Diff
Modified: trunk/LayoutTests/ChangeLog (131933 => 131934)
--- trunk/LayoutTests/ChangeLog 2012-10-19 19:45:03 UTC (rev 131933)
+++ trunk/LayoutTests/ChangeLog 2012-10-19 19:46:57 UTC (rev 131934)
@@ -1,3 +1,21 @@
+2012-10-19 Joshua Bell <[email protected]>
+
+ [V8] IndexedDB: Crash when lazy-indexing Date keys
+ https://bugs.webkit.org/show_bug.cgi?id=99860
+
+ Reviewed by Adam Barth.
+
+ Add test for greedy/lazy indexing all different key types.
+
+ * storage/indexeddb/lazy-index-types-expected.txt: Added.
+ * storage/indexeddb/lazy-index-types.html: Added.
+ * storage/indexeddb/resources/lazy-index-types.js: Added.
+ (test.request.onsuccess):
+ (test):
+ (onSuccess.request.onsuccess):
+ (onSuccess):
+ (onComplete):
+
2012-10-18 Dean Jackson <[email protected]>
Shader translator needs option to clamp uniform array accesses in vertex shaders
Added: trunk/LayoutTests/storage/indexeddb/lazy-index-types-expected.txt (0 => 131934)
--- trunk/LayoutTests/storage/indexeddb/lazy-index-types-expected.txt (rev 0)
+++ trunk/LayoutTests/storage/indexeddb/lazy-index-types-expected.txt 2012-10-19 19:46:57 UTC (rev 131934)
@@ -0,0 +1,56 @@
+Test lazy IndexedDB index population with various key types.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+indexedDB = self.indexedDB || self.webkitIndexedDB || self.mozIndexedDB || self.msIndexedDB || self.OIndexedDB;
+
+dbname = "lazy-index-types.html"
+indexedDB.deleteDatabase(dbname)
+indexedDB.open(dbname, 1)
+
+onUpgradeNeeded():
+db = event.target.result
+store = db.createObjectStore('store', {autoIncrement: true})
+index = store.createIndex('greedy-index', 'id')
+store.put({id: 0})
+store.put({id: new Date(0)})
+store.put({id: 'string'})
+store.put({id: []})
+store.put({id: [0]})
+store.put({id: [new Date(0)]})
+store.put({id: ['string']})
+store.put({id: [[]]})
+store.put({id: undefined})
+store.put({id: null})
+store.put({id: true})
+store.put({id: false})
+store.put({id: {}})
+store.put({id: /(?:)/})
+index = store.createIndex('lazy-index', 'id')
+expectedIndexSize = 8
+
+onSuccess():
+db = event.target.result
+trans = db.transaction('store')
+store = trans.objectStore('store')
+greedyIndex = store.index('greedy-index')
+request = greedyIndex.count()
+lazyIndex = store.index('lazy-index')
+request = lazyIndex.count()
+
+countSuccess():
+PASS event.target.result is expectedIndexSize
+gotGreedyCount = true
+
+countSuccess():
+PASS event.target.result is expectedIndexSize
+gotLazyCount = true
+
+onComplete():
+PASS gotGreedyCount is true
+PASS gotLazyCount is true
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/storage/indexeddb/lazy-index-types.html (0 => 131934)
--- trunk/LayoutTests/storage/indexeddb/lazy-index-types.html (rev 0)
+++ trunk/LayoutTests/storage/indexeddb/lazy-index-types.html 2012-10-19 19:46:57 UTC (rev 131934)
@@ -0,0 +1,10 @@
+<html>
+<head>
+<script src=""
+<script src=""
+</head>
+<body>
+<script src=""
+<script src=""
+</body>
+</html>
Added: trunk/LayoutTests/storage/indexeddb/resources/lazy-index-types.js (0 => 131934)
--- trunk/LayoutTests/storage/indexeddb/resources/lazy-index-types.js (rev 0)
+++ trunk/LayoutTests/storage/indexeddb/resources/lazy-index-types.js 2012-10-19 19:46:57 UTC (rev 131934)
@@ -0,0 +1,98 @@
+if (this.importScripts) {
+ importScripts('../../../fast/js/resources/js-test-pre.js');
+ importScripts('shared.js');
+}
+
+description("Test lazy IndexedDB index population with various key types.");
+
+function test()
+{
+ removeVendorPrefixes();
+ setDBNameFromPath();
+
+ request = evalAndLog("indexedDB.deleteDatabase(dbname)");
