[Webkit-unassigned] [Bug 209699] New: Regression(r259034): UniqueIDBDatabas object is destroyed while it's still in use

Sat Mar 28 00:07:58 PDT 2020

https://bugs.webkit.org/show_bug.cgi?id=209699

            Bug ID: 209699
           Summary: Regression(r259034): UniqueIDBDatabas object is
                    destroyed while it's still in use
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: New Bugs
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: sihui_liu at apple.com

In r259034, we try deleting the UniqueIDBDatabase in UniqueIDBDatabase::connectionClosedFromClient, when UniqueIDBDatabase finds itself has no connections. The problem is in UniqueIDBDatabase::openDBRequestCancelled, m_pendingOpenDBRequests will be accessed after connectionClosedFromClient. To fix this issues, we can protect this pointer in UniqueIDBDatabase::openDBRequestCancelled, but this bug and 209618 have proved r259034 to be error-prone. In this case, we probably need to find a better way to delete UniqueIDBDatabase at proper timing.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200328/f763b819/attachment.htm>