SQLiteDatabase should bail out if opening fails
Created attachment 453076 [details] Patch
<rdar://83130954>
Comment on attachment 453076 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=453076&action=review > Source/WebCore/platform/sql/SQLiteDatabase.cpp:145 > + if (!isOpen()) { Why not return earlier? E.g. after sqlite3_open_v2() call above?
Created attachment 453671 [details] Patch
Created attachment 453774 [details] Patch
Comment on attachment 453774 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=453774&action=review > Source/WebCore/platform/sql/SQLiteDatabase.cpp:132 > + int result = SQLITE_OK; Just because there are braces below doesn’t mean we need to initialize this here. I suppose it’s OK. > Source/WebCore/platform/sql/SQLiteDatabase.h:102 > + int checkpoint(CheckpointMode); Why add this return value? No caller is checking it. Is it for future use? > Source/WebCore/platform/sql/SQLiteDatabase.h:172 > + int useWALJournalMode(); Seems like returning an error code as an int with no comment or type to disambiguate and say what the return value means is not a great pattern. In this particular case, the caller just needs to know if this succeeded or failed, so a bool for success would work and I think might be better than returning the error code. I suppose it’s not a *disaster* to return an SQLite error code as an int, but how would I know that’s what this function returns? Elsewhere we use named types whenever possible for error codes, or enums or special-purpose objects. I think booleans for success work too.
Comment on attachment 453774 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=453774&action=review >> Source/WebCore/platform/sql/SQLiteDatabase.h:102 >> + int checkpoint(CheckpointMode); > > Why add this return value? No caller is checking it. Is it for future use? I was planned to use the return value to decide if error is lethal and we should close database immediately. Then I decided to just keep existing behavior that ignores the checkpoint error. So this is unused; I will revert this change. >> Source/WebCore/platform/sql/SQLiteDatabase.h:172 >> + int useWALJournalMode(); > > Seems like returning an error code as an int with no comment or type to disambiguate and say what the return value means is not a great pattern. > > In this particular case, the caller just needs to know if this succeeded or failed, so a bool for success would work and I think might be better than returning the error code. > > I suppose it’s not a *disaster* to return an SQLite error code as an int, but how would I know that’s what this function returns? Elsewhere we use named types whenever possible for error codes, or enums or special-purpose objects. I think booleans for success work too. Sure, will use bool instead. We can get the error with sqlite3_errcode.
Patch looks reasonable to me. Just for the future, here is what we found: 1. sqlite3_open_v2 can succeed even if you can't open or create the -shm file for whatever reason (e.g. out of disk space or file handles). 2. Executing `PRAGMA journal_mode=wal` seems to fail if you can't open or create the -shm file. But we were ignoring the result of this operation. 3. Then we would try to call sqlite3_wal_checkpoint_v2 on the connection. This actually crashes if you can't open the -shm file. So the workaround in this patch was to add a bailout at (2) rather than crashing at (3).
Created attachment 453817 [details] Patch for landing
Committed r290822 (248058@main): <https://commits.webkit.org/248058@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 453817 [details].