The default bug view has changed. See this FAQ.

IndexedDB: checking availability of IDBTransaction constants in a Greasemonkey userscript crashes Firefox

RESOLVED FIXED in mozilla16

Status

()

Core
JavaScript Engine
--
critical
RESOLVED FIXED
5 years ago
a year ago

People

(Reporter: Jan Wedding, Assigned: billm)

Tracking

({addon-compat, crash, dev-doc-complete})

13 Branch
mozilla16
x86_64
Windows 7
addon-compat, crash, dev-doc-complete
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [js:p1:fx16], crash signature)

Attachments

(1 attachment)

(Reporter)

Description

5 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0
Build ID: 20120601045813

Steps to reproduce:

When putting the following code into any Greasemonkey userscript (or in any other real AddOn; with userscripts, it is easier to test):

if (IDBTransaction.READ_WRITE) alert('true');

Firefox crashes when the code is executed.
The problem is, that these constants have been removed as of Firefox 13.

Executing this code on a normal web page shows an alert containing 'true', which is also wrong.

Crash report: https://crash-stats.mozilla.com/report/index/6398a357-d5c6-455f-9be8-cb5ec2120606


Actual results:

Firefox crashed.


Expected results:

Firefox should not crash.
(Reporter)

Updated

5 years ago
Blocks: 553412

Updated

5 years ago
Assignee: nobody → general
Severity: normal → critical
Status: UNCONFIRMED → NEW
Crash Signature: [@ DefineProperty]
Component: Untriaged → JavaScript Engine
Ever confirmed: true
Keywords: crash
Product: Firefox → Core
QA Contact: untriaged → general
I found another add-on possibly affected by this: https://addons.mozilla.org/firefox/addon/web-highlighter-by-diigo/

I contacted the developers.
Keywords: addon-compat, dev-doc-needed
Whiteboard: [js:p1]
Whiteboard: [js:p1] → [js:p1:fx16]
(Assignee)

Comment 2

5 years ago
Created attachment 635486 [details] [diff] [review]
patch

We have some indexeddb code that seems to try to keep these properties around for backwards compatibility. Bug 735094 seems to suggest that these will be removed in a few months. Nevertheless, I think the code functions as desired in content code.

From chrome, we seem to go through some proxies, and we get all screwed up and crash because these properties are implemented using the tiny ID mechanism, which is somewhat broken and should be deprecated. This patch changes the indexeddb code so it doesn't use tiny IDs. It stops us from crashing.
Assignee: general → wmccloskey
Status: NEW → ASSIGNED
Attachment #635486 - Flags: review?(jwalden+bmo)
Attachment #635486 - Flags: review?(jwalden+bmo) → review+
Bill, I used tiny IDs in workers quite a bit... Should I be worried?
(Assignee)

Comment 4

5 years ago
(In reply to ben turner [:bent] from comment #3)
> Bill, I used tiny IDs in workers quite a bit... Should I be worried?

Really? I didn't see any other uses, but maybe I didn't search for the right thing. Can you link to one or two places?
http://mxr.mozilla.org/mozilla-central/source/dom/workers/Events.cpp?force=1#344 for instance
Those should be turned into JSNatives to make introspection show the right things (a getter function, no setter function, etc.), in which case the need for tinyids would coincidentally go away, I think.  For the one case touched here, Bill said the code in question was going to die quickly enough that it probably wasn't worth the trouble to do anything like that.
(Assignee)

Comment 7

5 years ago
https://hg.mozilla.org/integration/mozilla-inbound/rev/ef0f6e8707ae
Target Milestone: --- → mozilla16
https://hg.mozilla.org/mozilla-central/rev/ef0f6e8707ae
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Keywords: dev-doc-needed → dev-doc-complete
You need to log in before you can comment on or make changes to this bug.