Bug 285446
| Summary: | Commit provisional history items that are not cancelled during policy decision | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Charlie Wolfe <charliew> |
| Component: | History | Assignee: | Charlie Wolfe <charliew> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | fujii.hironori, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| See Also: |
https://bugs.webkit.org/show_bug.cgi?id=285579 https://bugs.webkit.org/show_bug.cgi?id=285627 |
||
Charlie Wolfe
In 285421@main, I made the UI process aware of when a web process starts a back/forward navigation but has not yet committed it. However, we did not always notify the UI process when the item was committed. If we fail to notify the UI process, it can result in a state where the current index becomes stale and the provisional index is cleared, leading to a possible out-of-bounds crash when using the current index.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Charlie Wolfe
<rdar://problem/142028791>
Charlie Wolfe
Pull request: https://github.com/WebKit/WebKit/pull/38577
EWS
Committed 288518@main (f2981ff7b160): <https://commits.webkit.org/288518@main>
Reviewed commits have been landed. Closing PR #38577 and removing active labels.
Fujii Hironori
Regressed:
Bug 285579 – REGRESSION(288518@main): http/tests/navigation/forward-and-cancel.html is crashing