Diff
Modified: trunk/LayoutTests/ChangeLog (238676 => 238677)
--- trunk/LayoutTests/ChangeLog 2018-11-29 18:41:48 UTC (rev 238676)
+++ trunk/LayoutTests/ChangeLog 2018-11-29 18:45:17 UTC (rev 238677)
@@ -1,5 +1,22 @@
2018-11-29 Sihui Liu <sihui_...@apple.com>
+ IndexedDB: breaks if binary data (Uint8Array) and autoIncrement key in store
+ https://bugs.webkit.org/show_bug.cgi?id=185869
+ <rdar://problem/40453623>
+
+ Reviewed by Geoffrey Garen.
+
+ * storage/indexeddb/objectstore-autoincrement-expected.txt:
+ * storage/indexeddb/objectstore-autoincrement-private-expected.txt:
+ * storage/indexeddb/resources/objectstore-autoincrement.js:
+ (getLincolnAfterInjectedKeySuccess):
+ (putBobSuccess):
+ (getBobSuccess):
+ (addLincolnWithExplicitKeySuccess):
+ (putAbrahamSuccess):
+
+2018-11-29 Sihui Liu <sihui_...@apple.com>
+
Unexpected constructor / instanceof behavior when retrieving indexedDB data in an iframe
https://bugs.webkit.org/show_bug.cgi?id=185906
<rdar://problem/40583100>
Modified: trunk/LayoutTests/storage/indexeddb/objectstore-autoincrement-expected.txt (238676 => 238677)
--- trunk/LayoutTests/storage/indexeddb/objectstore-autoincrement-expected.txt 2018-11-29 18:41:48 UTC (rev 238676)
+++ trunk/LayoutTests/storage/indexeddb/objectstore-autoincrement-expected.txt 2018-11-29 18:45:17 UTC (rev 238677)
@@ -35,19 +35,26 @@
PASS event.target.result.name is "Lincoln"
PASS event.target.result.number is "7012"
PASS event.target.result.id is 4
+store.add({name: 'Bob', number: Uint8Array.from([100, 101])})
+putBobSuccess():
+PASS event.target.result is 5
+store.get(5)
+getBobSuccess():
+PASS event.target.result.name is "Bob"
+PASS event.target.result.number is [100, 101]
store = trans.objectStore('StoreWithAutoIncrement')
Insert into object store with key gen using explicit key
-store.add({name: 'Lincoln', number: '7012'}, 5)
+store.add({name: 'Lincoln', number: '7012'}, 6)
addLincolnWithExplicitKeySuccess():
-PASS event.target.result is 5
-store.get(5)
+PASS event.target.result is 6
+store.get(6)
getLincolnSuccess():
PASS event.target.result.name is "Lincoln"
PASS event.target.result.number is "7012"
store.put({name: 'Abraham', number: '2107'})
putAbrahamSuccess():
-PASS event.target.result is 6
-store.get(6)
+PASS event.target.result is 7
+store.get(7)
getAbrahamSuccess():
PASS event.target.result.name is "Abraham"
PASS event.target.result.number is "2107"
Modified: trunk/LayoutTests/storage/indexeddb/objectstore-autoincrement-private-expected.txt (238676 => 238677)
--- trunk/LayoutTests/storage/indexeddb/objectstore-autoincrement-private-expected.txt 2018-11-29 18:41:48 UTC (rev 238676)
+++ trunk/LayoutTests/storage/indexeddb/objectstore-autoincrement-private-expected.txt 2018-11-29 18:45:17 UTC (rev 238677)
@@ -35,19 +35,26 @@
PASS event.target.result.name is "Lincoln"
PASS event.target.result.number is "7012"
PASS event.target.result.id is 4
+store.add({name: 'Bob', number: Uint8Array.from([100, 101])})
+putBobSuccess():
+PASS event.target.result is 5
+store.get(5)
+getBobSuccess():
+PASS event.target.result.name is "Bob"
+PASS event.target.result.number is [100, 101]
store = trans.objectStore('StoreWithAutoIncrement')
Insert into object store with key gen using explicit key
-store.add({name: 'Lincoln', number: '7012'}, 5)
