In r259034, we try deleting the UniqueIDBDatabase in UniqueIDBDatabase::connectionClosedFromClient, when UniqueIDBDatabase finds itself has no connections. The problem is in UniqueIDBDatabase::openDBRequestCancelled, m_pendingOpenDBRequests will be accessed after connectionClosedFromClient. To fix this issues, we can protect this pointer in UniqueIDBDatabase::openDBRequestCancelled, but this bug and 209618 have proved r259034 to be error-prone. In this case, we probably need to find a better way to delete UniqueIDBDatabase at proper timing.
rdar://problem/60951278
Created attachment 394794 [details] Patch
Comment on attachment 394794 [details] Patch It would be nice to figure out how to use smart pointers to ensure memory safety here; smart pointers are much easier to get right.
(In reply to Geoffrey Garen from comment #3) > Comment on attachment 394794 [details] > Patch > > It would be nice to figure out how to use smart pointers to ensure memory > safety here; smart pointers are much easier to get right. Yes, will try replacing the raw pointers and remove unnecessary protected pointers to make the ownership clearer. Since r259034 is reverted and this patch works as an alternative, I will move this patch to https://bugs.webkit.org/show_bug.cgi?id=209532 and land it from there.