RESOLVED FIXED209618
REGRESSION(r259034): access to null UniqueIDBDatabase in UniqueIDBDatabaseConnection::~UniqueIDBDatabaseConnection() 
https://bugs.webkit.org/show_bug.cgi?id=209618
Summary REGRESSION(r259034): access to null UniqueIDBDatabase in UniqueIDBDatabaseCon...
Sihui Liu
Reported 2020-03-26 13:30:00 PDT
~UniqueIDBDatabaseConnection should happen before ~UniqueIDBDatabase, but we protect UniqueIDBDatabaseConnection in UniqueIDBDatabase::connectionClosedFromClient.
Attachments
Patch (4.14 KB, patch)
2020-03-26 13:39 PDT, Sihui Liu 		no flags
DetailsFormatted DiffDiff
Patch (6.57 KB, patch)
2020-03-26 15:15 PDT, Sihui Liu 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Sihui Liu
Comment 1 2020-03-26 13:31:05 PDT
<rdar://problem/60919105>
Sihui Liu
Comment 2 2020-03-26 13:39:05 PDT
Created attachment 394654 [details] Patch
Geoffrey Garen
Comment 3 2020-03-26 14:42:37 PDT
Comment on attachment 394654 [details] Patch It's not great for correctness to rely on destruction order. We don't have a smart reliable way to guarantee destruction order. I think a better solution in this case would be to change UniqueIDBDatabaseConnection to hold a direct pointer to IDBServer. That way, there's no need to deference UniqueIDBDatabase in the destructor. Also, it would be good to change UniqueIDBDatabaseConnection::m_database to be a WeakPtr, for memory safety. (That way, a bug like this will be detectable even without guard malloc, and will not become a security bug.)
Sihui Liu
Comment 4 2020-03-26 15:15:55 PDT
Created attachment 394662 [details] Patch
Geoffrey Garen
Comment 5 2020-03-26 15:20:10 PDT
Comment on attachment 394662 [details] Patch r=me
EWS
Comment 6 2020-03-26 16:10:05 PDT
Committed r259090: <https://trac.webkit.org/changeset/259090> All reviewed patches have been landed. Closing bug and clearing flags on attachment 394662 [details].
Note You need to log in before you can comment on or make changes to this bug.