[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373
jorlow at chromium.org
jorlow at chromium.org
Wed Apr 7 23:23:40 UTC 2010
The following commit has been merged in the webkit-1.2 branch:
commit 4d20fd204f1d5a84a1b69e8f0ea8b61ead6aba71
Author: jorlow at chromium.org <jorlow at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Thu Nov 5 08:58:36 2009 +0000
2009-11-04 Jeremy Orlow <jorlow at chromium.org>
Reviewed by Darin Fisher.
Calling databaseIdentifier on LocalStorage's background thread is not safe.
https://bugs.webkit.org/show_bug.cgi?id=31149
Calling SecurityOrigin::databaseIdentifier on LocalStorage's background thread
is not safe. databaseIdentifier does a bunch of string concatenation which
ref-counts StringImpls in some cases. This was caught by valgrind thread
sanitizer: http://code.google.com/p/chromium/issues/detail?id=25645
There's no way to test for such racyness, unfortunately.
* storage/StorageAreaSync.cpp:
(WebCore::StorageAreaSync::StorageAreaSync):
(WebCore::StorageAreaSync::performImport):
* storage/StorageAreaSync.h:
* storage/StorageSyncManager.cpp:
(WebCore::StorageSyncManager::fullDatabaseFilename):
* storage/StorageSyncManager.h:
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@50557 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 26b3e19..4a2b989 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,25 @@
+2009-11-04 Jeremy Orlow <jorlow at chromium.org>
+
+ Reviewed by Darin Fisher.
+
+ Calling databaseIdentifier on LocalStorage's background thread is not safe.
+ https://bugs.webkit.org/show_bug.cgi?id=31149
+
+ Calling SecurityOrigin::databaseIdentifier on LocalStorage's background thread
+ is not safe. databaseIdentifier does a bunch of string concatenation which
+ ref-counts StringImpls in some cases. This was caught by valgrind thread
+ sanitizer: http://code.google.com/p/chromium/issues/detail?id=25645
+
+ There's no way to test for such racyness, unfortunately.
+
+ * storage/StorageAreaSync.cpp:
+ (WebCore::StorageAreaSync::StorageAreaSync):
+ (WebCore::StorageAreaSync::performImport):
+ * storage/StorageAreaSync.h:
+ * storage/StorageSyncManager.cpp:
+ (WebCore::StorageSyncManager::fullDatabaseFilename):
+ * storage/StorageSyncManager.h:
+
2009-11-03 Jeremy Orlow <jorlow at chromium.org>
Reviewed by Darin Fisher.
diff --git a/WebCore/storage/StorageAreaSync.cpp b/WebCore/storage/StorageAreaSync.cpp
index 89226e7..33cf484 100644
--- a/WebCore/storage/StorageAreaSync.cpp
+++ b/WebCore/storage/StorageAreaSync.cpp
@@ -31,6 +31,7 @@
#include "CString.h"
#include "EventNames.h"
#include "HTMLElement.h"
+#include "SecurityOrigin.h"
#include "SQLiteStatement.h"
#include "StorageAreaImpl.h"
#include "StorageSyncManager.h"
@@ -53,6 +54,7 @@ StorageAreaSync::StorageAreaSync(PassRefPtr<StorageSyncManager> storageSyncManag
, m_finalSyncScheduled(false)
, m_storageArea(storageArea)
, m_syncManager(storageSyncManager)
+ , m_databaseIdentifier(storageArea->securityOrigin()->databaseIdentifier().crossThreadString())
, m_clearItemsWhileSyncing(false)
, m_syncScheduled(false)
, m_importComplete(false)
@@ -167,7 +169,7 @@ void StorageAreaSync::performImport()
ASSERT(!isMainThread());
ASSERT(!m_database.isOpen());
- String databaseFilename = m_syncManager->fullDatabaseFilename(m_storageArea->securityOrigin());
+ String databaseFilename = m_syncManager->fullDatabaseFilename(m_databaseIdentifier);
if (databaseFilename.isEmpty()) {
LOG_ERROR("Filename for local storage database is empty - cannot open for persistent storage");
diff --git a/WebCore/storage/StorageAreaSync.h b/WebCore/storage/StorageAreaSync.h
index 3f54a2b..62ee871 100644
--- a/WebCore/storage/StorageAreaSync.h
+++ b/WebCore/storage/StorageAreaSync.h
@@ -78,6 +78,8 @@ namespace WebCore {
void syncTimerFired(Timer<StorageAreaSync>*);
void sync(bool clearItems, const HashMap<String, String>& items);
+ const String m_databaseIdentifier;
+
Mutex m_syncLock;
HashMap<String, String> m_itemsPendingSync;
bool m_clearItemsWhileSyncing;
diff --git a/WebCore/storage/StorageSyncManager.cpp b/WebCore/storage/StorageSyncManager.cpp
index f9276dd..b17f4ff 100644
--- a/WebCore/storage/StorageSyncManager.cpp
+++ b/WebCore/storage/StorageSyncManager.cpp
@@ -61,15 +61,14 @@ StorageSyncManager::~StorageSyncManager()
ASSERT(isMainThread());
}
-String StorageSyncManager::fullDatabaseFilename(SecurityOrigin* origin)
+String StorageSyncManager::fullDatabaseFilename(const String& databaseIdentifier)
{
- ASSERT(origin);
if (!makeAllDirectories(m_path)) {
LOG_ERROR("Unabled to create LocalStorage database path %s", m_path.utf8().data());
return String();
}
- return pathByAppendingComponent(m_path, origin->databaseIdentifier() + ".localstorage");
+ return pathByAppendingComponent(m_path, databaseIdentifier + ".localstorage");
}
void StorageSyncManager::close()
diff --git a/WebCore/storage/StorageSyncManager.h b/WebCore/storage/StorageSyncManager.h
index fe35e3d..2ee7d0e 100644
--- a/WebCore/storage/StorageSyncManager.h
+++ b/WebCore/storage/StorageSyncManager.h
@@ -58,7 +58,7 @@ namespace WebCore {
// The following members are subject to thread synchronization issues
public:
// To be called from the background thread:
- String fullDatabaseFilename(SecurityOrigin*);
+ String fullDatabaseFilename(const String& databaseIdentifier);
private:
String m_path;
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list