+ request._onerror_ = unexpectedErrorCallback;
+ request._onblocked_ = unexpectedBlockedCallback;
+ request._onsuccess_ = function() {
+ request = evalAndLog("indexedDB.open(dbname, 1)");
+ request._onerror_ = unexpectedErrorCallback;
+ request._onblocked_ = unexpectedBlockedCallback;
+ request._onupgradeneeded_ = onUpgradeNeeded;
+ request._onsuccess_ = onSuccess;
+ };
+}
+
+function onUpgradeNeeded(evt)
+{
+ preamble(evt);
+ evalAndLog("db = event.target.result");
+ evalAndLog("store = db.createObjectStore('store', {autoIncrement: true})");
+ evalAndLog("index = store.createIndex('greedy-index', 'id')");
+
+ [
+ // Valid key types:
+ "0",
+ "new Date(0)",
+ "'string'",
+ "[]",
+
+ // Types in arrays, for good measure:
+ "[0]",
+ "[new Date(0)]",
+ "['string']",
+ "[[]]",
+
+ // Types which are cloneable but not valid keys:
+ "undefined",
+ "null",
+ "true",
+ "false",
+ "{}",
+ "/(?:)/"
+ ].forEach(function(indexKey) {
+ evalAndLog("store.put({id: " + indexKey + "})");
+ });
+
+ evalAndLog("index = store.createIndex('lazy-index', 'id')");
+ evalAndLog("expectedIndexSize = 8");
+}
+
+function onSuccess(evt)
+{
+ preamble(evt);
+ evalAndLog("db = event.target.result");
+ evalAndLog("trans = db.transaction('store')");
+ trans._onabort_ = unexpectedAbortCallback;
+ evalAndLog("store = trans.objectStore('store')");
+
+ evalAndLog("greedyIndex = store.index('greedy-index')");
+ gotGreedyCount = false;
+ evalAndLog("request = greedyIndex.count()");
+ request._onsuccess_ = function countSuccess(evt) {
+ preamble(evt);
+ shouldBe("event.target.result", "expectedIndexSize");
+ evalAndLog("gotGreedyCount = true");
+ };
+
+ evalAndLog("lazyIndex = store.index('lazy-index')");
+ gotLazyCount = false;
+ evalAndLog("request = lazyIndex.count()");
+ request._onsuccess_ = function countSuccess(evt) {
+ preamble(evt);
+ shouldBe("event.target.result", "expectedIndexSize");
+ evalAndLog("gotLazyCount = true");
+ };
+
+ trans._oncomplete_ = onComplete;
+}
+
+function onComplete(evt)
+{
+ preamble(evt);
+
+ shouldBeTrue("gotGreedyCount");
+ shouldBeTrue("gotLazyCount");
+ finishJSTest();
+}
+
+test();
Modified: trunk/Source/WebCore/ChangeLog (131933 => 131934)
--- trunk/Source/WebCore/ChangeLog 2012-10-19 19:45:03 UTC (rev 131933)
+++ trunk/Source/WebCore/ChangeLog 2012-10-19 19:46:57 UTC (rev 131934)
@@ -1,3 +1,18 @@
+2012-10-19 Joshua Bell <[email protected]>
+
+ [V8] IndexedDB: Crash when lazy-indexing Date keys
+ https://bugs.webkit.org/show_bug.cgi?id=99860
+
+ Reviewed by Adam Barth.
+
+ Missing a scope/context needed when digging values out of Date objects
+ in an indexing callback.
+
+ Test: storage/indexeddb/lazy-index-types.html
+
+ * bindings/v8/IDBBindingUtilities.cpp:
+ (WebCore::createIDBKeyFromScriptValueAndKeyPath):
+
2012-10-18 Dean Jackson <[email protected]>
Shader translator needs option to clamp uniform array accesses in vertex shaders
Modified: trunk/Source/WebCore/bindings/v8/IDBBindingUtilities.cpp (131933 => 131934)
--- trunk/Source/WebCore/bindings/v8/IDBBindingUtilities.cpp 2012-10-19 19:45:03 UTC (rev 131933)
+++ trunk/Source/WebCore/bindings/v8/IDBBindingUtilities.cpp 2012-10-19 19:46:57 UTC (rev 131934)
@@ -180,6 +180,9 @@
IDBParseKeyPath(keyPath, keyPathElements, error);
ASSERT(error == IDBKeyPathParseErrorNone);
+ v8::HandleScope handleScope;
+ v8::Context::Scope scope(V8PerIsolateData::current()->ensureAuxiliaryContext());
+
v8::Handle<v8::Value> v8Value(value.v8Value());
v8::Handle<v8::Value> v8Key(getNthValueOnKeyPath(v8Value, keyPathElements, keyPathElements.size()));
if (v8Key.IsEmpty())
