Closed
Bug 218639
Opened 21 years ago
Closed 21 years ago
[FIX]after purging the session history the index and count properties may become negative, which breaks history
Categories
(Core :: DOM: Navigation, defect, P1)
Core
DOM: Navigation
Tracking
()
RESOLVED
FIXED
mozilla1.6alpha
People
(Reporter: david, Assigned: bzbarsky)
Details
Attachments
(2 files)
1.60 KB,
application/vnd.mozilla.xul+xml
|
Details | |
1.64 KB,
patch
|
bzbarsky
:
review+
jag+mozilla
:
superreview+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5b) Gecko/20030827 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5b) Gecko/20030827 sessionHistory.PurgeHistory(num) decrements both the current count and the current index by num, which can cause sessionHistory.index to become negative. A furthur click to a link then causes count also to become negative, breaking the history stack beyond repair. Reproducible: Always Steps to Reproduce: 1. Install and run the attached XUL demo. 2. Click on five links. Pressing "history-size" shows that six items are on the stack and the current index is at 5. 3. Hit the back button two times. "history-size" shows that six items are on the stack and the current index is at 3 4. Purge the history 5. "history-size" shows that the index got negative (-3) and the stack is empty 6. Click another link. 7. "history-size" now shows that the index is -2 and the size is -1, which seems bad.
Reporter | ||
Comment 1•21 years ago
|
||
Comment 2•21 years ago
|
||
David, your attachment yields: XML Parsing Error: not well-formed Location: http://bugzilla.mozilla.org/attachment.cgi?id=131072&action=view Line Number 8, Column 51:<script type="application/x-javascript"/><[CDATA[ --------------------------------------------------^
Comment 3•21 years ago
|
||
I believe you've closed the <script> tag twice.
Assignee | ||
Comment 4•21 years ago
|
||
This should be a faily simple fix -- if mIndex is less than -1 after the purge, set it to -1 in nsSHistory::PurgeHistory. Also, this code should crash if aEntries is too big (derefs a null mRootList, as far as I can see). I can't fix this at the moment, but if there is no one willing to work on it who takes the bug in the next week or so, please reassign it to me and I'll fix when get back.
Assignee | ||
Comment 5•21 years ago
|
||
Taking.
Assignee: radha → bzbarsky
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows 2000 → All
Priority: -- → P1
Hardware: PC → All
Summary: after purging the session history the index and count properties may become negative, which breaks history → [FIX]after purging the session history the index and count properties may become negative, which breaks history
Target Milestone: --- → mozilla1.6alpha
Assignee | ||
Comment 6•21 years ago
|
||
Assignee | ||
Comment 7•21 years ago
|
||
Comment on attachment 133592 [details] [diff] [review] Patch timeless, could you review? jag, could you sr?
Attachment #133592 -
Flags: superreview?(jag)
Attachment #133592 -
Flags: review?(timeless)
Comment 8•21 years ago
|
||
Comment on attachment 133592 [details] [diff] [review] Patch sr=jag
Attachment #133592 -
Flags: superreview?(jag) → superreview+
Assignee | ||
Comment 9•21 years ago
|
||
Comment on attachment 133592 [details] [diff] [review] Patch r=timeless on irc.
Attachment #133592 -
Flags: review?(timeless) → review+
Assignee | ||
Comment 10•21 years ago
|
||
fixed.
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Component: History: Session → Document Navigation
QA Contact: chrispetersen → docshell
You need to log in
before you can comment on or make changes to this bug.
Description
•