Bug 99860

Summary: [V8] IndexedDB: Crash when lazy-indexing Date keys
Product: WebKit Reporter: Joshua Bell <jsbell>
Component: New BugsAssignee: Joshua Bell <jsbell>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, alecflett, dgrogan, haraken, japhet, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Joshua Bell
Reported 2012-10-19 11:34:48 PDT
[V8] IndexedDB: Crash when lazy-indexing Date keys
Attachments
Patch (8.05 KB, patch)
2012-10-19 11:36 PDT, Joshua Bell 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Joshua Bell
Comment 1 2012-10-19 11:36:35 PDT
Created attachment 169663 [details] Patch
Joshua Bell
Comment 2 2012-10-19 11:39:59 PDT
Noticed this when running: http://w3c-test.org/webapps/IndexedDB/tests/submissions/Opera/idbobjectstore_createIndex8-valid_keys.htm When lazy indexing occurs - which is to say, an index is created and there's already data in an object store, so the back-end tells the front-end to cursor over the store to populate the index - if the keys are Date objects a crash occurs in V8. The proposed fix is totally a cargo-cult copy/paste from other methods.
Adam Barth
Comment 3 2012-10-19 11:46:50 PDT
Comment on attachment 169663 [details] Patch Ok. I feel like I don't fully understand why using an auxiliary context is safe in general, but that's a design question larger than this one patch.
WebKit Review Bot
Comment 4 2012-10-19 12:47:04 PDT
Comment on attachment 169663 [details] Patch Clearing flags on attachment: 169663 Committed r131934: <http://trac.webkit.org/changeset/131934>
WebKit Review Bot
Comment 5 2012-10-19 12:47:07 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.