Bug 239255

Summary: StorageMap::importItems may update currentSize wrongly in release build
Product: WebKit Reporter: Sihui Liu <sihui_liu>
Component: Website StorageAssignee: Sihui Liu <sihui_liu>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, sihui_liu, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
ews-feeder: commit-queue-
Patch
none
Patch
none
Patch
none
Patch none

Description Sihui Liu 2022-04-12 14:53:52 PDT 
...
Comment 1 Sihui Liu 2022-04-12 15:21:35 PDT 
Created attachment 457482 [details]
Patch
Comment 2 Sihui Liu 2022-04-12 15:58:19 PDT 
Created attachment 457486 [details]
Patch
Comment 3 Chris Dumez 2022-04-12 16:01:37 PDT 
Comment on attachment 457486 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=457486&action=review

> Source/WebCore/storage/StorageMap.cpp:166
> +        RELEASE_LOG_ERROR(Storage, "StorageMap::importItems failed to import because map is not empty");

Why is it OK to ignore the items in this case? If that's not supposed to happen, should we ASSERT?
Comment 4 Sihui Liu 2022-04-13 09:54:41 PDT 
(In reply to Chris Dumez from comment #3)
> Comment on attachment 457486 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=457486&action=review
> 
> > Source/WebCore/storage/StorageMap.cpp:166
> > +        RELEASE_LOG_ERROR(Storage, "StorageMap::importItems failed to import because map is not empty");
> 
> Why is it OK to ignore the items in this case? If that's not supposed to
> happen, should we ASSERT?

Yes, we can turn it into assertion
Comment 5 Sihui Liu 2022-04-13 10:00:33 PDT 
Created attachment 457539 [details]
Patch
Comment 6 Chris Dumez 2022-04-13 10:08:51 PDT 
Comment on attachment 457539 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=457539&action=review

> Source/WebCore/storage/StorageMap.cpp:166
> +    CheckedUint32 newSize = m_impl->currentSize;

why `= m_impl->currentSize`? I thought the map was empty?

Can we assert that m_impl->currentSize is 0 and then just use `CheckedUint32 newSize;` here?
Comment 7 Sihui Liu 2022-04-13 10:14:47 PDT 
Created attachment 457542 [details]
Patch
Comment 8 Chris Dumez 2022-04-13 10:16:32 PDT 
Comment on attachment 457542 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=457542&action=review

r=me assuming the bots are happy.

> Source/WebCore/storage/StorageMap.cpp:164
> +    RELEASE_ASSERT(!m_impl->currentSize);

Why did you drop the `RELEASE_ASSERT(m_impl->map.isEmpty());` ?

I feel it'd be good to check that both there is no item in the map and the size is indeed 0.
Comment 9 Sihui Liu 2022-04-13 10:27:49 PDT 
Comment on attachment 457542 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=457542&action=review

>> Source/WebCore/storage/StorageMap.cpp:164
>> +    RELEASE_ASSERT(!m_impl->currentSize);
> 
> Why did you drop the `RELEASE_ASSERT(m_impl->map.isEmpty());` ?
> 
> I feel it'd be good to check that both there is no item in the map and the size is indeed 0.

I thought you mean replacing RELEASE_ASSERT with this... will update.
Comment 10 Sihui Liu 2022-04-13 10:29:03 PDT 
Created attachment 457543 [details]
Patch
Comment 11 EWS 2022-04-13 15:45:13 PDT 
Committed r292836 (249609@main): <https://commits.webkit.org/249609@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 457543 [details].
Comment 12 Radar WebKit Bug Importer 2022-04-13 15:46:16 PDT 
<rdar://problem/91719712>