[SCM] WebKit Debian packaging branch, webkit-1.3, updated. upstream/1.3.7-4207-g178b198

jberlin at webkit.org jberlin at webkit.org
Sun Feb 20 23:19:16 UTC 2011 

The following commit has been merged in the webkit-1.3 branch:
commit 2a7b7853b9adb5af964f4857e2cf5992dd3e8775
Author: jberlin at webkit.org <jberlin at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Wed Jan 19 22:26:45 2011 +0000

    Crash in WebDatabaseManagerProxy::getDatabaseOrigins when called after the WebProcess has
    died at least once
    https://bugs.webkit.org/show_bug.cgi?id=52730
    
    Reviewed by Darin Adler.
    
    WebDatabaseManagerProxy::invalidate was setting m_webContext to 0, and invalidate gets
    called in WebContext::processDidClose. However, m_webContext is only set in the
    constructor, which is only called from the constructor of WebContext, so attempting to send
    a message to any new WebProcess after the first one died was causing a null deref.
    
    This patch moves setting m_webcontext into clearContext and clearContext is only called in
    the WebContext destructor.
    
    This patch also adds checks for a valid WebProcessProxy before attempting to send messages to
    the WebProcessProxy so that if the WebProcess has died and has not been revived, it does not
    attempt to dereference a null WebProcessProxy.
    
    * UIProcess/WebContext.cpp:
    (WebKit::WebContext::~WebContext):
    Call WebDatabaseManagerProxy::clearContext.
    * UIProcess/WebContext.h:
    (WebKit::WebContext::hasValidProcess):
    Make this method public so that it can be called from WebDatabaseManagerProxy.
    
    * UIProcess/WebDatabaseManagerProxy.cpp:
    (WebKit::WebDatabaseManagerProxy::getDatabasesByOrigin):
    If there isn't a valid process, invalidate the callback and return early.
    (WebKit::WebDatabaseManagerProxy::getDatabaseOrigins):
    Ditto.
    (WebKit::WebDatabaseManagerProxy::deleteDatabaseWithNameForOrigin):
    If tehre isn't a valid process return early.
    (WebKit::WebDatabaseManagerProxy::deleteDatabasesForOrigin):
    Ditto.
    (WebKit::WebDatabaseManagerProxy::deleteAllDatabases):
    Ditto.
    (WebKit::WebDatabaseManagerProxy::setQuotaForOrigin):
    Ditto.
    (WebKit::WebDatabaseManagerProxy::invalidate):
    Move setting m_webContext to 0 from here ...
    * UIProcess/WebDatabaseManagerProxy.h:
    (WebKit::WebDatabaseManagerProxy::clearContext):
    ... to here.
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@76163 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/Source/WebKit2/ChangeLog b/Source/WebKit2/ChangeLog
index 54c63a3..f267db1 100644
--- a/Source/WebKit2/ChangeLog
+++ b/Source/WebKit2/ChangeLog
@@ -1,3 +1,49 @@
+2011-01-19  Jessie Berlin  <jberlin at apple.com>
+
+        Reviewed by Darin Adler.
+
+        Crash in WebDatabaseManagerProxy::getDatabaseOrigins when called after the WebProcess has
+        died at least once
+        https://bugs.webkit.org/show_bug.cgi?id=52730
+
+        WebDatabaseManagerProxy::invalidate was setting m_webContext to 0, and invalidate gets
+        called in WebContext::processDidClose. However, m_webContext is only set in the
+        constructor, which is only called from the constructor of WebContext, so attempting to send
+        a message to any new WebProcess after the first one died was causing a null deref.
+
+        This patch moves setting m_webcontext into clearContext and clearContext is only called in
+        the WebContext destructor.
+
+        This patch also adds checks for a valid WebProcessProxy before attempting to send messages to
+        the WebProcessProxy so that if the WebProcess has died and has not been revived, it does not
+        attempt to dereference a null WebProcessProxy.
+
+        * UIProcess/WebContext.cpp:
+        (WebKit::WebContext::~WebContext):
+        Call WebDatabaseManagerProxy::clearContext.
+        * UIProcess/WebContext.h:
+        (WebKit::WebContext::hasValidProcess):
+        Make this method public so that it can be called from WebDatabaseManagerProxy.
+
+        * UIProcess/WebDatabaseManagerProxy.cpp:
+        (WebKit::WebDatabaseManagerProxy::getDatabasesByOrigin):
+        If there isn't a valid process, invalidate the callback and return early.
+        (WebKit::WebDatabaseManagerProxy::getDatabaseOrigins):
+        Ditto.
+        (WebKit::WebDatabaseManagerProxy::deleteDatabaseWithNameForOrigin):
+        If tehre isn't a valid process return early.
+        (WebKit::WebDatabaseManagerProxy::deleteDatabasesForOrigin):
+        Ditto.
+        (WebKit::WebDatabaseManagerProxy::deleteAllDatabases):
+        Ditto.
+        (WebKit::WebDatabaseManagerProxy::setQuotaForOrigin):
+        Ditto.
+        (WebKit::WebDatabaseManagerProxy::invalidate):
+        Move setting m_webContext to 0 from here ...
+        * UIProcess/WebDatabaseManagerProxy.h:
+        (WebKit::WebDatabaseManagerProxy::clearContext):
+        ... to here.
+
 2011-01-19  Anders Carlsson  <andersca at apple.com>
 
         Reviewed by Sam Weinig.
diff --git a/Source/WebKit2/UIProcess/WebContext.cpp b/Source/WebKit2/UIProcess/WebContext.cpp
index 2c75cf2..1bb6bc4 100644
--- a/Source/WebKit2/UIProcess/WebContext.cpp
+++ b/Source/WebKit2/UIProcess/WebContext.cpp
@@ -114,6 +114,9 @@ WebContext::~WebContext()
     m_geolocationManagerProxy->invalidate();
     m_geolocationManagerProxy->clearContext();
 
