[SCM] WebKit Debian packaging branch, webkit-1.3, updated. upstream/1.3.7-4207-g178b198
jberlin at webkit.org
jberlin at webkit.org
Sun Feb 20 23:19:16 UTC 2011
The following commit has been merged in the webkit-1.3 branch:
commit 2a7b7853b9adb5af964f4857e2cf5992dd3e8775
Author: jberlin at webkit.org <jberlin at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed Jan 19 22:26:45 2011 +0000
Crash in WebDatabaseManagerProxy::getDatabaseOrigins when called after the WebProcess has
died at least once
https://bugs.webkit.org/show_bug.cgi?id=52730
Reviewed by Darin Adler.
WebDatabaseManagerProxy::invalidate was setting m_webContext to 0, and invalidate gets
called in WebContext::processDidClose. However, m_webContext is only set in the
constructor, which is only called from the constructor of WebContext, so attempting to send
a message to any new WebProcess after the first one died was causing a null deref.
This patch moves setting m_webcontext into clearContext and clearContext is only called in
the WebContext destructor.
This patch also adds checks for a valid WebProcessProxy before attempting to send messages to
the WebProcessProxy so that if the WebProcess has died and has not been revived, it does not
attempt to dereference a null WebProcessProxy.
* UIProcess/WebContext.cpp:
(WebKit::WebContext::~WebContext):
Call WebDatabaseManagerProxy::clearContext.
* UIProcess/WebContext.h:
(WebKit::WebContext::hasValidProcess):
Make this method public so that it can be called from WebDatabaseManagerProxy.
* UIProcess/WebDatabaseManagerProxy.cpp:
(WebKit::WebDatabaseManagerProxy::getDatabasesByOrigin):
If there isn't a valid process, invalidate the callback and return early.
(WebKit::WebDatabaseManagerProxy::getDatabaseOrigins):
Ditto.
(WebKit::WebDatabaseManagerProxy::deleteDatabaseWithNameForOrigin):
If tehre isn't a valid process return early.
(WebKit::WebDatabaseManagerProxy::deleteDatabasesForOrigin):
Ditto.
(WebKit::WebDatabaseManagerProxy::deleteAllDatabases):
Ditto.
(WebKit::WebDatabaseManagerProxy::setQuotaForOrigin):
Ditto.
(WebKit::WebDatabaseManagerProxy::invalidate):
Move setting m_webContext to 0 from here ...
* UIProcess/WebDatabaseManagerProxy.h:
(WebKit::WebDatabaseManagerProxy::clearContext):
... to here.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@76163 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/WebKit2/ChangeLog b/Source/WebKit2/ChangeLog
index 54c63a3..f267db1 100644
--- a/Source/WebKit2/ChangeLog
+++ b/Source/WebKit2/ChangeLog
@@ -1,3 +1,49 @@
+2011-01-19 Jessie Berlin <jberlin at apple.com>
+
+ Reviewed by Darin Adler.
+
+ Crash in WebDatabaseManagerProxy::getDatabaseOrigins when called after the WebProcess has
+ died at least once
+ https://bugs.webkit.org/show_bug.cgi?id=52730
+
+ WebDatabaseManagerProxy::invalidate was setting m_webContext to 0, and invalidate gets
+ called in WebContext::processDidClose. However, m_webContext is only set in the
+ constructor, which is only called from the constructor of WebContext, so attempting to send
+ a message to any new WebProcess after the first one died was causing a null deref.
+
+ This patch moves setting m_webcontext into clearContext and clearContext is only called in
+ the WebContext destructor.
+
+ This patch also adds checks for a valid WebProcessProxy before attempting to send messages to
+ the WebProcessProxy so that if the WebProcess has died and has not been revived, it does not
+ attempt to dereference a null WebProcessProxy.
+
+ * UIProcess/WebContext.cpp:
+ (WebKit::WebContext::~WebContext):
+ Call WebDatabaseManagerProxy::clearContext.
+ * UIProcess/WebContext.h:
+ (WebKit::WebContext::hasValidProcess):
+ Make this method public so that it can be called from WebDatabaseManagerProxy.
+
+ * UIProcess/WebDatabaseManagerProxy.cpp:
+ (WebKit::WebDatabaseManagerProxy::getDatabasesByOrigin):
+ If there isn't a valid process, invalidate the callback and return early.
+ (WebKit::WebDatabaseManagerProxy::getDatabaseOrigins):
+ Ditto.
+ (WebKit::WebDatabaseManagerProxy::deleteDatabaseWithNameForOrigin):
+ If tehre isn't a valid process return early.
+ (WebKit::WebDatabaseManagerProxy::deleteDatabasesForOrigin):
+ Ditto.
+ (WebKit::WebDatabaseManagerProxy::deleteAllDatabases):
+ Ditto.
+ (WebKit::WebDatabaseManagerProxy::setQuotaForOrigin):
+ Ditto.
+ (WebKit::WebDatabaseManagerProxy::invalidate):
+ Move setting m_webContext to 0 from here ...
+ * UIProcess/WebDatabaseManagerProxy.h:
+ (WebKit::WebDatabaseManagerProxy::clearContext):
+ ... to here.
