REGRESSION (185319): Reproducible crash in WebHistoryItem launching FluidApp.
authorbeidson@apple.com <beidson@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 1 Jul 2015 17:13:04 +0000 (17:13 +0000)
committerbeidson@apple.com <beidson@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 1 Jul 2015 17:13:04 +0000 (17:13 +0000)
<rdar://problem/21598293> and https://bugs.webkit.org/show_bug.cgi?id=146494

Reviewed by Darin Adler.

* History/WebHistoryItem.mm:
(-[WebHistoryItem initFromDictionaryRepresentation:]): Don’t reference members of a Vector
  that don’t exist.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@186179 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/mac/ChangeLog
Source/WebKit/mac/History/WebHistoryItem.mm

index 0adef51..1c835f6 100644 (file)
@@ -1,3 +1,14 @@
+2015-07-01  Brady Eidson  <beidson@apple.com>
+
+        REGRESSION (185319): Reproducible crash in WebHistoryItem launching FluidApp.
+        <rdar://problem/21598293> and https://bugs.webkit.org/show_bug.cgi?id=146494
+
+        Reviewed by Darin Adler.
+
+        * History/WebHistoryItem.mm:
+        (-[WebHistoryItem initFromDictionaryRepresentation:]): Don’t reference members of a Vector
+          that don’t exist.
+
 2015-06-30  Andy VanWagoner  <thetalecrafter@gmail.com>
 
         Implement ECMAScript Internationalization API
index f2ebec7..2a4ddc5 100644 (file)
@@ -360,15 +360,14 @@ WebHistoryItem *kit(HistoryItem* item)
         core(_private)->setLastVisitWasFailure(true);
     
     if (NSArray *redirectURLs = [dict _webkit_arrayForKey:redirectURLsKey]) {
-        NSUInteger size = [redirectURLs count];
         auto redirectURLsVector = std::make_unique<Vector<String>>();
+        redirectURLsVector->reserveInitialCapacity([redirectURLs count]);
 
-        for (NSUInteger i = 0; i < size; ++i) {
-            id redirectURL = [redirectURLs objectAtIndex:i];
+        for (id redirectURL in redirectURLs) {
             if (![redirectURL isKindOfClass:[NSString class]])
                 continue;
 
-            (*redirectURLsVector)[i] = (NSString *)redirectURL;
+            redirectURLsVector->uncheckedAppend((NSString *)redirectURL);
         }
 
         core(_private)->setRedirectURLs(WTF::move(redirectURLsVector));