-
David Van Cleve authored
crbug.com/1115398 concerns some crashes in TableManager::ExecuteDbTaskOnDbSequence, which seem like they could be a consequence of some incorrect lifetime management in TrustTokenDatabaseOwner. In particular, KeyValueData::FlushDataToDisk schedules a task using TableManager by providing a callback with a bound raw pointer to the a KeyValueTable owned by TrustTokenDatabaseOwner, but currently TrustTokenDatabaseOwner's KeyValueTable members are destroyed before its (Proto)TableManager member. This could mean that TableManager::ExecuteDbTaskOnDbSequence tries to call into a KeyValueTable that has already been freed, in cases where TableManager tasks are executed concurrent with the TrustTokenDatabaseOwner's destruction. This initial fix for crbug.com/1115398 updates KeyValueTable<T> to inherit from SupportsWeakPtr and swaps the base::Unretaineds in KeyValueData to bind KeyValueTable weak pointers instead. This is intended to be a simple, mergeable, shorter-term fix to stop the crashes. A cleaner but more invasive follow-up fix could be to refactor KeyValueTable<T> to be a stateless collection of helper functions, eliminating the class's lifetime concerns. Bug: 1115398 Change-Id: I4947b7678e99449b44fd48904fa92294db84a894 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2354289 Commit-Queue: David Van Cleve <davidvc@chromium.org> Reviewed-by:
Alex Ilin <alexilin@chromium.org> Cr-Commit-Position: refs/heads/master@{#797882}
1b47a516
