| Index: chrome/android/java/src/org/chromium/chrome/browser/TabState.java
|
| diff --git a/chrome/android/java/src/org/chromium/chrome/browser/TabState.java b/chrome/android/java/src/org/chromium/chrome/browser/TabState.java
|
| index 16150938f243e033b1017ec47b3131ae61148f4e..72824c006eeab6f5658f3fd6b66c8b0f8a895745 100644
|
| --- a/chrome/android/java/src/org/chromium/chrome/browser/TabState.java
|
| +++ b/chrome/android/java/src/org/chromium/chrome/browser/TabState.java
|
| @@ -5,6 +5,7 @@
|
| package org.chromium.chrome.browser;
|
|
|
| import android.graphics.Color;
|
| +import android.os.Build;
|
| import android.os.Handler;
|
| import android.util.Log;
|
| import android.util.Pair;
|
| @@ -298,9 +299,18 @@ public class TabState {
|
| // Create the byte array from contentsState before opening the FileOutputStream, in case
|
| // contentsState.buffer is an instance of MappedByteBuffer that is mapped to
|
| // the tab state file.
|
| - state.contentsState.buffer().rewind();
|
| - byte[] contentsStateBytes = new byte[state.contentsState.buffer().remaining()];
|
| - state.contentsState.buffer().get(contentsStateBytes);
|
| + byte[] contentsStateBytes = new byte[state.contentsState.buffer().limit()];
|
| + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
|
| + state.contentsState.buffer().rewind();
|
| + state.contentsState.buffer().get(contentsStateBytes);
|
| + } else {
|
| + // For JellyBean and below a bug in MappedByteBufferAdapter causes rewind to not be
|
| + // propagated to the underlying ByteBuffer, and results in an underflow exception. See:
|
| + // http://b.android.com/53637.
|
| + for (int i = 0; i < state.contentsState.buffer().limit(); i++) {
|
| + contentsStateBytes[i] = state.contentsState.buffer().get(i);
|
| + }
|
| + }
|
|
|
| DataOutputStream dataOutputStream = null;
|
| FileOutputStream fileOutputStream = null;
|
|
|
Chromium Code Reviews
Issue 2395493002:
Fix buffer underflow bug in tab save state. (Closed)
