From a377d1ecd42370fbf28395b75535ebfcd9f733f7 Mon Sep 17 00:00:00 2001 From: Simon Giesecke Date: Fri, 14 Feb 2020 14:39:40 +0100 Subject: [IndexedDB] Ensure that strong references to newly created cursors are kept until the DOM Binding is created. This fixes random crashes on websites that use IndexedDB cursors. See also BZ bug 1599420 --- dom/indexedDB/ActorsChild.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'dom/indexedDB') diff --git a/dom/indexedDB/ActorsChild.cpp b/dom/indexedDB/ActorsChild.cpp index 30dc9b6da..85f876cdc 100644 --- a/dom/indexedDB/ActorsChild.cpp +++ b/dom/indexedDB/ActorsChild.cpp @@ -3291,6 +3291,10 @@ BackgroundCursorChild::HandleResponse( auto& responses = const_cast&>(aResponses); + // If a new cursor is created, we need to keep a reference to it until the + // ResultHelper creates a DOM Binding. + RefPtr newCursor; + for (ObjectStoreCursorResponse& response : responses) { StructuredCloneReadInfo cloneReadInfo(Move(response.cloneInfo())); cloneReadInfo.mDatabase = mTransaction->Database(); @@ -3300,8 +3304,6 @@ BackgroundCursorChild::HandleResponse( nullptr, cloneReadInfo.mFiles); - RefPtr newCursor; - if (mCursor) { mCursor->Reset(Move(response.key()), Move(cloneReadInfo)); } else { -- cgit v1.2.3