[Webkit-unassigned] [Bug 108670] New: [V8] IndexedDB: Minor GC can collect IDBDatabase wrapper with versionchange handler
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Feb 1 11:43:07 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=108670
Summary: [V8] IndexedDB: Minor GC can collect IDBDatabase
wrapper with versionchange handler
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: jsbell at chromium.org
Reported by a user:
> I am getting this behaviour on IDBDatabase when it should be firing a
> versionchange event.
>
> Step 1. IDBDatabase object is assigned an onversionchange event but no
> reference is kept.
> Step 2. IDBFactory.open is called with a higher version number.
> Step 3. Garbage collection comes along and eats the all references to the
> first IDBDatabase, but fails to close it. Cause? If it has read or written
> to the database?
> The versionchange event can't force a call to close() because it is never
> called.
> Result: The IDBOpenRequest from Step 2 is forever blocked.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list