Always check weak global references before using them

We hold weak references to Java objects from native code in several
places to avoid circular reference problems. These objects may become
weakly reachable at any time, after which the GC could null our weak
reference, so we have to null-check at every use.

Note that weak references are nulled before the referent is finalized,
so we can't rely on doing work in the finalizer to wait for the
currently executing message to complete and to remove other messages
from the queue.

This effectively reverts
https://android-git.corp.google.com/g/#change,30955

Bug: 4336862
Change-Id: I431fcac11220cb406c26e31aacb9bda7ea22776e

1 files changed, 16 insertions, 8 deletions

diff --git a/Source/WebKit/android/WebCoreSupport/ChromeClientAndroid.cpp b/Source/WebKit/android/WebCoreSupport/ChromeClientAndroid.cpp
index 1c8f398..1fd8ee9 100644
--- a/Source/WebKit/android/WebCoreSupport/ChromeClientAndroid.cpp
+++ b/Source/WebKit/android/WebCoreSupport/ChromeClientAndroid.cpp
@@ -378,14 +378,18 @@ void ChromeClientAndroid::exceededDatabaseQuota(Frame* frame, const String& name
     if (tracker.usageForDatabase(name, origin) == 0)
         estimatedSize = tracker.detailsForNameAndOrigin(name, origin).expectedUsage();
 
-    android::WebViewCore::getWebViewCore(frame->view())->exceededDatabaseQuota(frame->document()->documentURI(), name, currentQuota, estimatedSize);
-
-    // We've sent notification to the browser so now wait for it to come back.
-    m_quotaThreadLock.lock();
-    while (!m_isNewQuotaSet) {
-        m_quotaThreadCondition.wait(m_quotaThreadLock);
+    if (android::WebViewCore::getWebViewCore(frame->view())->exceededDatabaseQuota(frame->document()->documentURI(), name, currentQuota, estimatedSize)) {
+        // We've sent notification to the browser so now wait for it to come back.
+        m_quotaThreadLock.lock();
+        while (!m_isNewQuotaSet) {
+            m_quotaThreadCondition.wait(m_quotaThreadLock);
+        }
+        m_quotaThreadLock.unlock();
+    } else {
+        // We failed to send the message to the UI thread to request a new quota,
+        // so just use the current quota as a default.
+        m_newQuota = currentQuota;
     }
-    m_quotaThreadLock.unlock();
 
     if (m_newQuota < currentQuota)
         m_newQuota = currentQuota;
@@ -445,7 +449,11 @@ void ChromeClientAndroid::reachedMaxAppCacheSize(int64_t spaceNeeded)
     Page* page = m_webFrame->page();
     Frame* mainFrame = page->mainFrame();
     FrameView* view = mainFrame->view();
-    android::WebViewCore::getWebViewCore(view)->reachedMaxAppCacheSize(spaceNeeded);
+
+    // If we fail to send the message to the UI thread to request a new quota,
+    // there's nothing to do.
+    if (!android::WebViewCore::getWebViewCore(view)->reachedMaxAppCacheSize(spaceNeeded))
+        return;
 
     // We've sent notification to the browser so now wait for it to come back.
     m_quotaThreadLock.lock();