+
2011-01-19 Anders Carlsson <andersca at apple.com>
Reviewed by Sam Weinig.
diff --git a/Source/WebKit2/UIProcess/WebContext.cpp b/Source/WebKit2/UIProcess/WebContext.cpp
index 2c75cf2..1bb6bc4 100644
--- a/Source/WebKit2/UIProcess/WebContext.cpp
+++ b/Source/WebKit2/UIProcess/WebContext.cpp
@@ -114,6 +114,9 @@ WebContext::~WebContext()
m_geolocationManagerProxy->invalidate();
m_geolocationManagerProxy->clearContext();
+ m_databaseManagerProxy->invalidate();
+ m_databaseManagerProxy->clearContext();
+
#ifndef NDEBUG
webContextCounter.decrement();
#endif
diff --git a/Source/WebKit2/UIProcess/WebContext.h b/Source/WebKit2/UIProcess/WebContext.h
index 9996198..e973160 100644
--- a/Source/WebKit2/UIProcess/WebContext.h
+++ b/Source/WebKit2/UIProcess/WebContext.h
@@ -67,6 +67,7 @@ public:
ProcessModel processModel() const { return m_processModel; }
WebProcessProxy* process() const { return m_process.get(); }
+ bool hasValidProcess() const { return m_process && m_process->isValid(); }
void processDidFinishLaunching(WebProcessProxy*);
void processDidClose(WebProcessProxy*);
@@ -142,7 +143,6 @@ private:
virtual Type type() const { return APIType; }
void ensureWebProcess();
- bool hasValidProcess() const { return m_process && m_process->isValid(); }
void platformInitializeWebProcess(WebProcessCreationParameters&);
// History client
diff --git a/Source/WebKit2/UIProcess/WebDatabaseManagerProxy.cpp b/Source/WebKit2/UIProcess/WebDatabaseManagerProxy.cpp
index 6f382b7..1bc0303 100644
--- a/Source/WebKit2/UIProcess/WebDatabaseManagerProxy.cpp
+++ b/Source/WebKit2/UIProcess/WebDatabaseManagerProxy.cpp
@@ -100,8 +100,6 @@ WebDatabaseManagerProxy::~WebDatabaseManagerProxy()
void WebDatabaseManagerProxy::invalidate()
{
invalidateCallbackMap(m_arrayCallbacks);
-
- m_webContext = 0;
}
void WebDatabaseManagerProxy::initializeClient(const WKDatabaseManagerClient* client)
@@ -112,6 +110,10 @@ void WebDatabaseManagerProxy::initializeClient(const WKDatabaseManagerClient* cl
void WebDatabaseManagerProxy::getDatabasesByOrigin(PassRefPtr<ArrayCallback> prpCallback)
{
RefPtr<ArrayCallback> callback = prpCallback;
+ if (!m_webContext->hasValidProcess()) {
+ callback->invalidate();
+ return;
+ }
uint64_t callbackID = callback->callbackID();
m_arrayCallbacks.set(callbackID, callback.release());
m_webContext->process()->send(Messages::WebDatabaseManager::GetDatabasesByOrigin(callbackID), 0);
@@ -164,6 +166,10 @@ void WebDatabaseManagerProxy::didGetDatabasesByOrigin(const Vector<OriginAndData
void WebDatabaseManagerProxy::getDatabaseOrigins(PassRefPtr<ArrayCallback> prpCallback)
{
RefPtr<ArrayCallback> callback = prpCallback;
+ if (!m_webContext->hasValidProcess()) {
+ callback->invalidate();
+ return;
+ }
uint64_t callbackID = callback->callbackID();
m_arrayCallbacks.set(callbackID, callback.release());
m_webContext->process()->send(Messages::WebDatabaseManager::GetDatabaseOrigins(callbackID), 0);
@@ -188,21 +194,29 @@ void WebDatabaseManagerProxy::didGetDatabaseOrigins(const Vector<String>& origin
void WebDatabaseManagerProxy::deleteDatabaseWithNameForOrigin(const String& databaseIdentifier, WebSecurityOrigin* origin)
{
+ if (!m_webContext->hasValidProcess())
+ return;
m_webContext->process()->send(Messages::WebDatabaseManager::DeleteDatabaseWithNameForOrigin(databaseIdentifier, origin->databaseIdentifier()), 0);
}
void WebDatabaseManagerProxy::deleteDatabasesForOrigin(WebSecurityOrigin* origin)
{
+ if (!m_webContext->hasValidProcess())
+ return;
m_webContext->process()->send(Messages::WebDatabaseManager::DeleteDatabasesForOrigin(origin->databaseIdentifier()), 0);
}
void WebDatabaseManagerProxy::deleteAllDatabases()
{
+ if (!m_webContext->hasValidProcess())
+ return;
m_webContext->process()->send(Messages::WebDatabaseManager::DeleteAllDatabases(), 0);
}
void WebDatabaseManagerProxy::setQuotaForOrigin(WebSecurityOrigin* origin, uint64_t quota)
{
+ if (!m_webContext->hasValidProcess())
+ return;
m_webContext->process()->send(Messages::WebDatabaseManager::SetQuotaForOrigin(origin->databaseIdentifier(), quota), 0);
}
diff --git a/Source/WebKit2/UIProcess/WebDatabaseManagerProxy.h b/Source/WebKit2/UIProcess/WebDatabaseManagerProxy.h
index 9878232..3658845 100644
--- a/Source/WebKit2/UIProcess/WebDatabaseManagerProxy.h
+++ b/Source/WebKit2/UIProcess/WebDatabaseManagerProxy.h
@@ -55,6 +55,7 @@ public:
virtual ~WebDatabaseManagerProxy();
void invalidate();
+ void clearContext() { m_webContext = 0; }
void initializeClient(const WKDatabaseManagerClient*);
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list