Skip to content

Borrow hazard in IDBTransaction::ObjectStore #39946

Closed
#40139
Closed
Borrow hazard in IDBTransaction::ObjectStore#39946
#40139
Labels
A-content/indexeddbIndexedDB implementation issues.C-has-patchI-panicServo encounters a panic.
@jdm

Description

@jdm
jdm
opened on Oct 17, 2025

We start a mutable borrow here:

servo/components/script/dom/idbtransaction.rs

Line 277 in 16506e4

let mut store_handles = self.store_handles.borrow_mut();

We call a method that can transitively GC here:

servo/components/script/dom/idbtransaction.rs

Lines 280 to 287 in 16506e4

let store = IDBObjectStore::new(
&self.global(),
self.db.get_name(),
name,
parameters.as_ref(),
CanGc::note(),
self,
);

When a GC occurs, we panic while trying to trace the self.store_handles member because the mutable borrow is still active.

This can be reproduced with ./mach test-wpt /IndexedDB/nested-cloning-large.any.html --pref js_mem_gc_zeal_level=2 --pref js_mem_gc_zeal_frequency=1 --timeout-multiplier=20 in a --debug-mozjs build.

Metadata

Metadata

Assignees

No one assigned

    Labels

    A-content/indexeddbIndexedDB implementation issues.C-has-patchI-panicServo encounters a panic.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions