Bug 199557 - Fix thread safety issue in Database::scheduleTransactionCallback()
Summary: Fix thread safety issue in Database::scheduleTransactionCallback()
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Chris Dumez
URL:
Keywords:
Depends on:
Blocks: 199517
  Show dependency treegraph
 
Reported: 2019-07-06 16:30 PDT by Chris Dumez
Modified: 2019-07-08 11:39 PDT (History)
10 users (show)

See Also:


Attachments
Patch (26.96 KB, patch)
2019-07-06 16:35 PDT, Chris Dumez
no flags Details | Formatted Diff | Diff
Patch (27.12 KB, patch)
2019-07-06 17:05 PDT, Chris Dumez
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Dumez 2019-07-06 16:30:49 PDT
Fix thread safety issue in Database::scheduleTransactionCallback():
Thread 17 Crashed:: WebCore: Database
0   com.apple.JavaScriptCore      	0x000000012f5a735e WTFCrash + 14 (Assertions.cpp:305)
1   com.apple.WebCore             	0x00000001183c23eb WTFCrashWithInfo(int, char const*, char const*, int) + 27
2   com.apple.WebCore             	0x0000000119b5d14c WebCore::ContainerNode::WeakValueType* WTF::WeakPtrImpl::get<WebCore::ContainerNode>() + 140 (WeakPtr.h:65)
3   com.apple.WebCore             	0x0000000119b5cf7a WTF::WeakPtrFactory<WebCore::ContainerNode>::createWeakPtr(WebCore::ContainerNode&) const + 138 (WeakPtr.h:142)
4   com.apple.WebCore             	0x0000000119b530ff WTF::WeakPtr<WebCore::Document> WTF::makeWeakPtr<WebCore::Document>(WebCore::Document&) + 63 (WeakPtr.h:212)
5   com.apple.WebCore             	0x000000011a91e1a0 WebCore::Document::postTask(WebCore::ScriptExecutionContext::Task&&) + 32 (Document.cpp:6121)
6   com.apple.WebCore             	0x000000011a027bc0 WebCore::Database::scheduleTransactionCallback(WebCore::SQLTransaction*) + 128 (Database.cpp:711)
7   com.apple.WebCore             	0x000000011a0729a7 WebCore::SQLTransaction::scheduleCallback(void (WebCore::SQLTransaction::*)()) + 151 (SQLTransaction.cpp:207)
8   com.apple.WebCore             	0x000000011a07338d WebCore::SQLTransaction::openTransactionAndPreflight() + 1981 (SQLTransaction.cpp:284)
9   com.apple.WebCore             	0x000000011a075219 WebCore::SQLTransactionBackend::openTransactionAndPreflight() + 25 (SQLTransactionBackend.cpp:486)
10  com.apple.WebCore             	0x000000011a070f72 WebCore::SQLTransactionStateMachine<WebCore::SQLTransactionBackend>::runStateMachine() + 418 (SQLTransactionStateMachine.h:105)
11  com.apple.WebCore             	0x000000011a070c07 WebCore::SQLTransaction::performNextStep() + 55 (SQLTransaction.cpp:107)
12  com.apple.WebCore             	0x000000011a040bfb WebCore::DatabaseTransactionTask::doPerformTask() + 43 (DatabaseTask.cpp:160)
13  com.apple.WebCore             	0x000000011a0406f0 WebCore::DatabaseTask::performTask() + 176 (DatabaseTask.cpp:78)
14  com.apple.WebCore             	0x000000011a0413d2 WebCore::DatabaseThread::databaseThread() + 194 (DatabaseThread.cpp:102)
15  com.apple.WebCore             	0x000000011a0557c8 WebCore::DatabaseThread::start()::$_1::operator()() const + 24 (DatabaseThread.cpp:68)
16  com.apple.WebCore             	0x000000011a055789 WTF::Detail::CallableWrapper<WebCore::DatabaseThread::start()::$_1, void>::call() + 25 (Function.h:52)
17  com.apple.JavaScriptCore      	0x000000012f5d1d6a WTF::Function<void ()>::operator()() const + 138 (Function.h:79)
18  com.apple.JavaScriptCore      	0x000000012f6692f0 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 416 (Threading.cpp:149)
19  com.apple.JavaScriptCore      	0x000000012f671725 WTF::wtfThreadEntryPoint(void*) + 21 (ThreadingPOSIX.cpp:200)
20  libsystem_pthread.dylib       	0x00007fff6dd36daa _pthread_start + 125
21  libsystem_pthread.dylib       	0x00007fff6dd336af thread_start + 15

It calls makeWeakPtr() on a Document from a background database thread, which is not safe because the Document is a main thread object.
Comment 1 Chris Dumez 2019-07-06 16:35:27 PDT
Created attachment 373587 [details]
Patch
Comment 2 Chris Dumez 2019-07-06 17:05:04 PDT
Created attachment 373588 [details]
Patch
Comment 3 WebKit Commit Bot 2019-07-08 11:38:38 PDT
Comment on attachment 373588 [details]
Patch

Clearing flags on attachment: 373588

Committed r247219: <https://trac.webkit.org/changeset/247219>
Comment 4 WebKit Commit Bot 2019-07-08 11:38:40 PDT
All reviewed patches have been landed.  Closing bug.