+    m_databaseManagerProxy->invalidate();
+    m_databaseManagerProxy->clearContext();
+
 #ifndef NDEBUG
     webContextCounter.decrement();
 #endif
diff --git a/Source/WebKit2/UIProcess/WebContext.h b/Source/WebKit2/UIProcess/WebContext.h
index 9996198..e973160 100644
--- a/Source/WebKit2/UIProcess/WebContext.h
+++ b/Source/WebKit2/UIProcess/WebContext.h
@@ -67,6 +67,7 @@ public:
 
     ProcessModel processModel() const { return m_processModel; }
     WebProcessProxy* process() const { return m_process.get(); }
+    bool hasValidProcess() const { return m_process && m_process->isValid(); }
 
     void processDidFinishLaunching(WebProcessProxy*);
     void processDidClose(WebProcessProxy*);
@@ -142,7 +143,6 @@ private:
     virtual Type type() const { return APIType; }
 
     void ensureWebProcess();
-    bool hasValidProcess() const { return m_process && m_process->isValid(); }
     void platformInitializeWebProcess(WebProcessCreationParameters&);
 
     // History client
diff --git a/Source/WebKit2/UIProcess/WebDatabaseManagerProxy.cpp b/Source/WebKit2/UIProcess/WebDatabaseManagerProxy.cpp
index 6f382b7..1bc0303 100644
--- a/Source/WebKit2/UIProcess/WebDatabaseManagerProxy.cpp
+++ b/Source/WebKit2/UIProcess/WebDatabaseManagerProxy.cpp
@@ -100,8 +100,6 @@ WebDatabaseManagerProxy::~WebDatabaseManagerProxy()
 void WebDatabaseManagerProxy::invalidate()
 {
     invalidateCallbackMap(m_arrayCallbacks);
-
-    m_webContext = 0;
 }
 
 void WebDatabaseManagerProxy::initializeClient(const WKDatabaseManagerClient* client)
@@ -112,6 +110,10 @@ void WebDatabaseManagerProxy::initializeClient(const WKDatabaseManagerClient* cl
 void WebDatabaseManagerProxy::getDatabasesByOrigin(PassRefPtr<ArrayCallback> prpCallback)
 {
     RefPtr<ArrayCallback> callback = prpCallback;
+    if (!m_webContext->hasValidProcess()) {
+        callback->invalidate();
+        return;
+    }
     uint64_t callbackID = callback->callbackID();
     m_arrayCallbacks.set(callbackID, callback.release());
     m_webContext->process()->send(Messages::WebDatabaseManager::GetDatabasesByOrigin(callbackID), 0);
@@ -164,6 +166,10 @@ void WebDatabaseManagerProxy::didGetDatabasesByOrigin(const Vector<OriginAndData
 void WebDatabaseManagerProxy::getDatabaseOrigins(PassRefPtr<ArrayCallback> prpCallback)
 {
     RefPtr<ArrayCallback> callback = prpCallback;
+    if (!m_webContext->hasValidProcess()) {
+        callback->invalidate();
+        return;
+    }
     uint64_t callbackID = callback->callbackID();
     m_arrayCallbacks.set(callbackID, callback.release());
     m_webContext->process()->send(Messages::WebDatabaseManager::GetDatabaseOrigins(callbackID), 0);
@@ -188,21 +194,29 @@ void WebDatabaseManagerProxy::didGetDatabaseOrigins(const Vector<String>& origin
 
 void WebDatabaseManagerProxy::deleteDatabaseWithNameForOrigin(const String& databaseIdentifier, WebSecurityOrigin* origin)
 {
+    if (!m_webContext->hasValidProcess())
+        return;
     m_webContext->process()->send(Messages::WebDatabaseManager::DeleteDatabaseWithNameForOrigin(databaseIdentifier, origin->databaseIdentifier()), 0);
 }
 
 void WebDatabaseManagerProxy::deleteDatabasesForOrigin(WebSecurityOrigin* origin)
 {
+    if (!m_webContext->hasValidProcess())
+        return;
     m_webContext->process()->send(Messages::WebDatabaseManager::DeleteDatabasesForOrigin(origin->databaseIdentifier()), 0);
 }
 
 void WebDatabaseManagerProxy::deleteAllDatabases()
 {
+    if (!m_webContext->hasValidProcess())
+        return;
     m_webContext->process()->send(Messages::WebDatabaseManager::DeleteAllDatabases(), 0);
 }
 
 void WebDatabaseManagerProxy::setQuotaForOrigin(WebSecurityOrigin* origin, uint64_t quota)
 {
+    if (!m_webContext->hasValidProcess())
+        return;
     m_webContext->process()->send(Messages::WebDatabaseManager::SetQuotaForOrigin(origin->databaseIdentifier(), quota), 0);
 }
 
diff --git a/Source/WebKit2/UIProcess/WebDatabaseManagerProxy.h b/Source/WebKit2/UIProcess/WebDatabaseManagerProxy.h
index 9878232..3658845 100644
--- a/Source/WebKit2/UIProcess/WebDatabaseManagerProxy.h
+++ b/Source/WebKit2/UIProcess/WebDatabaseManagerProxy.h
@@ -55,6 +55,7 @@ public:
     virtual ~WebDatabaseManagerProxy();
 
     void invalidate();
+    void clearContext() { m_webContext = 0; }
 
     void initializeClient(const WKDatabaseManagerClient*);
 

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list