Bug 200925 - WebSQLiteDatabaseTracker does not ensure it is still alive after dispatching to the main thread
Summary: WebSQLiteDatabaseTracker does not ensure it is still alive after dispatching ...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Chris Dumez
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2019-08-20 10:32 PDT by Chris Dumez
Modified: 2019-08-20 15:19 PDT (History)
9 users (show)

See Also:

Attachments
Patch (3.65 KB, patch)
2019-08-20 10:32 PDT, Chris Dumez 		no flags Details | Formatted Diff | Diff
Patch (4.90 KB, patch)
2019-08-20 12:39 PDT, Chris Dumez 		no flags Details | Formatted Diff | Diff
Patch (6.19 KB, patch)
2019-08-20 13:36 PDT, Chris Dumez 		no flags Details | Formatted Diff | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Dumez 2019-08-20 10:32:02 PDT 
WebSQLiteDatabaseTracker does not ensure it is still alive after dispatching to the main thread, which is not safe.
Comment 1 Chris Dumez 2019-08-20 10:32:58 PDT 
Created attachment 376781 [details]
Patch
Comment 2 Geoffrey Garen 2019-08-20 10:48:16 PDT 
Comment on attachment 376781 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=376781&action=review

r=me

> Source/WebKit/Shared/WebSQLiteDatabaseTracker.cpp:39
> +    : m_weakThis(makeWeakPtr(*this))

This data member is just a copy of the pointer held by CanMakeWeakPtr<WebSQLiteDatabaseTracker>. It would be slightly more efficient to remove this data member, and instead do [weakThis = makeWeakPtr(*this)] in our lambda capture expressions.

If there's an issue where it's not safe to call makeWeakPtr(*this) in our lambda capture expressions because they execute on another thread, then I'd recommend just calling makeWeakPtr(*this) here but not storing the result, with a comment explaining that we want to avoid initializing our weak pointer on a secondary thread.
Comment 3 Chris Dumez 2019-08-20 12:39:38 PDT 
Created attachment 376791 [details]
Patch
Comment 4 Chris Dumez 2019-08-20 12:40:07 PDT 
(In reply to Chris Dumez from comment #3)
> Created attachment 376791 [details]
> Patch

Ok, what do you think of this approach?
Comment 5 EWS Watchlist 2019-08-20 12:42:22 PDT 
Attachment 376791 [details] did not pass style-queue:


ERROR: Source/WTF/wtf/WeakPtr.h:159:  Multi line control clauses should use braces.  [whitespace/braces] [4]
Total errors found: 1 in 4 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 6 Geoffrey Garen 2019-08-20 12:45:24 PDT 
Comment on attachment 376791 [details]
Patch

cq+
Comment 7 Geoffrey Garen 2019-08-20 12:50:17 PDT 
Comment on attachment 376791 [details]
Patch

cq- because we came up with an even better idea in person
Comment 8 Chris Dumez 2019-08-20 13:36:23 PDT 
Created attachment 376797 [details]
Patch
Comment 9 WebKit Commit Bot 2019-08-20 15:18:29 PDT 
Comment on attachment 376797 [details]
Patch

Clearing flags on attachment: 376797

Committed r248918: <https://trac.webkit.org/changeset/248918>
Comment 10 WebKit Commit Bot 2019-08-20 15:18:31 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 11 Radar WebKit Bug Importer 2019-08-20 15:19:25 PDT 
<rdar://problem/54530876>