Issue 714820 link

Starred by 1 user

Issue metadata

Status:	Fixed
Owner:	█ binji@chromium.org Last visit 15 days ago
Closed:	May 2017
Cc:	domenic@chromium.org jsb...@chromium.org adamk@chromium.org titzer@chromium.org dschuff@chromium.org
Components:	Blink>JavaScript>WebAssembly Blink>Storage>IndexedDB
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	3
Type:	Bug
merge-merged-3081

Blocked on:
issue 715567

Throw DataCloneError when putting SharedArrayBuffer into IndexedDB

Project Member Reported by jsb...@chromium.org, Apr 24 2017

Issue description

Basic repro:

const sab = new SharedArrayBuffer('256');
const open = indexedDB.open('db');
open.onupgradeneeded = e => {
  const db = open.result;
  db.createObjectStore('store');
};
open.onsuccess = e => {
  const db = open.result;
  const tx = db.transaction('store', 'readwrite');
  const store = tx.objectStore('store');

  try {
    store.put({sab: sab}, 'key');
  } catch (ex) {
    // assert ex.name is DataCloneError
  }
};

Current behavior: crash :)

Advanced steps:

const sab = new SharedArrayBuffer('256');
const open = indexedDB.open('db');
open.onupgradeneeded = e => {
  const db = open.result;
  db.createObjectStore('store');
};
open.onsuccess = e => {
  const db = open.result;
  const tx = db.transaction('store', 'readwrite');
  const store = tx.objectStore('store');

  let saw_a = false, saw_b = false;
  try {
    store.put({
      get a() { saw_a = true; },
      sab: sab,
      get b() { saw_b = true; }
    }, 'key');
  } catch (ex) {
    // assert ex.name is DataCloneError
    // assert saw_a is true
    // assert saw_b is false
  }
};

Comment 1 by jsb...@chromium.org, Apr 24 2017

Cc: domenic@chromium.org

See also: 

https://github.com/whatwg/html/pull/2518
https://github.com/w3c/web-platform-tests/pull/5003

The latter (by domenic) has web-platform-test cases for this and related cases.

Project Member

Comment 2 by bugdroid1@chromium.org, Apr 25 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/08d35f601c7cfbdc66f9a7f8836e32028d344559

commit 08d35f601c7cfbdc66f9a7f8836e32028d344559
Author: binji <binji@chromium.org>
Date: Tue Apr 25 20:24:56 2017

SharedArrayBuffer throws serializing to indexeddb

The StructuredDeserialize spec now has a special case for serializing
for storage: it doesn't allow SharedArrayBuffers to be serialized, and
instead throws a DataCloneError.

BUG= chromium:714820 

Review-Url: https://codereview.chromium.org/2838783002
Cr-Commit-Position: refs/heads/master@{#467093}

[modify] https://crrev.com/08d35f601c7cfbdc66f9a7f8836e32028d344559/third_party/WebKit/LayoutTests/LeakExpectations
[modify] https://crrev.com/08d35f601c7cfbdc66f9a7f8836e32028d344559/third_party/WebKit/LayoutTests/SlowTests
[modify] https://crrev.com/08d35f601c7cfbdc66f9a7f8836e32028d344559/third_party/WebKit/LayoutTests/TestExpectations
[modify] https://crrev.com/08d35f601c7cfbdc66f9a7f8836e32028d344559/third_party/WebKit/LayoutTests/VirtualTestSuites
[add] https://crrev.com/08d35f601c7cfbdc66f9a7f8836e32028d344559/third_party/WebKit/LayoutTests/storage/indexeddb/shared-array-buffer-throws.html
[add] https://crrev.com/08d35f601c7cfbdc66f9a7f8836e32028d344559/third_party/WebKit/LayoutTests/virtual/sharedarraybuffer/storage/indexeddb/README.txt
[modify] https://crrev.com/08d35f601c7cfbdc66f9a7f8836e32028d344559/third_party/WebKit/Source/bindings/core/v8/SerializedScriptValue.h
[modify] https://crrev.com/08d35f601c7cfbdc66f9a7f8836e32028d344559/third_party/WebKit/Source/bindings/core/v8/serialization/V8ScriptValueSerializer.cpp
[modify] https://crrev.com/08d35f601c7cfbdc66f9a7f8836e32028d344559/third_party/WebKit/Source/bindings/core/v8/serialization/V8ScriptValueSerializer.h
[modify] https://crrev.com/08d35f601c7cfbdc66f9a7f8836e32028d344559/third_party/WebKit/Source/modules/indexeddb/IDBObjectStore.cpp

