diff options
| author | dcheng@chromium.org <dcheng@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-02-14 22:07:00 +0000 |
|---|---|---|
| committer | dcheng@chromium.org <dcheng@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-02-14 22:07:00 +0000 |
| commit | 56f6fc5dfa538829584efb0a2d3dcebd958f7947 (patch) | |
| tree | f9a18337d73ca457d245196162c1f30bbd16247c /content | |
| parent | 7d51fbab031d3b75809c72af44f5c89aad3035b6 (diff) | |
| download | chromium_src-56f6fc5dfa538829584efb0a2d3dcebd958f7947.zip chromium_src-56f6fc5dfa538829584efb0a2d3dcebd958f7947.tar.gz chromium_src-56f6fc5dfa538829584efb0a2d3dcebd958f7947.tar.bz2 | |
Fix dependency on scoped_ptr::reset sequencing in IndexedDB code.
scoped_ptr<T>::reset() currently guarantees that it deletes the old
stored pointer before assigning its argument to the stored pointer.
This is unsafe, because getting the deleter may result in the
destruction of the scoped_ptr<T> itself. unique_ptr<T> addresses this by
assigning its argument to the stored pointer before deleting the old
value of the stored pointer.
Unfortunately, this breaks code that assumes that the value of the
scoped_ptr will not change during scoped_ptr::reset() before destruction
of the old value is complete.
BUG=176091
Review URL: https://codereview.chromium.org/12253015
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@182554 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content')
| -rw-r--r-- | content/browser/in_process_webkit/indexed_db_dispatcher_host.cc | 9 | ||||
| -rw-r--r-- | content/browser/in_process_webkit/indexed_db_dispatcher_host.h | 1 |
2 files changed, 10 insertions, 0 deletions
diff --git a/content/browser/in_process_webkit/indexed_db_dispatcher_host.cc b/content/browser/in_process_webkit/indexed_db_dispatcher_host.cc index 4933986..02e8437 100644 --- a/content/browser/in_process_webkit/indexed_db_dispatcher_host.cc +++ b/content/browser/in_process_webkit/indexed_db_dispatcher_host.cc @@ -95,6 +95,10 @@ void IndexedDBDispatcherHost::ResetDispatcherHosts() { DCHECK(BrowserThread::CurrentlyOn(BrowserThread::WEBKIT_DEPRECATED) || CommandLine::ForCurrentProcess()->HasSwitch(switches::kSingleProcess)); + // Note that we explicitly separate CloseAll() from destruction of the + // DatabaseDispatcherHost, since CloseAll() can invoke callbacks which need to + // be dispatched through database_dispatcher_host_. + database_dispatcher_host_->CloseAll(); database_dispatcher_host_.reset(); cursor_dispatcher_host_.reset(); } @@ -324,6 +328,11 @@ IndexedDBDispatcherHost::DatabaseDispatcherHost::DatabaseDispatcherHost( } IndexedDBDispatcherHost::DatabaseDispatcherHost::~DatabaseDispatcherHost() { + DCHECK(transaction_size_map_.empty()); + DCHECK(transaction_url_map_.empty()); +} + +void IndexedDBDispatcherHost::DatabaseDispatcherHost::CloseAll() { for (WebIDBObjectIDToURLMap::iterator iter = database_url_map_.begin(); iter != database_url_map_.end(); iter++) { WebIDBDatabase* database = map_.Lookup(iter->first); diff --git a/content/browser/in_process_webkit/indexed_db_dispatcher_host.h b/content/browser/in_process_webkit/indexed_db_dispatcher_host.h index ef6c478..1ed4311 100644 --- a/content/browser/in_process_webkit/indexed_db_dispatcher_host.h +++ b/content/browser/in_process_webkit/indexed_db_dispatcher_host.h @@ -115,6 +115,7 @@ class IndexedDBDispatcherHost : public BrowserMessageFilter { explicit DatabaseDispatcherHost(IndexedDBDispatcherHost* parent); ~DatabaseDispatcherHost(); + void CloseAll(); bool OnMessageReceived(const IPC::Message& message, bool *msg_is_ok); void Send(IPC::Message* message); |