Bug 43270

Summary: WebBackForwardList::backListAsImmutableArrayWithLimit() can return array with bogus items if limit is large
Product: WebKit Reporter: Ada Chan <adachan>
Component: WebKit2Assignee: Ada Chan <adachan>
Status: RESOLVED FIXED    
Severity: Normal CC: sullivan
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: OS X 10.5   
Attachments:
Description Flags
Patch sullivan: review+

Description Ada Chan 2010-07-30 14:13:53 PDT 
In one example, we pass in max size_t value as the limit, and the line 

unsigned i = std::max<int>(m_current - limit, 0)

returns a positive integer that's >= m_current, when we expect it to be 0.
Comment 1 Ada Chan 2010-07-30 14:42:12 PDT 
Created attachment 63103 [details]
Patch
Comment 2 John Sullivan 2010-07-30 15:36:36 PDT 
Comment on attachment 63103 [details]
Patch

Much cleaner.
Comment 3 Ada Chan 2010-07-30 15:39:18 PDT 
Fixed in r64381.