f671725 WTF::wtfThreadEntryPoint(void*) + 21 (ThreadingPOSIX.cpp:200) 20 libsystem_pthread.dylib 0x00007fff6dd36daa _pthread_start + 125 21 libsystem_pthread.dylib 0x00007fff6dd336af thread_start + 15 It calls makeWeakPtr() on a Document from a background database thread, which is not safe because the Document is a main thread object.
Attachments
Patch (26.96 KB, patch)
2019-07-06 16:35 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (27.12 KB, patch)
2019-07-06 17:05 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2019-07-06 16:35:27 PDT
Created attachment 373587 [details] Patch
Chris Dumez
Comment 2 2019-07-06 17:05:04 PDT
Created attachment 373588 [details] Patch
WebKit Commit Bot
Comment 3 2019-07-08 11:38:38 PDT
Comment on attachment 373588 [details] Patch Clearing flags on attachment: 373588 Committed r247219: <https://trac.webkit.org/changeset/247219>
WebKit Commit Bot
Comment 4 2019-07-08 11:38:40 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.