Comment 1 for bug 1649861

Olivier Tilloy (osomon) wrote :

I confirm that https://chromium.googlesource.com/chromium/src/+/f62ca6f9d33e93733fccb3f3815d9554429dbb38 introduced the regression: serialized navigation entries are pickled one after the other, and the size of the resulting data is not stored anywhere. As a result, the new implementation of SerializedNavigationEntry::ReadFromPickle() starts reading from the beginning of the next entry looking for extended info.

It is unfortunate that navigation entries are serialized this way. To prevent this from happening again in the future when additional data is added to serialized navigation entries, we should pickle them separately, and for each entry store the size followed by the raw data.