Comment 3 by gab@chromium.org, Apr 26 2017

Blockedon: 715567

Project Member

Comment 4 by bugdroid1@chromium.org, Apr 26 2017

Labels: merge-merged-3081

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f750977ebbc4ec36025cd83cae26687dafad0fa3

commit f750977ebbc4ec36025cd83cae26687dafad0fa3
Author: dimu <dimu@google.com>
Date: Wed Apr 26 17:42:27 2017

Revert of SharedArrayBuffer throws serializing to indexeddb (patchset #4 id:60001 of https://codereview.chromium.org/2838783002/ )

Reason for revert:
Suspect for http://crbug.com/715567 (crash when typing in hangouts chat window).

Original issue's description:
> SharedArrayBuffer throws serializing to indexeddb
>
> The StructuredDeserialize spec now has a special case for serializing
> for storage: it doesn't allow SharedArrayBuffers to be serialized, and
> instead throws a DataCloneError.
>
> BUG= chromium:714820 
>
> Review-Url: https://codereview.chromium.org/2838783002
> Cr-Commit-Position: refs/heads/master@{#467093}
> Committed: https://chromium.googlesource.com/chromium/src/+/08d35f601c7cfbdc66f9a7f8836e32028d344559

TBR=jbroman@chromium.org,haraken@chromium.org,jsbell@chromium.org,binji@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:715567

Review-Url: https://codereview.chromium.org/2845623002
Cr-Commit-Position: refs/heads/master@{#467325}
(cherry picked from commit d86073fac8a47abe754598992e1b8424d7534b9f)

Review-Url: https://codereview.chromium.org/2844013003 .
Cr-Commit-Position: refs/branch-heads/3081@{#3}
Cr-Branched-From: c874a28819750c3da98cbc8abc8ace690bfa9e1e-refs/heads/master@{#467177}

[modify] https://crrev.com/f750977ebbc4ec36025cd83cae26687dafad0fa3/third_party/WebKit/LayoutTests/LeakExpectations
[modify] https://crrev.com/f750977ebbc4ec36025cd83cae26687dafad0fa3/third_party/WebKit/LayoutTests/SlowTests
[modify] https://crrev.com/f750977ebbc4ec36025cd83cae26687dafad0fa3/third_party/WebKit/LayoutTests/TestExpectations
[modify] https://crrev.com/f750977ebbc4ec36025cd83cae26687dafad0fa3/third_party/WebKit/LayoutTests/VirtualTestSuites
[delete] https://crrev.com/72a37e4d5d381a57e2a1747c65e49c65012a5440/third_party/WebKit/LayoutTests/storage/indexeddb/shared-array-buffer-throws.html
[delete] https://crrev.com/72a37e4d5d381a57e2a1747c65e49c65012a5440/third_party/WebKit/LayoutTests/virtual/sharedarraybuffer/storage/indexeddb/README.txt
[modify] https://crrev.com/f750977ebbc4ec36025cd83cae26687dafad0fa3/third_party/WebKit/Source/bindings/core/v8/SerializedScriptValue.h
[modify] https://crrev.com/f750977ebbc4ec36025cd83cae26687dafad0fa3/third_party/WebKit/Source/bindings/core/v8/serialization/V8ScriptValueSerializer.cpp
[modify] https://crrev.com/f750977ebbc4ec36025cd83cae26687dafad0fa3/third_party/WebKit/Source/bindings/core/v8/serialization/V8ScriptValueSerializer.h
[modify] https://crrev.com/f750977ebbc4ec36025cd83cae26687dafad0fa3/third_party/WebKit/Source/modules/indexeddb/IDBObjectStore.cpp

Project Member

Comment 5 by bugdroid1@chromium.org, Apr 28 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/14ddf4a2b43673a91f552143adb6e7cf03acbb8b

commit 14ddf4a2b43673a91f552143adb6e7cf03acbb8b
Author: binji <binji@chromium.org>
Date: Fri Apr 28 19:07:21 2017

Reland of SharedArrayBuffer throws serializing to indexeddb (patchset #1 id:1 of https://codereview.chromium.org/2845623002/ )

Reason for revert:
This CL was speculatively suspected as the cause of http://crbug.com/715567, but it turned out was unrelated.

