[IndexedDB] Ensure that strong references to newly created cursors are

kept until the DOM Binding is created.

This fixes random crashes on websites that use IndexedDB cursors.
See also BZ bug 1599420
pull/24/head
Simon Giesecke 3 years ago committed by Roy Tam
parent 140bd4d265
commit 2da1f51f91
  1. 6
      dom/indexedDB/ActorsChild.cpp

@ -3291,6 +3291,10 @@ BackgroundCursorChild::HandleResponse(
auto& responses =
const_cast<nsTArray<ObjectStoreCursorResponse>&>(aResponses);
// If a new cursor is created, we need to keep a reference to it until the
// ResultHelper creates a DOM Binding.
RefPtr<IDBCursor> newCursor;
for (ObjectStoreCursorResponse& response : responses) {
StructuredCloneReadInfo cloneReadInfo(Move(response.cloneInfo()));
cloneReadInfo.mDatabase = mTransaction->Database();
@ -3300,8 +3304,6 @@ BackgroundCursorChild::HandleResponse(
nullptr,
cloneReadInfo.mFiles);
RefPtr<IDBCursor> newCursor;
if (mCursor) {
mCursor->Reset(Move(response.key()), Move(cloneReadInfo));
} else {

Loading…
Cancel
Save