[webkit-reviews] review denied: [Bug 195214] Crash in com.apple.WebCore: WebCore::IDBTransaction::pendingOperationTimerFired + 72 : [Attachment 363346] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Mar 5 11:52:12 PST 2019
Geoffrey Garen <ggaren at apple.com> has denied Sihui Liu <sihui_liu at apple.com>'s
request for review:
Bug 195214: Crash in com.apple.WebCore:
WebCore::IDBTransaction::pendingOperationTimerFired + 72
https://bugs.webkit.org/show_bug.cgi?id=195214
Attachment 363346: Patch
https://bugs.webkit.org/attachment.cgi?id=363346&action=review
--- Comment #4 from Geoffrey Garen <ggaren at apple.com> ---
Comment on attachment 363346
--> https://bugs.webkit.org/attachment.cgi?id=363346
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=363346&action=review
> Source/WebCore/Modules/indexeddb/client/TransactionOperation.h:105
> + if (m_completeFunction) {
> + m_completeFunction(data);
> + // m_completeFunction might be holding the last ref to this
TransactionOperation,
> + // so we need to do this trick to null it out without first
destroying it.
> + Function<void(const IDBResultData&)> oldCompleteFunction;
> + std::swap(m_completeFunction, oldCompleteFunction);
> + }
> m_transaction->operationCompletedOnClient(*this);
It seems like a bug that you reference m_transaction after this may have been
deleted (by destroying m_completeFunction, which holds the last ref to this
TransactionOperation.)
Probably the best solution is to use "auto protect = makeRef(this)" at the top
of the function.
More information about the webkit-reviews
mailing list