[webkit-changes] [223350] releases/WebKitGTK/webkit-2.18/Source/WebKit

[carlosgc]

Title: [223350] releases/WebKitGTK/webkit-2.18/Source/WebKit

Revision

223350

Author

carlo...@webkit.org

Date

2017-10-16 02:24:51 -0700 (Mon, 16 Oct 2017)

Log Message

Merge r221779 - [GTK][WPE] UI process crash in WebBackForwardList::restoreFromState
https://bugs.webkit.org/show_bug.cgi?id=176303

Reviewed by Michael Catanzaro.

Ensure the current index provided by the session state is not out of actual item list bounds. This is a bug in
the session state decoder, but WebBackForwardList::backForwardListState() is already doing the check and using
the last item index instead, so it's not easy to know where the actual problem is. In any case we should
still protect the decoder.

* UIProcess/API/glib/WebKitWebViewSessionState.cpp:
(decodeSessionState):

Modified Paths

• releases/WebKitGTK/webkit-2.18/Source/WebKit/ChangeLog
• releases/WebKitGTK/webkit-2.18/Source/WebKit/UIProcess/API/glib/WebKitWebViewSessionState.cpp

Diff

Modified: releases/WebKitGTK/webkit-2.18/Source/WebKit/ChangeLog (223349 => 223350)

--- releases/WebKitGTK/webkit-2.18/Source/WebKit/ChangeLog	2017-10-16 09:23:59 UTC (rev 223349)
+++ releases/WebKitGTK/webkit-2.18/Source/WebKit/ChangeLog	2017-10-16 09:24:51 UTC (rev 223350)
@@ -1,3 +1,18 @@
+2017-09-07  Carlos Garcia Campos  <cgar...@igalia.com>
+
+        [GTK][WPE] UI process crash in WebBackForwardList::restoreFromState
+        https://bugs.webkit.org/show_bug.cgi?id=176303
+
+        Reviewed by Michael Catanzaro.
+
+        Ensure the current index provided by the session state is not out of actual item list bounds. This is a bug in
+        the session state decoder, but WebBackForwardList::backForwardListState() is already doing the check and using
+        the last item index instead, so it's not easy to know where the actual problem is. In any case we should
+        still protect the decoder.
+
+        * UIProcess/API/glib/WebKitWebViewSessionState.cpp:
+        (decodeSessionState):
+
 2017-09-06  Adrian Perez de Castro  <ape...@igalia.com>
 
         [WPE][CMake] Fix path to the WebKitApplicationInfo.h header.

Modified: releases/WebKitGTK/webkit-2.18/Source/WebKit/UIProcess/API/glib/WebKitWebViewSessionState.cpp (223349 => 223350)

--- releases/WebKitGTK/webkit-2.18/Source/WebKit/UIProcess/API/glib/WebKitWebViewSessionState.cpp	2017-10-16 09:23:59 UTC (rev 223349)
+++ releases/WebKitGTK/webkit-2.18/Source/WebKit/UIProcess/API/glib/WebKitWebViewSessionState.cpp	2017-10-16 09:24:51 UTC (rev 223350)
@@ -369,7 +369,7 @@
     decodeBackForwardListItemState(backForwardListStateIter.get(), sessionState.backForwardListState);
 
     if (hasCurrentIndex)
-        sessionState.backForwardListState.currentIndex = currentIndex;
+        sessionState.backForwardListState.currentIndex = std::min<uint32_t>(currentIndex, sessionState.backForwardListState.items.size() - 1);
     return true;
 }
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes