indexeddb: check ScriptState context before using

This fixes a null pointer crash where the ScriptState's context is not valid and is not checked before being passed to ExecutionContext::From. Bug: 1099813 Change-Id: Ibdb5d33b6383f904a6f0ddb3b0eb0c6489b561d8 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2283926 Auto-Submit: enne <enne@chromium.org> Reviewed-by: Daniel Murphy <dmurph@chromium.org> Commit-Queue: Victor Costan <pwnall@chromium.org> Cr-Commit-Position: refs/heads/master@{#786224}

indexeddb: check ScriptState context before using
This fixes a null pointer crash where the ScriptState's context is not valid and is not checked before being passed to ExecutionContext::From. Bug: 1099813 Change-Id: Ibdb5d33b6383f904a6f0ddb3b0eb0c6489b561d8 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2283926 Auto-Submit: enne <enne@chromium.org> Reviewed-by: Daniel Murphy <dmurph@chromium.org> Commit-Queue: Victor Costan <pwnall@chromium.org> Cr-Commit-Position: refs/heads/master@{#786224}
60d31b45 · Adrienne Walker · Commit Bot · acd073d1 · 60d31b45
Commit 60d31b45 authored Jul 08, 2020 by Adrienne Walker Committed by Commit Bot Jul 08, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 9 deletions

third_party/blink/renderer/modules/indexeddb/idb_factory.cc third_party/blink/renderer/modules/indexeddb/idb_factory.cc +13 -9

No files found.
--- a/third_party/blink/renderer/modules/indexeddb/idb_factory.cc
+++ b/third_party/blink/renderer/modules/indexeddb/idb_factory.cc
@@ -80,15 +80,19 @@ class WebIDBGetDBNamesCallbacksImpl : public WebIDBCallbacks {
  }
  ~WebIDBGetDBNamesCallbacksImpl() override {
-    if (promise_resolver_) {
+    if (!promise_resolver_)
-      probe::AsyncTaskCanceled(
+      return;
-          ExecutionContext::From(promise_resolver_->GetScriptState()),
-          &async_task_id_);
+    auto* script_state = promise_resolver_->GetScriptState();
-      promise_resolver_->Reject(MakeGarbageCollected<DOMException>(
+    if (!script_state->ContextIsValid())
-          DOMExceptionCode::kUnknownError,
+      return;
-          "An unexpected shutdown occured before the "
-          "databases() promise could be resolved"));
+    probe::AsyncTaskCanceled(ExecutionContext::From(script_state),
-    }
+                             &async_task_id_);
+    promise_resolver_->Reject(MakeGarbageCollected<DOMException>(
+        DOMExceptionCode::kUnknownError,
+        "An unexpected shutdown occured before the "
+        "databases() promise could be resolved"));
  }
  void SetState(base::WeakPtr<WebIDBCursorImpl> cursor,