43270 – WebBackForwardList::backListAsImmutableArrayWithLimit() can return array with bogus items if limit is large

RESOLVED FIXED 43270

WebBackForwardList::backListAsImmutableArrayWithLimit() can return array with bogus items if limit is large

https://bugs.webkit.org/show_bug.cgi?id=43270

Summary WebBackForwardList::backListAsImmutableArrayWithLimit() can return array with...

Ada Chan

Reported 2010-07-30 14:13:53 PDT

In one example, we pass in max size_t value as the limit, and the line unsigned i = std::max<int>(m_current - limit, 0) returns a positive integer that's >= m_current, when we expect it to be 0.

Attachments
Patch (1.59 KB, patch) 2010-07-30 14:42 PDT, Ada Chan	sullivan: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Ada Chan

Comment 1 2010-07-30 14:42:12 PDT

Created attachment 63103 [details] Patch

John Sullivan

Comment 2 2010-07-30 15:36:36 PDT

Comment on attachment 63103 [details] Patch Much cleaner.

Ada Chan

Comment 3 2010-07-30 15:39:18 PDT

Fixed in r64381.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware PC

OS OS X 10.5

Product WebKit

Component WebKit2

Assignee

Ada Chan

Reported

2010-07-30 14:13 PDT

Modified

2010-07-30 15:39 PDT History

CC List

1 user Show

URL

Keywords

Depends on

Blocks