From 452e4f23d14446a4608255df484971210478fb70 Mon Sep 17 00:00:00 2001
From: "commit-queue@webkit.org"
 <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Thu, 9 Feb 2012 04:49:08 +0000
Subject: [PATCH] [V8][Chromium] Race between worker accessing WebDatabase and
 frame closing down. https://bugs.webkit.org/show_bug.cgi?id=78150 Handle case
 when the frame is shut down under us gracefully.

Patch by Dmitry Lomov <dslomov@chromium.org> on 2012-02-08
Reviewed by David Levin.

* src/DatabaseObserver.cpp:
(WebCore::DatabaseObserver::canEstablishDatabase): Handle WebWorkerBase::view returning 0.
* src/IDBFactoryBackendProxy.cpp:
(WebKit::IDBFactoryBackendProxy::openFromWorker): Handle WebWorkerBase::view returning 0.
* src/WebWorkerClientImpl.cpp:
(WebKit::WebWorkerClientImpl::allowFileSystem):
(WebKit::WebWorkerClientImpl::allowDatabase):
(WebKit::WebWorkerClientImpl::view):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@107174 268f45cc-cd09-0410-ab3c-d52691b4dbfc
---
 Source/WebKit/chromium/ChangeLog                      | 17 +++++++++++++++++
 Source/WebKit/chromium/src/DatabaseObserver.cpp       |  5 ++++-
 Source/WebKit/chromium/src/IDBFactoryBackendProxy.cpp |  7 ++++++-
 Source/WebKit/chromium/src/WebWorkerClientImpl.cpp    | 10 ++++++++--
 4 files changed, 35 insertions(+), 4 deletions(-)

diff --git a/Source/WebKit/chromium/ChangeLog b/Source/WebKit/chromium/ChangeLog
index bf64487..bb46cb3 100644
--- a/Source/WebKit/chromium/ChangeLog
+++ b/Source/WebKit/chromium/ChangeLog
@@ -1,3 +1,20 @@
+2012-02-08  Dmitry Lomov  <dslomov@chromium.org>
+
+        [V8][Chromium] Race between worker accessing WebDatabase and frame closing down.
+        https://bugs.webkit.org/show_bug.cgi?id=78150
+        Handle case when the frame is shut down under us gracefully.
+
+        Reviewed by David Levin.
+
+        * src/DatabaseObserver.cpp:
+        (WebCore::DatabaseObserver::canEstablishDatabase): Handle WebWorkerBase::view returning 0.
+        * src/IDBFactoryBackendProxy.cpp:
+        (WebKit::IDBFactoryBackendProxy::openFromWorker): Handle WebWorkerBase::view returning 0.
+        * src/WebWorkerClientImpl.cpp:
+        (WebKit::WebWorkerClientImpl::allowFileSystem):
+        (WebKit::WebWorkerClientImpl::allowDatabase):
+        (WebKit::WebWorkerClientImpl::view):
+
 2012-02-08  Adam Klein  <adamk@chromium.org>
 
         DOM mutations should not be delivered on worker threads
diff --git a/Source/WebKit/chromium/src/DatabaseObserver.cpp b/Source/WebKit/chromium/src/DatabaseObserver.cpp
index 40b5048..2196c9b 100644
--- a/Source/WebKit/chromium/src/DatabaseObserver.cpp
+++ b/Source/WebKit/chromium/src/DatabaseObserver.cpp
@@ -165,7 +165,10 @@ bool DatabaseObserver::canEstablishDatabase(ScriptExecutionContext* scriptExecut
         WorkerContext* workerContext = static_cast<WorkerContext*>(scriptExecutionContext);
         WorkerLoaderProxy* workerLoaderProxy = &workerContext->thread()->workerLoaderProxy();
         WebWorkerBase* webWorker = static_cast<WebWorkerBase*>(workerLoaderProxy);
-        return allowDatabaseForWorker(webWorker->commonClient(), webWorker->view()->mainFrame(), name, displayName, estimatedSize);
+        WebView* view = webWorker->view();
+        if (!view)
+            return false;
+        return allowDatabaseForWorker(webWorker->commonClient(), view->mainFrame(), name, displayName, estimatedSize);
 #else
         ASSERT_NOT_REACHED();
 #endif
diff --git a/Source/WebKit/chromium/src/IDBFactoryBackendProxy.cpp b/Source/WebKit/chromium/src/IDBFactoryBackendProxy.cpp
index 80b711a..99a0afa 100755
--- a/Source/WebKit/chromium/src/IDBFactoryBackendProxy.cpp
+++ b/Source/WebKit/chromium/src/IDBFactoryBackendProxy.cpp
@@ -183,7 +183,12 @@ void IDBFactoryBackendProxy::openFromWorker(const String& name, IDBCallbacks* ca
     }
     WorkerLoaderProxy* workerLoaderProxy = &context->thread()->workerLoaderProxy();
     WebWorkerBase* webWorker = static_cast<WebWorkerBase*>(workerLoaderProxy);
-    WebFrame* webFrame = webWorker->view()->mainFrame();
+    WebView* webView = webWorker->view();
+    if (!webView) {
+        // Frame is closed, worker is terminaring.
+        return;
+    }
+    WebFrame* webFrame = webView->mainFrame();
     m_webIDBFactory->open(name, new WebIDBCallbacksImpl(callbacks), origin, webFrame, dataDir);
 #endif
 }
diff --git a/Source/WebKit/chromium/src/WebWorkerClientImpl.cpp b/Source/WebKit/chromium/src/WebWorkerClientImpl.cpp
index 799599a..796ab16 100644
--- a/Source/WebKit/chromium/src/WebWorkerClientImpl.cpp
+++ b/Source/WebKit/chromium/src/WebWorkerClientImpl.cpp
@@ -187,8 +187,10 @@ void WebWorkerClientImpl::workerContextDestroyed()
     m_proxy->workerContextDestroyed();
 }
 
-bool WebWorkerClientImpl::allowFileSystem() 
+bool WebWorkerClientImpl::allowFileSystem()
 {
+    if (m_proxy->askedToTerminate())
+        return false;
     WebKit::WebViewImpl* webView = m_webFrame->viewImpl();
     if (!webView)
         return false;
@@ -203,6 +205,8 @@ void WebWorkerClientImpl::openFileSystem(WebFileSystem::Type type, long long siz
 
 bool WebWorkerClientImpl::allowDatabase(WebFrame*, const WebString& name, const WebString& displayName, unsigned long estimatedSize) 
 {
+    if (m_proxy->askedToTerminate())
+        return false;
     WebKit::WebViewImpl* webView = m_webFrame->viewImpl();
     if (!webView)
         return false;
@@ -210,7 +214,9 @@ bool WebWorkerClientImpl::allowDatabase(WebFrame*, const WebString& name, const
 }
  
 WebView* WebWorkerClientImpl::view() const 
-{   
+{
+    if (m_proxy->askedToTerminate())
+        return 0;
     return m_webFrame->view(); 
 }
 
-- 
2.7.4