[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373

jorlow at chromium.org jorlow at chromium.org
Wed Apr 7 23:23:40 UTC 2010 

The following commit has been merged in the webkit-1.2 branch:
commit 4d20fd204f1d5a84a1b69e8f0ea8b61ead6aba71
Author: jorlow at chromium.org <jorlow at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Thu Nov 5 08:58:36 2009 +0000

    2009-11-04  Jeremy Orlow  <jorlow at chromium.org>
    
            Reviewed by Darin Fisher.
    
            Calling databaseIdentifier on LocalStorage's background thread is not safe.
            https://bugs.webkit.org/show_bug.cgi?id=31149
    
            Calling SecurityOrigin::databaseIdentifier on LocalStorage's background thread
            is not safe.  databaseIdentifier does a bunch of string concatenation which
            ref-counts StringImpls in some cases.  This was caught by valgrind thread
            sanitizer: http://code.google.com/p/chromium/issues/detail?id=25645
    
            There's no way to test for such racyness, unfortunately.
    
            * storage/StorageAreaSync.cpp:
            (WebCore::StorageAreaSync::StorageAreaSync):
            (WebCore::StorageAreaSync::performImport):
            * storage/StorageAreaSync.h:
            * storage/StorageSyncManager.cpp:
            (WebCore::StorageSyncManager::fullDatabaseFilename):
            * storage/StorageSyncManager.h:
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@50557 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 26b3e19..4a2b989 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,25 @@
+2009-11-04  Jeremy Orlow  <jorlow at chromium.org>
+
+        Reviewed by Darin Fisher.
+
+        Calling databaseIdentifier on LocalStorage's background thread is not safe.
+        https://bugs.webkit.org/show_bug.cgi?id=31149
+
+        Calling SecurityOrigin::databaseIdentifier on LocalStorage's background thread
+        is not safe.  databaseIdentifier does a bunch of string concatenation which
+        ref-counts StringImpls in some cases.  This was caught by valgrind thread
+        sanitizer: http://code.google.com/p/chromium/issues/detail?id=25645
+
+        There's no way to test for such racyness, unfortunately.
+
+        * storage/StorageAreaSync.cpp:
+        (WebCore::StorageAreaSync::StorageAreaSync):
+        (WebCore::StorageAreaSync::performImport):
+        * storage/StorageAreaSync.h:
+        * storage/StorageSyncManager.cpp:
+        (WebCore::StorageSyncManager::fullDatabaseFilename):
+        * storage/StorageSyncManager.h:
+
 2009-11-03  Jeremy Orlow  <jorlow at chromium.org>
 
         Reviewed by Darin Fisher.
diff --git a/WebCore/storage/StorageAreaSync.cpp b/WebCore/storage/StorageAreaSync.cpp
index 89226e7..33cf484 100644
--- a/WebCore/storage/StorageAreaSync.cpp
+++ b/WebCore/storage/StorageAreaSync.cpp
@@ -31,6 +31,7 @@
 #include "CString.h"
 #include "EventNames.h"
 #include "HTMLElement.h"
+#include "SecurityOrigin.h"
 #include "SQLiteStatement.h"
 #include "StorageAreaImpl.h"
 #include "StorageSyncManager.h"
@@ -53,6 +54,7 @@ StorageAreaSync::StorageAreaSync(PassRefPtr<StorageSyncManager> storageSyncManag
     , m_finalSyncScheduled(false)
     , m_storageArea(storageArea)
     , m_syncManager(storageSyncManager)
+    , m_databaseIdentifier(storageArea->securityOrigin()->databaseIdentifier().crossThreadString())
     , m_clearItemsWhileSyncing(false)
     , m_syncScheduled(false)
     , m_importComplete(false)
@@ -167,7 +169,7 @@ void StorageAreaSync::performImport()
     ASSERT(!isMainThread());
     ASSERT(!m_database.isOpen());
 
-    String databaseFilename = m_syncManager->fullDatabaseFilename(m_storageArea->securityOrigin());
+    String databaseFilename = m_syncManager->fullDatabaseFilename(m_databaseIdentifier);
 
     if (databaseFilename.isEmpty()) {
         LOG_ERROR("Filename for local storage database is empty - cannot open for persistent storage");
diff --git a/WebCore/storage/StorageAreaSync.h b/WebCore/storage/StorageAreaSync.h
index 3f54a2b..62ee871 100644
--- a/WebCore/storage/StorageAreaSync.h
+++ b/WebCore/storage/StorageAreaSync.h
@@ -78,6 +78,8 @@ namespace WebCore {
         void syncTimerFired(Timer<StorageAreaSync>*);
         void sync(bool clearItems, const HashMap<String, String>& items);
 
+        const String m_databaseIdentifier;
+
         Mutex m_syncLock;
         HashMap<String, String> m_itemsPendingSync;
         bool m_clearItemsWhileSyncing;
diff --git a/WebCore/storage/StorageSyncManager.cpp b/WebCore/storage/StorageSyncManager.cpp
index f9276dd..b17f4ff 100644
--- a/WebCore/storage/StorageSyncManager.cpp
+++ b/WebCore/storage/StorageSyncManager.cpp
@@ -61,15 +61,14 @@ StorageSyncManager::~StorageSyncManager()
     ASSERT(isMainThread());
 }
 
-String StorageSyncManager::fullDatabaseFilename(SecurityOrigin* origin)
+String StorageSyncManager::fullDatabaseFilename(const String& databaseIdentifier)
 {
-    ASSERT(origin);
     if (!makeAllDirectories(m_path)) {
         LOG_ERROR("Unabled to create LocalStorage database path %s", m_path.utf8().data());
         return String();
     }
 
-    return pathByAppendingComponent(m_path, origin->databaseIdentifier() + ".localstorage");
+    return pathByAppendingComponent(m_path, databaseIdentifier + ".localstorage");
 }
 
 void StorageSyncManager::close()
diff --git a/WebCore/storage/StorageSyncManager.h b/WebCore/storage/StorageSyncManager.h
index fe35e3d..2ee7d0e 100644
--- a/WebCore/storage/StorageSyncManager.h
+++ b/WebCore/storage/StorageSyncManager.h
@@ -58,7 +58,7 @@ namespace WebCore {
     // The following members are subject to thread synchronization issues
     public:
         // To be called from the background thread:
-        String fullDatabaseFilename(SecurityOrigin*);
+        String fullDatabaseFilename(const String& databaseIdentifier);
 
     private:
         String m_path;

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list