Bug 921311 - Fix out-of-bounds index in session history collection (r=ttaubert)
authorBill McCloskey <wmccloskey@mozilla.com>
Fri, 27 Sep 2013 17:58:59 -0700
changeset 149120 79cba73c77ba2acc2c6fdc955db2d5529c2f43f9
parent 149119 3113b46272ac6748bc50fd6c4fac16de83f7f34f
child 149121 d976524b87747f4935cc47fbaa38b23f8c1b4645
push id25374
push usercbook@mozilla.com
push dateSun, 29 Sep 2013 09:37:16 +0000
treeherdermozilla-central@8f805d3ef377 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersttaubert
bugs921311
milestone27.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 921311 - Fix out-of-bounds index in session history collection (r=ttaubert)
browser/components/sessionstore/src/SessionHistory.jsm
--- a/browser/components/sessionstore/src/SessionHistory.jsm
+++ b/browser/components/sessionstore/src/SessionHistory.jsm
@@ -69,17 +69,19 @@ let SessionHistoryInternal = {
       } catch (ex) {
         // In some cases, getEntryAtIndex will throw. This seems to be due to
         // history.count being higher than it should be. By doing this in a
         // try-catch, we'll update history to where it breaks, print an error
         // message, and still save sessionstore.js.
         debug("SessionStore failed gathering complete history " +
               "for the focused window/tab. See bug 669196.");
       }
-      data.index = history.index + 1;
+
+      // Ensure the index isn't out of bounds if an exception was thrown above.
+      data.index = Math.min(history.index + 1, data.entries.length);
     } else {
       let uri = webNavigation.currentURI.spec;
       // We landed here because the history is inaccessible or there are no
       // history entries. In that case we should at least record the docShell's
       // current URL as a single history entry. If the URL is not about:blank
       // or it's a blank tab that was modified (like a custom newtab page),
       // record it. For about:blank we explicitly want an empty array without
       // an 'index' property to denote that there are no history entries.