[Webkit-unassigned] [Bug 39331] New: Assertion failure in OriginQuotaManager.cpp

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=39331

           Summary: Assertion failure in OriginQuotaManager.cpp
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: HTML DOM
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: ericu at chromium.org
                CC: dumi at chromium.org


ASSERTION FAILED: usageRecord
(/Users/ericu/four/src/third_party/WebKit/WebCore/storage/OriginQuotaManager.cpp:130 long long unsigned int WebCore::OriginQuotaManager::diskUsage(WebCore::SecurityOrigin*) const)

I suspect this is because, in DatabaseTracker::removeOpenDatabase, we call originQuotaManager().removeOrigin() without in any way locking out other threads from adding new databases under that origin.  So we're removing the last database, we decide to remove the origin from the origin quota manager, and as we're doing so someone's adding a new one.  Then that new one won't be properly tracked, since we've blown away the record, and we assert when we later try to remove it.

I think this is rare and probably not dangerous [I hit it once in over 3000 test runs while looking for another race condition], but I haven't proven that yet.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.