diff options
| author | Daniel Murphy <dmurph@chromium.org> | 2019-11-28 17:47:27 +0100 |
|---|---|---|
| committer | Michael BrĂ¼ning <michael.bruning@qt.io> | 2019-12-05 15:32:32 +0000 |
| commit | 52a5d6b81d190170a2411d931dc30f5162144f71 (patch) | |
| tree | 19a9384cdd039302369e47b99df6303a61f8b207 | |
| parent | a60c92087e1bd3f9864e3243d57d4c3b611ec125 (diff) | |
| download | qtwebengine-chromium-52a5d6b81d190170a2411d931dc30f5162144f71.tar.gz | |
[Backport] Security bug 1018406
Manually adapted backport.
[IndexedDB] Fixed invalid max_object_store_id after database deletion
The connection request system keeps around the LevelDBDatabase object
when a delete happens to allow subsequent open on that same database.
To do this, it resets the IndexedDBMetadata back to a default state.
During a recent refactor, this state reset wasn't done properly, and we
don't have any tests to catch that error. This change fixes that
incorrect state reset.
A test isn't included here because:
1. It passes the third party test provided to us,
2. The current unittesting framework isn't great and needs to be
replaced (don't want to create negative work)
3. It is pretty obvious this fixes the problem, and there are no other
'incorrectly' or 'not' re-initialized state here,
4. Current layout tests should have caught this, and it is unclear why.
Bug to create this test: https://crbug.com/1018444
5. IndexedDB work is currently on the backburner while Storage Service
is pursued, and won't be re-prioritized until next year-ish. I don't
want to spend time on this now when it's needed for Storage Service
work.
If more P0 bugs crop up in IndexedDB over the next week, then we may
have to re-think this policy and divert engineering effort towards
making IndexedDB more stable. This is present in m78, which was just
promoted to stable. If there are any more issues, we expect them to
show up in the next week or so.
TESTED=Manually tested using example test case from field.
R=cmp@chromium.org
Bug: 1018406
Change-Id: Idbde22b6cb13e25c56e2142a9ed2129aefabdb30
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
| -rw-r--r-- | chromium/content/browser/indexed_db/indexed_db_database.cc | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/chromium/content/browser/indexed_db/indexed_db_database.cc b/chromium/content/browser/indexed_db/indexed_db_database.cc index 8418828b211..26e968eadd6 100644 --- a/chromium/content/browser/indexed_db/indexed_db_database.cc +++ b/chromium/content/browser/indexed_db/indexed_db_database.cc @@ -338,7 +338,7 @@ class IndexedDBDatabase::DeleteRequest int64_t old_version = db_->metadata_.version; db_->metadata_.id = kInvalidId; db_->metadata_.version = IndexedDBDatabaseMetadata::NO_VERSION; - db_->metadata_.max_object_store_id = kInvalidId; + db_->metadata_.max_object_store_id = 0; db_->metadata_.object_stores.clear(); callbacks_->OnSuccess(old_version); db_->factory_->DatabaseDeleted(db_->identifier_); @@ -463,8 +463,12 @@ leveldb::Status IndexedDBDatabase::OpenInternal() { return backing_store_->GetObjectStores(metadata_.id, &metadata_.object_stores); - return backing_store_->CreateIDBDatabaseMetaData( + s = backing_store_->CreateIDBDatabaseMetaData( metadata_.name, metadata_.version, &metadata_.id); + if (s.ok()) + metadata_.max_object_store_id = 0; + + return s; } IndexedDBDatabase::~IndexedDBDatabase() { |