RESOLVED FIXED 172434
Crash when IndexedDB's getAll is used inside a Web Worker 
https://bugs.webkit.org/show_bug.cgi?id=172434
Summary Crash when IndexedDB's getAll is used inside a Web Worker
jdscheff
Reported 2017-05-21 18:23:44 PDT
When using IndexedDB's getAll function inside a Web Worker, Safari crashes. It works outside of a web worker. Here's some example code: const errorHandler = function (event) { console.error(event.target.error); } console.log('Deleting database...'); var deleteRequest = indexedDB.deleteDatabase('test'); deleteRequest.onerror = deleteRequest.onblocked = deleteRequest.onsuccess = function () { console.log('Opening database...'); var openRequest = indexedDB.open('test'); openRequest.onerror = errorHandler; openRequest.onupgradeneeded = function () { var db = openRequest.result; db.createObjectStore('test', {keyPath: 'a'}); } openRequest.onsuccess = function (event) { var db = event.target.result; var tx = db.transaction('test', 'readwrite'); tx.onerror = errorHandler; tx.onabort = errorHandler; tx.oncomplete = function () { console.log('All done!'); }; var getAllRequest = tx.objectStore('test').getAll(); getAllRequest.onerror = errorHandler; getAllRequest.onsuccess = function () { console.log('Success!'); }; }; }; Running that code outside of a Web Worker is no problem: http://dumbmatter.com/safari-getall-worker-bug/ But inside a Web Worker, it will crash Safari (but not Firefox or Chrome): http://dumbmatter.com/safari-getall-worker-bug/worker.html
Attachments
Patch (7.72 KB, patch)
2017-06-09 17:14 PDT, Brady Eidson 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Brady Eidson
Comment 1 2017-05-21 19:40:28 PDT
Whoa... it's not a WebCore crash at all, but rather a bmalloc crash: Thread 9 Crashed:: WebCore: Worker 0 com.apple.JavaScriptCore 0x00000001070cf95b bmalloc::Heap::splitAndAllocate(bmalloc::LargeRange&, unsigned long, unsigned long) + 27 1 com.apple.JavaScriptCore 0x00000001070cfd7d bmalloc::Heap::tryAllocateLarge(std::__1::lock_guard<bmalloc::StaticMutex>&, unsigned long, unsigned long) + 253 2 com.apple.JavaScriptCore 0x00000001070cfda9 bmalloc::Heap::allocateLarge(std::__1::lock_guard<bmalloc::StaticMutex>&, unsigned long, unsigned long) + 9 3 com.apple.JavaScriptCore 0x00000001070cd164 bmalloc::Allocator::allocateLarge(unsigned long) + 68 4 com.apple.JavaScriptCore 0x000000010662277f WTF::fastMalloc(unsigned long) + 111 5 com.apple.WebCore 0x0000000104d03d6b WebCore::IDBValue::IDBValue(WebCore::IDBValue const&) + 107 6 ??? 0x000070000e6ceb80 0 + 123145544330112
Radar WebKit Bug Importer
Comment 2 2017-05-21 19:41:08 PDT
<rdar://problem/32319936>
Brady Eidson
Comment 3 2017-05-21 19:42:41 PDT
Note in the crash https://gist.github.com/battaile/abe7be0cf3f3d406b43f3e66ed4bd8c3 linked from https://github.com/dumbmatter/basketball-gm/issues/204#issuecomment-302978569, the crash on the worker thread was different: Thread 18 Crashed:: WebCore: Worker 0 com.apple.WebCore 0x00000001060ac720 void WTF::__copy_construct_op_table<WTF::Variant<WTF::Vector<WebCore::IDBKeyData, 0ul, WTF::CrashOnOverflow, 16ul>, WTF::Vector<WebCore::IDBValue, 0ul, WTF::CrashOnOverflow, 16ul>, std::nullptr_t>, WTF::__index_sequence<0l, 1l, 2l> >::__copy_construct_func<0l>(WTF::Variant<WTF::Vector<WebCore::IDBKeyData, 0ul, WTF::CrashOnOverflow, 16ul>, WTF::Vector<WebCore::IDBValue, 0ul, WTF::CrashOnOverflow, 16ul>, std::nullptr_t>*, WTF::Variant<WTF::Vector<WebCore::IDBKeyData, 0ul, WTF::CrashOnOverflow, 16ul>, WTF::Vector<WebCore::IDBValue, 0ul, WTF::CrashOnOverflow, 16ul>, std::nullptr_t> const&) + 0 1 ??? 0x00007000008c3bc0 0 + 123145311501248
Brady Eidson
Comment 4 2017-06-09 17:14:22 PDT
Created attachment 312514 [details] Patch
WebKit Commit Bot
Comment 5 2017-06-09 21:32:23 PDT
Comment on attachment 312514 [details] Patch Clearing flags on attachment: 312514 Committed r218041: <http://trac.webkit.org/changeset/218041>
WebKit Commit Bot
Comment 6 2017-06-09 21:32:24 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.