+store.add({name: 'Lincoln', number: '7012'}, 6)
addLincolnWithExplicitKeySuccess():
-PASS event.target.result is 5
-store.get(5)
+PASS event.target.result is 6
+store.get(6)
getLincolnSuccess():
PASS event.target.result.name is "Lincoln"
PASS event.target.result.number is "7012"
store.put({name: 'Abraham', number: '2107'})
putAbrahamSuccess():
-PASS event.target.result is 6
-store.get(6)
+PASS event.target.result is 7
+store.get(7)
getAbrahamSuccess():
PASS event.target.result.name is "Abraham"
PASS event.target.result.number is "2107"
Modified: trunk/LayoutTests/storage/indexeddb/resources/objectstore-autoincrement.js (238676 => 238677)
--- trunk/LayoutTests/storage/indexeddb/resources/objectstore-autoincrement.js 2018-11-29 18:41:48 UTC (rev 238676)
+++ trunk/LayoutTests/storage/indexeddb/resources/objectstore-autoincrement.js 2018-11-29 18:45:17 UTC (rev 238677)
@@ -70,9 +70,30 @@
shouldBeEqualToString("event.target.result.number", "7012");
shouldBe("event.target.result.id", "4");
+ request = evalAndLog("store.add({name: 'Bob', number: Uint8Array.from([100, 101])})");
+ request._onsuccess_ = putBobSuccess;
+ request._onerror_ = unexpectedErrorCallback;
+}
+
+function putBobSuccess()
+{
+ debug("putBobSuccess():");
+ shouldBe("event.target.result", "5");
+
+ request = evalAndLog("store.get(5)");
+ request._onsuccess_ = getBobSuccess;
+ request._onerror_ = unexpectedErrorCallback;
+}
+
+function getBobSuccess()
+{
+ debug("getBobSuccess():");
+ shouldBeEqualToString("event.target.result.name", "Bob");
+ shouldBe("event.target.result.number", "[100, 101]");
+
self.store = evalAndLog("store = trans.objectStore('StoreWithAutoIncrement')");
debug("Insert into object store with key gen using explicit key");
- request = evalAndLog("store.add({name: 'Lincoln', number: '7012'}, 5)");
+ request = evalAndLog("store.add({name: 'Lincoln', number: '7012'}, 6)");
request._onsuccess_ = addLincolnWithExplicitKeySuccess;
request._onerror_ = unexpectedErrorCallback;
}
@@ -80,9 +101,9 @@
function addLincolnWithExplicitKeySuccess()
{
debug("addLincolnWithExplicitKeySuccess():");
- shouldBe("event.target.result", "5");
+ shouldBe("event.target.result", "6");
- request = evalAndLog("store.get(5)");
+ request = evalAndLog("store.get(6)");
request._onsuccess_ = getLincolnSuccess;
request._onerror_ = unexpectedErrorCallback;
}
@@ -101,9 +122,9 @@
function putAbrahamSuccess()
{
debug("putAbrahamSuccess():");
- shouldBe("event.target.result", "6");
+ shouldBe("event.target.result", "7");
- request = evalAndLog("store.get(6)");
+ request = evalAndLog("store.get(7)");
request._onsuccess_ = getAbrahamSuccess;
request._onerror_ = unexpectedErrorCallback;
}
Modified: trunk/Source/WebCore/ChangeLog (238676 => 238677)
--- trunk/Source/WebCore/ChangeLog 2018-11-29 18:41:48 UTC (rev 238676)
+++ trunk/Source/WebCore/ChangeLog 2018-11-29 18:45:17 UTC (rev 238677)
@@ -1,5 +1,27 @@
2018-11-29 Sihui Liu <sihui_...@apple.com>
+ IndexedDB: breaks if binary data (Uint8Array) and autoIncrement key in store
+ https://bugs.webkit.org/show_bug.cgi?id=185869
+ <rdar://problem/40453623>
+
+ Reviewed by Geoffrey Garen.
+
+ lexicalGlobalObject is casted to JSDOMGlobalObject in CloneSerializer::dumpArrayBufferView,
+ so we should use JSDOMGlobalObject instead of JSGlobalObject in IDB database thread.
