[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc

sullivan at apple.com sullivan at apple.com
Wed Dec 22 11:38:55 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit 29751f214304e91f19608937e1226336b927b840
Author: sullivan at apple.com <sullivan at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Mon Aug 2 18:33:31 2010 +0000

    https://bugs.webkit.org/show_bug.cgi?id=43369
    WebBackForwardList::forwardListAsImmutableArrayWithLimit can return partly-uninitialized array
    
    Reviewed by Ada Chan.
    
    * UIProcess/WebBackForwardList.cpp:
    (WebKit::WebBackForwardList::forwardListAsImmutableArrayWithLimit):
    Use a simpler and correct expression to determine "last".
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@64480 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebKit2/ChangeLog b/WebKit2/ChangeLog
index b328c24..4f73f98 100644
--- a/WebKit2/ChangeLog
+++ b/WebKit2/ChangeLog
@@ -1,3 +1,14 @@
+2010-08-02  John Sullivan  <sullivan at apple.com>
+
+        https://bugs.webkit.org/show_bug.cgi?id=43369
+        WebBackForwardList::forwardListAsImmutableArrayWithLimit can return partly-uninitialized array
+        
+        Reviewed by Ada Chan.
+
+        * UIProcess/WebBackForwardList.cpp:
+        (WebKit::WebBackForwardList::forwardListAsImmutableArrayWithLimit):
+        Use a simpler and correct expression to determine "last".
+
 2010-08-02  Anders Carlsson  <andersca at apple.com>
 
         Reviewed by Sam Weinig.
diff --git a/WebKit2/UIProcess/WebBackForwardList.cpp b/WebKit2/UIProcess/WebBackForwardList.cpp
index 50de52b..886a960 100644
--- a/WebKit2/UIProcess/WebBackForwardList.cpp
+++ b/WebKit2/UIProcess/WebBackForwardList.cpp
@@ -191,7 +191,8 @@ PassRefPtr<ImmutableArray> WebBackForwardList::forwardListAsImmutableArrayWithLi
         return ImmutableArray::create();
 
     APIObject** array = new APIObject*[size];
-    unsigned last = std::min(m_current + limit, static_cast<unsigned>(m_entries.size() - 1));
+    unsigned last = m_current + size;
+    ASSERT(last < m_entries.size());
     for (unsigned i = m_current + 1, j = 0; i <= last; ++i, ++j) {
         APIObject* item = m_entries[i].get();
         item->ref();

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list