[Webkit-unassigned] [Bug 107582] New: IndexedDB: IDBKeyRange::isOnlyKey() does pointer equality comparison

Tue Jan 22 13:29:03 PST 2013

https://bugs.webkit.org/show_bug.cgi?id=107582

           Summary: IndexedDB: IDBKeyRange::isOnlyKey() does pointer
                    equality comparison
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: jsbell at chromium.org
                CC: dgrogan at chromium.org, alecflett at chromium.org,
                    michael at 68k.org

To simplify the backend API, various methods that can take a key-or-keyrange just accept a keyrange, and we map a script call with just a key to IDBKeyRange::only(key). On the back end, optimized paths can check keyrange->isOnlyKey()

IDBKeyRange::isOnlyKey() does pointer equality comparison, so if there are IPC hijinks between the front- and back-end (e.g. in multiprocess ports) that don't pass along this flag, the equality comparison would fail and the unoptimized path would be used.

It looks like the only caller is in GetOperation::perform() in IDBDatabaseBackendImpl.cpp

A trivial fix would be to replace the equality test with: !m_lower->compare(m_upper)

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.