Original issue's description:
> Revert of SharedArrayBuffer throws serializing to indexeddb (patchset #4 id:60001 of https://codereview.chromium.org/2838783002/ )
>
> Reason for revert:
> Suspect for http://crbug.com/715567 (crash when typing in hangouts chat window).
>
> Original issue's description:
> > SharedArrayBuffer throws serializing to indexeddb
> >
> > The StructuredDeserialize spec now has a special case for serializing
> > for storage: it doesn't allow SharedArrayBuffers to be serialized, and
> > instead throws a DataCloneError.
> >
> > BUG= chromium:714820 
> >
> > Review-Url: https://codereview.chromium.org/2838783002
> > Cr-Commit-Position: refs/heads/master@{#467093}
> > Committed: https://chromium.googlesource.com/chromium/src/+/08d35f601c7cfbdc66f9a7f8836e32028d344559
>
> TBR=jbroman@chromium.org,haraken@chromium.org,jsbell@chromium.org,binji@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG= chromium:714820 
>
> Review-Url: https://codereview.chromium.org/2845623002
> Cr-Commit-Position: refs/heads/master@{#467325}
> Committed: https://chromium.googlesource.com/chromium/src/+/d86073fac8a47abe754598992e1b8424d7534b9f

TBR=jbroman@chromium.org,haraken@chromium.org,jsbell@chromium.org,gab@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG= chromium:714820 

Review-Url: https://codereview.chromium.org/2848933002
Cr-Commit-Position: refs/heads/master@{#468084}

[modify] https://crrev.com/14ddf4a2b43673a91f552143adb6e7cf03acbb8b/third_party/WebKit/LayoutTests/LeakExpectations
[modify] https://crrev.com/14ddf4a2b43673a91f552143adb6e7cf03acbb8b/third_party/WebKit/LayoutTests/SlowTests
[modify] https://crrev.com/14ddf4a2b43673a91f552143adb6e7cf03acbb8b/third_party/WebKit/LayoutTests/TestExpectations
[modify] https://crrev.com/14ddf4a2b43673a91f552143adb6e7cf03acbb8b/third_party/WebKit/LayoutTests/VirtualTestSuites
[add] https://crrev.com/14ddf4a2b43673a91f552143adb6e7cf03acbb8b/third_party/WebKit/LayoutTests/storage/indexeddb/shared-array-buffer-throws.html
[add] https://crrev.com/14ddf4a2b43673a91f552143adb6e7cf03acbb8b/third_party/WebKit/LayoutTests/virtual/sharedarraybuffer/storage/indexeddb/README.txt
[modify] https://crrev.com/14ddf4a2b43673a91f552143adb6e7cf03acbb8b/third_party/WebKit/Source/bindings/core/v8/SerializedScriptValue.h
[modify] https://crrev.com/14ddf4a2b43673a91f552143adb6e7cf03acbb8b/third_party/WebKit/Source/bindings/core/v8/serialization/V8ScriptValueSerializer.cpp
[modify] https://crrev.com/14ddf4a2b43673a91f552143adb6e7cf03acbb8b/third_party/WebKit/Source/bindings/core/v8/serialization/V8ScriptValueSerializer.h
[modify] https://crrev.com/14ddf4a2b43673a91f552143adb6e7cf03acbb8b/third_party/WebKit/Source/modules/indexeddb/IDBObjectStore.cpp

Comment 6 by binji@chromium.org, May 2 2017

Status: Fixed (was: Assigned)

►

Issue 714820 link

Issue metadata

Throw DataCloneError when putting SharedArrayBuffer into IndexedDB

Issue description

Comment 1 by jsb...@chromium.org, Apr 24 2017

Comment 1 Deleted

Comment 2 by bugdroid1@chromium.org, Apr 25 2017

Comment 2 Deleted

Comment 3 by gab@chromium.org, Apr 26 2017

Comment 3 Deleted

Comment 4 by bugdroid1@chromium.org, Apr 26 2017

Comment 4 Deleted

Comment 5 by bugdroid1@chromium.org, Apr 28 2017

Comment 5 Deleted

Comment 6 by binji@chromium.org, May 2 2017

Comment 6 Deleted

Sign in to add a comment