Bug 209699

Summary: Regression(r259034): UniqueIDBDatabas object is destroyed while it's still in use
Product: WebKit Reporter: Sihui Liu <sihui_liu>
Component: New BugsAssignee: Sihui Liu <sihui_liu>
Status: RESOLVED INVALID    
Severity: Normal CC: alecflett, beidson, ews-watchlist, ggaren, jsbell, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch ggaren: review+

Sihui Liu
Reported 2020-03-28 00:07:58 PDT
In r259034, we try deleting the UniqueIDBDatabase in UniqueIDBDatabase::connectionClosedFromClient, when UniqueIDBDatabase finds itself has no connections. The problem is in UniqueIDBDatabase::openDBRequestCancelled, m_pendingOpenDBRequests will be accessed after connectionClosedFromClient. To fix this issues, we can protect this pointer in UniqueIDBDatabase::openDBRequestCancelled, but this bug and 209618 have proved r259034 to be error-prone. In this case, we probably need to find a better way to delete UniqueIDBDatabase at proper timing.
Attachments
Patch (6.35 KB, patch)
2020-03-28 00:14 PDT, Sihui Liu 		ggaren: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Sihui Liu
Comment 1 2020-03-28 00:11:01 PDT
rdar://problem/60951278
Sihui Liu
Comment 2 2020-03-28 00:14:28 PDT
Created attachment 394794 [details] Patch
Geoffrey Garen
Comment 3 2020-03-28 09:21:18 PDT
Comment on attachment 394794 [details] Patch It would be nice to figure out how to use smart pointers to ensure memory safety here; smart pointers are much easier to get right.
Sihui Liu
Comment 4 2020-03-29 00:04:48 PDT
(In reply to Geoffrey Garen from comment #3) > Comment on attachment 394794 [details] > Patch > > It would be nice to figure out how to use smart pointers to ensure memory > safety here; smart pointers are much easier to get right. Yes, will try replacing the raw pointers and remove unnecessary protected pointers to make the ownership clearer. Since r259034 is reverted and this patch works as an alternative, I will move this patch to https://bugs.webkit.org/show_bug.cgi?id=209532 and land it from there.
Note You need to log in before you can comment on or make changes to this bug.