[Webkit-unassigned] [Bug 176303] UI process crash in WebBackForwardList::restoreFromState

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Sep 6 10:38:33 PDT 2017


https://bugs.webkit.org/show_bug.cgi?id=176303

--- Comment #5 from Alex Christensen <achristensen at apple.com> ---
Comment on attachment 319845
  --> https://bugs.webkit.org/attachment.cgi?id=319845
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=319845&action=review

> Source/WebKit/ChangeLog:11
> +        Ensure the current index provided by the session state is not out of actual item list bounds. This is a bug in
> +        the session state decoder, but WebBackForwardList::backForwardListState() is already doing the check and using
> +        the last item index instead, so it's not easy to know where the actual problem is. But in any case we should
> +        still protect the decoder.

If this is a problem with session state decoding, we should fix it in session state decoding.  I think this is the wrong place to add this check.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170906/b71f9066/attachment.html>


More information about the webkit-unassigned mailing list