IndexedDB: Crash on checking version of corrupt backing store
Created attachment 171288 [details] Patch
alecflett@ - please take a look
See comments in webkit.org/b/99636 re: testing The in-progress tests in crrev.com/11196029 should be expanded to include this case.
Created attachment 171292 [details] Patch
Comment on attachment 171292 [details] Patch LGTM
tony@ - r? cq?
Comment on attachment 171292 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=171292&action=review > Source/WebCore/Modules/indexeddb/IDBLevelDBBackingStore.cpp:299 > + if (db) { > + if (!isSchemaKnown(db.get())) { Nit: Can we merge these into a single if?
Created attachment 171308 [details] Patch for landing
(In reply to comment #7) > Nit: Can we merge these into a single if? Done, thanks.
Comment on attachment 171308 [details] Patch for landing Clearing flags on attachment: 171308 Committed r132848: <http://trac.webkit.org/changeset/132848>
All reviewed patches have been landed. Closing bug.
Comment on attachment 171308 [details] Patch for landing View in context: https://bugs.webkit.org/attachment.cgi?id=171308&action=review > Source/WebCore/Modules/indexeddb/IDBLevelDBBackingStore.cpp:301 > + db.release(); Is there a reason that this is db.release() instead of db.clear()? AFAICT they would act identically here, just wondering if [release() was arbitrary] or [a conscious choice and I'm missing something].
(In reply to comment #12) > (From update of attachment 171308 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=171308&action=review > > > Source/WebCore/Modules/indexeddb/IDBLevelDBBackingStore.cpp:301 > > + db.release(); > > Is there a reason that this is db.release() instead of db.clear()? AFAICT they would act identically here, just wondering if [release() was arbitrary] or [a conscious choice and I'm missing something]. Not a conscious choice. I agree it should be clear(). (I noticed that later and have that change in a branch somewhere, apparently not uploaded anywhere.)