`WebCore::SQLiteIDBBackingStore::openCursor()` crashes due to a nullptr dereference when `infoForObjectStore()` returns nullptr because `m_databaseInfo->m_objectStoreMap` is empty. The function calls `infoForObjectStore()`, which can return nullptr when the object store identifier is not found in the HashMap. The return value is guarded only by `ASSERT(objectStoreInfo)` -- a no-op in release builds -- and then unconditionally dereferenced via `objectStoreInfo->keyPath()`. The unconditional dereference is undefined behavior (UB) with nullptr. The compiler backward-propagates from the UB to eliminate all nullptr checks in the entire inlined `HashMap::find()` chain, including the internal `if (!m_table)` check in `HashTable::inlineLookup()`. This causes the crash to manifest as a read from address 0xfffffffffffffff8 (null minus 8 bytes) inside `tableSizeMask()`. The same pattern (Debug ASSERT without a nullptr check) also exists in `getIndexRecord()`, `uncheckedGetIndexRecordForOneKey()`, and `iterateCursor()`. Four other call sites in the same file (`getRecord()`, `getAllObjectStoreRecords()`, `getAllIndexRecords()`, `addIndex()`) already properly check for nullptr. Stack trace: 0 WebCore: WTF::HashTable::tableSizeMask 1 WebCore: WTF::HashTable::inlineLookup 2 WebCore: WTF::HashTable::find 3 WebCore: WTF::HashMap::find 4 WebCore: WebCore::IDBDatabaseInfo::getInfoForExistingObjectStore 5 WebCore: WebCore::IDBServer::SQLiteIDBBackingStore::infoForObjectStore 6 WebCore: WebCore::IDBServer::SQLiteIDBBackingStore::openCursor 7 WebCore: WebCore::IDBServer::UniqueIDBDatabase::performOpenCursor [...]