+
+ Covered by modified test: storage/indexeddb/objectstore-autoincrement.html
+
+ * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
+ (WebCore::IDBServer::UniqueIDBDatabase::databaseThreadVM):
+ (WebCore::IDBServer::UniqueIDBDatabase::databaseThreadExecState):
+ * bindings/js/JSDOMGlobalObject.cpp:
+ (WebCore::JSDOMGlobalObject::create):
+ * bindings/js/JSDOMGlobalObject.h:
+ * bindings/js/JSDOMWrapper.cpp:
+ (WebCore::JSDOMObject::JSDOMObject):
+
+2018-11-29 Sihui Liu <sihui_...@apple.com>
+
Unexpected constructor / instanceof behavior when retrieving indexedDB data in an iframe
https://bugs.webkit.org/show_bug.cgi?id=185906
<rdar://problem/40583100>
Modified: trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp (238676 => 238677)
--- trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp 2018-11-29 18:41:48 UTC (rev 238676)
+++ trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp 2018-11-29 18:45:17 UTC (rev 238677)
@@ -28,6 +28,7 @@
#if ENABLE(INDEXED_DATABASE)
+#include "DOMWrapperWorld.h"
#include "IDBBindingUtilities.h"
#include "IDBCursorInfo.h"
#include "IDBGetAllRecordsData.h"
@@ -42,6 +43,7 @@
#include "Logging.h"
#include "SerializedScriptValue.h"
#include "UniqueIDBDatabaseConnection.h"
+#include "WebCoreJSClientData.h"
#include <_javascript_Core/AuxiliaryBarrierInlines.h>
#include <_javascript_Core/HeapInlines.h>
#include <_javascript_Core/StrongInlines.h>
@@ -938,6 +940,11 @@
{
ASSERT(!isMainThread());
static VM* vm = &VM::create().leakRef();
+ if (!vm->heap.hasAccess()) {
+ vm->heap.acquireAccess();
+ JSVMClientData::initNormalWorld(vm);
+ }
+
return *vm;
}
@@ -945,10 +952,10 @@
{
ASSERT(!isMainThread());
- static NeverDestroyed<Strong<JSGlobalObject>> globalObject(databaseThreadVM(), JSGlobalObject::create(databaseThreadVM(), JSGlobalObject::createStructure(databaseThreadVM(), jsNull())));
+ static NeverDestroyed<Strong<JSDOMGlobalObject>> domGlobalObject(databaseThreadVM(), JSDOMGlobalObject::create(databaseThreadVM(), JSDOMGlobalObject::createStructure(databaseThreadVM(), jsNull()), normalWorld(databaseThreadVM())));
- RELEASE_ASSERT(globalObject.get()->globalExec());
- return *globalObject.get()->globalExec();
+ RELEASE_ASSERT(domGlobalObject.get()->globalExec());
+ return *domGlobalObject.get()->globalExec();
}
void UniqueIDBDatabase::performPutOrAdd(uint64_t callbackIdentifier, const IDBResourceIdentifier& transactionIdentifier, uint64_t objectStoreIdentifier, const IDBKeyData& keyData, const IDBValue& originalRecordValue, IndexedDB::ObjectStoreOverwriteMode overwriteMode)
Modified: trunk/Source/WebCore/bindings/js/JSDOMGlobalObject.cpp (238676 => 238677)
--- trunk/Source/WebCore/bindings/js/JSDOMGlobalObject.cpp 2018-11-29 18:41:48 UTC (rev 238676)
+++ trunk/Source/WebCore/bindings/js/JSDOMGlobalObject.cpp 2018-11-29 18:45:17 UTC (rev 238677)
@@ -76,6 +76,13 @@
static_cast<JSDOMGlobalObject*>(cell)->JSDOMGlobalObject::~JSDOMGlobalObject();
}
+JSDOMGlobalObject* JSDOMGlobalObject::create(JSC::VM& vm, JSC::Structure* structure, Ref<DOMWrapperWorld>&& world)
+{
+ JSDOMGlobalObject* domGlobalObject = new (NotNull, JSC::allocateCell<JSDOMGlobalObject>(vm.heap)) JSDOMGlobalObject(vm, structure, WTFMove(world));
+ domGlobalObject->finishCreation(vm);
+ return domGlobalObject;
+}
+
EncodedJSValue JSC_HOST_CALL makeThisTypeErrorForBuiltins(ExecState* execState)
{
ASSERT(execState);
Modified: trunk/Source/WebCore/bindings/js/JSDOMGlobalObject.h (238676 => 238677)
--- trunk/Source/WebCore/bindings/js/JSDOMGlobalObject.h 2018-11-29 18:41:48 UTC (rev 238676)
+++ trunk/Source/WebCore/bindings/js/JSDOMGlobalObject.h 2018-11-29 18:45:17 UTC (rev 238677)
@@ -53,6 +53,8 @@
void finishCreation(JSC::VM&, JSC::JSObject*);
public:
+ static JSDOMGlobalObject* create(JSC::VM&, JSC::Structure*, Ref<DOMWrapperWorld>&&);
+
Lock& gcLock() { return m_gcLock; }
JSDOMStructureMap& structures(const AbstractLocker&) { return m_structures; }
Modified: trunk/Source/WebCore/bindings/js/JSDOMWrapper.cpp (238676 => 238677)
--- trunk/Source/WebCore/bindings/js/JSDOMWrapper.cpp 2018-11-29 18:41:48 UTC (rev 238676)
+++ trunk/Source/WebCore/bindings/js/JSDOMWrapper.cpp 2018-11-29 18:45:17 UTC (rev 238677)
@@ -41,7 +41,7 @@
JSDOMObject::JSDOMObject(JSC::Structure* structure, JSC::JSGlobalObject& globalObject)
: Base(globalObject.vm(), structure)
{
- ASSERT(scriptExecutionContext() || globalObject.classInfo() == JSRemoteDOMWindow::info());
+ ASSERT(globalObject.classInfo() == JSDOMGlobalObject::info() || scriptExecutionContext() || globalObject.classInfo() == JSRemoteDOMWindow::info());
}
CompleteSubspace* outputConstraintSubspaceFor(VM& vm)
