summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimon Giesecke <sgiesecke@mozilla.com>2020-02-14 14:39:40 +0100
committerwolfbeast <mcwerewolf@wolfbeast.com>2020-02-14 14:39:40 +0100
commit16fce4341d087924e51f465cc772b0899de1089d (patch)
tree573077c3233f451e53c475bc3ec05af2714d55c2
parent3bf1b835915d6f3de07fb24f293268599d424df6 (diff)
downloaduxp-16fce4341d087924e51f465cc772b0899de1089d.tar.gz
[IndexedDB] Ensure that strong references to newly created cursors are
kept until the DOM Binding is created. This fixes random crashes on websites that use IndexedDB cursors. See also BZ bug 1599420
-rw-r--r--dom/indexedDB/ActorsChild.cpp6
1 files changed, 4 insertions, 2 deletions
diff --git a/dom/indexedDB/ActorsChild.cpp b/dom/indexedDB/ActorsChild.cpp
index 30dc9b6dab..85f876cdc1 100644
--- a/dom/indexedDB/ActorsChild.cpp
+++ b/dom/indexedDB/ActorsChild.cpp
@@ -3291,6 +3291,10 @@ BackgroundCursorChild::HandleResponse(
auto& responses =
const_cast<nsTArray<ObjectStoreCursorResponse>&>(aResponses);
+ // If a new cursor is created, we need to keep a reference to it until the
+ // ResultHelper creates a DOM Binding.
+ RefPtr<IDBCursor> newCursor;
+
for (ObjectStoreCursorResponse& response : responses) {
StructuredCloneReadInfo cloneReadInfo(Move(response.cloneInfo()));
cloneReadInfo.mDatabase = mTransaction->Database();
@@ -3300,8 +3304,6 @@ BackgroundCursorChild::HandleResponse(
nullptr,
cloneReadInfo.mFiles);
- RefPtr<IDBCursor> newCursor;
-
if (mCursor) {
mCursor->Reset(Move(response.key()), Move(cloneReadInfo));
} else {