-
jsbell@chromium.org authored
https://bugs.webkit.org/show_bug.cgi?id=102283 Reviewed by Tony Chang. Source/WebCore: Processing the final task can cause IDBTransactionBackendImpl references to be released by all holders. Prior to looping over the tasks (or, in an even earlier implementation, swapping queues) control would fall off the end of the function. The loop termination check introduced in http://wkrev.com/134529 requires that |this| be kept alive until the method completes. Test: storage/indexeddb/transaction-crash-in-tasks.html * Modules/indexeddb/IDBTransactionBackendImpl.cpp: (WebCore::IDBTransactionBackendImpl::abort): Rename self => protect. (WebCore::IDBTransactionBackendImpl::commit): Rename self => protect. (WebCore::IDBTransactionBackendImpl::taskTimerFired): New self-ref. LayoutTests: Reduced repro case, although the behavior is still flaky. * storage/indexeddb/transaction-crash-in-tasks-expected.txt: Added. * storage/indexeddb/transaction-crash-in-tasks.html: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@134838 268f45cc-cd09-0410-ab3c-d52691b4dbfc
25b83bdf
