diff options
| author | jsbell@chromium.org <jsbell@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-11-26 23:24:53 +0000 |
|---|---|---|
| committer | jsbell@chromium.org <jsbell@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-11-26 23:24:53 +0000 |
| commit | dedef4209cdb902a4a91ad53d4d1e68124956123 (patch) | |
| tree | da5dbd420693bd84a9f111a1b6b7710c7a60cd49 | |
| parent | 15cc6bedb9143afb15db0e6d5435a60244467b62 (diff) | |
| download | chromium_src-dedef4209cdb902a4a91ad53d4d1e68124956123.zip chromium_src-dedef4209cdb902a4a91ad53d4d1e68124956123.tar.gz chromium_src-dedef4209cdb902a4a91ad53d4d1e68124956123.tar.bz2 | |
IndexedDB: Don't leak database proxy objects
If a connection is after OnUpgradeNeeded it is removed from a map and
when the OnSuccess comes through a new WebIDBDatabase object is minted
but ignored by the blink side. This leads to a leak, which was turned
up by http://crrev.com/67463006 which starts asserting that a new
object is not in a success following an upgrade.
Push the change from r237142 back into the browser side of things, and
don't even send an ID across.
R=alecflett@chromium.org
TBR=darin@chromium.org
BUG=234277
Review URL: https://codereview.chromium.org/86773002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@237433 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | content/browser/indexed_db/indexed_db_callbacks.cc | 7 | ||||
| -rw-r--r-- | content/child/indexed_db/indexed_db_dispatcher.cc | 10 | ||||
| -rw-r--r-- | content/common/indexed_db/indexed_db_constants.h | 14 | ||||
| -rw-r--r-- | content/content_common.gypi | 1 |
4 files changed, 27 insertions, 5 deletions
diff --git a/content/browser/indexed_db/indexed_db_callbacks.cc b/content/browser/indexed_db/indexed_db_callbacks.cc index 2e4ccee..587b66f 100644 --- a/content/browser/indexed_db/indexed_db_callbacks.cc +++ b/content/browser/indexed_db/indexed_db_callbacks.cc @@ -11,6 +11,7 @@ #include "content/browser/indexed_db/indexed_db_database_callbacks.h" #include "content/browser/indexed_db/indexed_db_database_error.h" #include "content/browser/indexed_db/indexed_db_metadata.h" +#include "content/common/indexed_db/indexed_db_constants.h" #include "content/common/indexed_db/indexed_db_messages.h" #include "webkit/browser/quota/quota_manager.h" @@ -18,7 +19,6 @@ namespace content { namespace { const int32 kNoCursor = -1; -const int32 kNoDatabase = -1; const int32 kNoDatabaseCallbacks = -1; const int64 kNoTransaction = -1; } @@ -143,8 +143,9 @@ void IndexedDBCallbacks::OnSuccess(scoped_ptr<IndexedDBConnection> connection, scoped_refptr<IndexedDBCallbacks> self(this); - int32 ipc_object_id = ipc_database_id_; - if (ipc_object_id == kNoDatabase) { + int32 ipc_object_id = kNoDatabase; + // Only register if the connection was not previously sent in OnUpgradeNeeded. + if (ipc_database_id_ == kNoDatabase) { ipc_object_id = dispatcher_host_->Add( connection.release(), ipc_thread_id_, origin_url_); } diff --git a/content/child/indexed_db/indexed_db_dispatcher.cc b/content/child/indexed_db/indexed_db_dispatcher.cc index 39f1fae..2b97b4a 100644 --- a/content/child/indexed_db/indexed_db_dispatcher.cc +++ b/content/child/indexed_db/indexed_db_dispatcher.cc @@ -12,6 +12,7 @@ #include "content/child/indexed_db/proxy_webidbcursor_impl.h" #include "content/child/indexed_db/proxy_webidbdatabase_impl.h" #include "content/child/thread_safe_sender.h" +#include "content/common/indexed_db/indexed_db_constants.h" #include "content/common/indexed_db/indexed_db_messages.h" #include "ipc/ipc_channel.h" #include "third_party/WebKit/public/platform/WebIDBDatabaseCallbacks.h" @@ -459,10 +460,15 @@ void IndexedDBDispatcher::OnSuccessIDBDatabase( WebIDBMetadata metadata(ConvertMetadata(idb_metadata)); // If an upgrade was performed, count will be non-zero. WebIDBDatabase* database = NULL; - if (!databases_.count(ipc_object_id)) + + // Back-end will send kNoDatabase if it was already sent in OnUpgradeNeeded. + // May already be deleted and removed from the table, but do not recreate.. + if (ipc_object_id != kNoDatabase) { + DCHECK(!databases_.count(ipc_object_id)); database = databases_[ipc_object_id] = new RendererWebIDBDatabaseImpl( ipc_object_id, ipc_database_callbacks_id, thread_safe_sender_.get()); - DCHECK_EQ(databases_.count(ipc_object_id), 1u); + } + callbacks->onSuccess(database, metadata); pending_callbacks_.Remove(ipc_callbacks_id); } diff --git a/content/common/indexed_db/indexed_db_constants.h b/content/common/indexed_db/indexed_db_constants.h new file mode 100644 index 0000000..5c7377b --- /dev/null +++ b/content/common/indexed_db/indexed_db_constants.h @@ -0,0 +1,14 @@ +// Copyright 2013 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_COMMON_INDEXED_DB_INDEXED_DB_CONSTANTS_H_ +#define CONTENT_COMMON_INDEXED_DB_INDEXED_DB_CONSTANTS_H_ + +namespace content { + +const int32 kNoDatabase = -1; + +} // namespace content + +#endif // CONTENT_COMMON_INDEXED_DB_INDEXED_DB_CONSTANTS_H_ diff --git a/content/content_common.gypi b/content/content_common.gypi index 888a1de..34159c0 100644 --- a/content/content_common.gypi +++ b/content/content_common.gypi @@ -249,6 +249,7 @@ 'common/handle_enumerator_win.cc', 'common/handle_enumerator_win.h', 'common/image_messages.h', + 'common/indexed_db/indexed_db_constants.h', 'common/indexed_db/indexed_db_key.cc', 'common/indexed_db/indexed_db_key.h', 'common/indexed_db/indexed_db_key_path.cc', |