Last Comment Bug 762199 - IndexedDB: checking availability of IDBTransaction constants in a Greasemonkey userscript crashes Firefox
: IndexedDB: checking availability of IDBTransaction constants in a Greasemonke...
Status: RESOLVED FIXED
[js:p1:fx16]
: addon-compat, crash, dev-doc-complete
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: 13 Branch
: x86_64 Windows 7
: -- critical (vote)
: mozilla16
Assigned To: Bill McCloskey (:billm)
:
Mentors:
Depends on:
Blocks: IndexedDB
  Show dependency treegraph
 
Reported: 2012-06-06 12:39 PDT by Jan Wedding
Modified: 2015-12-01 06:54 PST (History)
9 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
patch (1.97 KB, patch)
2012-06-21 14:49 PDT, Bill McCloskey (:billm)
jwalden+bmo: review+
Details | Diff | Splinter Review

Description Jan Wedding 2012-06-06 12:39:08 PDT
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0
Build ID: 20120601045813

Steps to reproduce:

When putting the following code into any Greasemonkey userscript (or in any other real AddOn; with userscripts, it is easier to test):

if (IDBTransaction.READ_WRITE) alert('true');

Firefox crashes when the code is executed.
The problem is, that these constants have been removed as of Firefox 13.

Executing this code on a normal web page shows an alert containing 'true', which is also wrong.

Crash report: https://crash-stats.mozilla.com/report/index/6398a357-d5c6-455f-9be8-cb5ec2120606


Actual results:

Firefox crashed.


Expected results:

Firefox should not crash.
Comment 1 Jorge Villalobos [:jorgev] 2012-06-08 17:26:12 PDT
I found another add-on possibly affected by this: https://addons.mozilla.org/firefox/addon/web-highlighter-by-diigo/

I contacted the developers.
Comment 2 Bill McCloskey (:billm) 2012-06-21 14:49:02 PDT
Created attachment 635486 [details] [diff] [review]
patch

We have some indexeddb code that seems to try to keep these properties around for backwards compatibility. Bug 735094 seems to suggest that these will be removed in a few months. Nevertheless, I think the code functions as desired in content code.

From chrome, we seem to go through some proxies, and we get all screwed up and crash because these properties are implemented using the tiny ID mechanism, which is somewhat broken and should be deprecated. This patch changes the indexeddb code so it doesn't use tiny IDs. It stops us from crashing.
Comment 3 Ben Turner (not reading bugmail, use the needinfo flag!) 2012-06-21 20:55:29 PDT
Bill, I used tiny IDs in workers quite a bit... Should I be worried?
Comment 4 Bill McCloskey (:billm) 2012-06-21 21:06:17 PDT
(In reply to ben turner [:bent] from comment #3)
> Bill, I used tiny IDs in workers quite a bit... Should I be worried?

Really? I didn't see any other uses, but maybe I didn't search for the right thing. Can you link to one or two places?
Comment 5 Ben Turner (not reading bugmail, use the needinfo flag!) 2012-06-21 21:11:13 PDT
http://mxr.mozilla.org/mozilla-central/source/dom/workers/Events.cpp?force=1#344 for instance
Comment 6 Jeff Walden [:Waldo] (remove +bmo to email) 2012-06-21 21:23:04 PDT
Those should be turned into JSNatives to make introspection show the right things (a getter function, no setter function, etc.), in which case the need for tinyids would coincidentally go away, I think.  For the one case touched here, Bill said the code in question was going to die quickly enough that it probably wasn't worth the trouble to do anything like that.
Comment 8 Ed Morley [:emorley] 2012-06-27 03:35:41 PDT
https://hg.mozilla.org/mozilla-central/rev/ef0f6e8707ae

Note You need to log in before you can comment on or make changes to this bug.