diff --git a/dom/indexedDB/IDBObjectStoreRequest.cpp b/dom/indexedDB/IDBObjectStoreRequest.cpp
index 849b5172a27..702f7690e42 100644
--- a/dom/indexedDB/IDBObjectStoreRequest.cpp
+++ b/dom/indexedDB/IDBObjectStoreRequest.cpp
@@ -327,7 +327,10 @@ nsresult
 IDBObjectStoreRequest::GetKeyFromVariant(nsIVariant* aKeyVariant,
                                          Key& aKey)
 {
-  NS_ASSERTION(aKeyVariant, "Null pointer!");
+  if (!aKeyVariant) {
+    aKey = Key::UNSETKEY;
+    return NS_OK;
+  }
 
   PRUint16 type;
   nsresult rv = aKeyVariant->GetDataType(&type);
@@ -556,7 +559,11 @@ IDBObjectStoreRequest::GetAddInfo(/* jsval aValue, */
     }
   }
   else {
-    // Inline keys live on the object.
+    // Inline keys live on the object. Make sure it is an object.
+    if (JSVAL_IS_PRIMITIVE(clone.value())) {
+      return NS_ERROR_INVALID_ARG;
+    }
+
     rv = GetKeyFromObject(cx, JSVAL_TO_OBJECT(clone.value()), mKeyPath, aKey);
     NS_ENSURE_SUCCESS(rv, rv);
 
diff --git a/dom/indexedDB/test/Makefile.in b/dom/indexedDB/test/Makefile.in
index c5be70e6283..0eb3a53eb53 100644
--- a/dom/indexedDB/test/Makefile.in
+++ b/dom/indexedDB/test/Makefile.in
@@ -47,6 +47,7 @@ include $(topsrcdir)/config/rules.mk
 _TEST_FILES = \
   helpers.js \
   test_add_twice_failure.html \
+  test_bad_keypath.html \
   test_create_index.html \
   test_create_objectStore.html \
   test_cursors.html \
diff --git a/dom/indexedDB/test/test_bad_keypath.html b/dom/indexedDB/test/test_bad_keypath.html
new file mode 100644
index 00000000000..8ca93d5da1d
--- /dev/null
+++ b/dom/indexedDB/test/test_bad_keypath.html
@@ -0,0 +1,55 @@
+<!--
+  Any copyright is dedicated to the Public Domain.
+  http://creativecommons.org/publicdomain/zero/1.0/
+-->
+<html>
+<head>
+  <title>Indexed Database Property Test</title>
+
+  <script type="text/javascript" src="/MochiKit/packed.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+
+  <script type="text/javascript;version=1.7">
+    function testSteps()
+    {
+      const name = window.location.pathname;
+      const description = "My Test Database";
+      const NS_ERROR_INVALID_ARG = 0x80070057;
+
+      let request = moz_indexedDB.open(name, description);
+      request.onerror = errorHandler;
+      request.onsuccess = grabEventAndContinueHandler;
+      let event = yield;
+
+      let db = event.result;
+
+      request = db.createObjectStore("foo", "keyPath");
+      request.onerror = errorHandler;
+      request.onsuccess = grabEventAndContinueHandler;
+      event = yield;
+
+      let objectStore = event.result;
+
+      request = objectStore.add({keyPath:"foo"});
+      request.onerror = errorHandler;
+      request.onsuccess = grabEventAndContinueHandler;
+      event = yield;
+
+      try {
+        request = objectStore.add({});
+      }
+      catch (e) {
+        is(e.result, NS_ERROR_INVALID_ARG, "Good error");
+      }
+
+      finishTest();
+      yield;
+    }
+  </script>
+  <script type="text/javascript;version=1.7" src="helpers.js"></script>
+</head>
+
+<body onload="runTest();"></body>
+
+</html>