Title: [97681] trunk/Source/WebKit2
- Revision
- 97681
- Author
- [email protected]
- Date
- 2011-10-17 17:41:29 -0700 (Mon, 17 Oct 2011)
Log Message
Filtering of URLs when serializing back forward list saves bad current index value
https://bugs.webkit.org/show_bug.cgi?id=70282
<rdar://problem/10057763>
Reviewed by Sam Weinig.
When reading the serialized b-f list, perform a sanity check on the current index.
If it is invalid, we set it to NoCurrentItemIndex to prevent further corruption of
the list.
When serializing the b-f list, currentIndex can be negative in the case where the list
has one item only, and that item gets filtered out. In this instance currentIndex should
just be -1. A crashing case showed an index that was more negative, a situation that I
could not replicate. Since this value will get cleaned up when the b-f list is restored,
I just strengthened the assertion to check for a more negative index in case we run into it again.
* UIProcess/cf/WebBackForwardListCF.cpp:
(WebKit::WebBackForwardList::createCFDictionaryRepresentation): Update the assertion
in case we go beyond NoCurrentItemIndex (which, as an int, is -1).
(WebKit::WebBackForwardList::restoreFromCFDictionaryRepresentation):
Modified Paths
Diff
Modified: trunk/Source/WebKit2/ChangeLog (97680 => 97681)
--- trunk/Source/WebKit2/ChangeLog 2011-10-18 00:33:15 UTC (rev 97680)
+++ trunk/Source/WebKit2/ChangeLog 2011-10-18 00:41:29 UTC (rev 97681)
@@ -1,3 +1,26 @@
+2011-10-17 Jon Lee <[email protected]>
+
+ Filtering of URLs when serializing back forward list saves bad current index value
+ https://bugs.webkit.org/show_bug.cgi?id=70282
+ <rdar://problem/10057763>
+
+ Reviewed by Sam Weinig.
+
+ When reading the serialized b-f list, perform a sanity check on the current index.
+ If it is invalid, we set it to NoCurrentItemIndex to prevent further corruption of
+ the list.
+
+ When serializing the b-f list, currentIndex can be negative in the case where the list
+ has one item only, and that item gets filtered out. In this instance currentIndex should
+ just be -1. A crashing case showed an index that was more negative, a situation that I
+ could not replicate. Since this value will get cleaned up when the b-f list is restored,
+ I just strengthened the assertion to check for a more negative index in case we run into it again.
+
+ * UIProcess/cf/WebBackForwardListCF.cpp:
+ (WebKit::WebBackForwardList::createCFDictionaryRepresentation): Update the assertion
+ in case we go beyond NoCurrentItemIndex (which, as an int, is -1).
+ (WebKit::WebBackForwardList::restoreFromCFDictionaryRepresentation):
+
2011-10-14 Chris Marrin <[email protected]>
Throttle rate of requestAnimationFrame when page is not visible
Modified: trunk/Source/WebKit2/UIProcess/cf/WebBackForwardListCF.cpp (97680 => 97681)
--- trunk/Source/WebKit2/UIProcess/cf/WebBackForwardListCF.cpp 2011-10-18 00:33:15 UTC (rev 97680)
+++ trunk/Source/WebKit2/UIProcess/cf/WebBackForwardListCF.cpp 2011-10-18 00:41:29 UTC (rev 97681)
@@ -82,7 +82,7 @@
CFArrayAppendValue(entries.get(), entryDictionary.get());
}
- ASSERT(currentIndex < CFArrayGetCount(entries.get()));
+ ASSERT(currentIndex < CFArrayGetCount(entries.get()) && currentIndex >= static_cast<int>(NoCurrentItemIndex));
RetainPtr<CFNumberRef> currentIndexNumber(AdoptCF, CFNumberCreate(0, kCFNumberIntType, ¤tIndex));
const void* keys[2] = { SessionHistoryCurrentIndexKey(), SessionHistoryEntriesKey() };
@@ -158,8 +158,11 @@
newEntries.append(WebBackForwardListItem::create(originalURL, entryURL, entryTitle, CFDataGetBytePtr(backForwardData), CFDataGetLength(backForwardData), generateWebBackForwardItemID()));
}
+ m_entries = newEntries;
m_current = currentIndex;
- m_entries = newEntries;
+ // Perform a sanity check: in case we're out of range, we reset.
+ if (m_current != NoCurrentItemIndex && m_current >= newEntries.size())
+ m_current = NoCurrentItemIndex;
return true;
}
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
