43270 – WebBackForwardList::backListAsImmutableArrayWithLimit() can return array with bogus items if limit is large

Bug 43270 - WebBackForwardList::backListAsImmutableArrayWithLimit() can return array with bogus items if limit is large

Summary: WebBackForwardList::backListAsImmutableArrayWithLimit() can return array with...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit2 (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC OS X 10.5

Importance:	P2 Normal
Assignee:	Ada Chan

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-07-30 14:13 PDT by Ada Chan
Modified:	2010-07-30 15:39 PDT (History)
CC List:	1 user (show)

See Also:

Attachments
Patch (1.59 KB, patch) 2010-07-30 14:42 PDT, Ada Chan	sullivan: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ada Chan 2010-07-30 14:13:53 PDT

In one example, we pass in max size_t value as the limit, and the line 

unsigned i = std::max<int>(m_current - limit, 0)

returns a positive integer that's >= m_current, when we expect it to be 0.

Comment 1 Ada Chan 2010-07-30 14:42:12 PDT

Created attachment 63103 [details]
Patch

Comment 2 John Sullivan 2010-07-30 15:36:36 PDT

Comment on attachment 63103 [details]
Patch

Much cleaner.

Comment 3 Ada Chan 2010-07-30 15:39:18 PDT

Fixed in r64381.