fix monkey crash in nav cache

WebView::motionUp() got the latest nav cache, extracted
some nodes from it with findAt(), then called setNavBounds()
which got a newer cache. The older cache node was sent
to CachedRoot::setCursor() which crashed trying to use
the state pointer.

The flaw was that, although motionUp requests the newest
cache up front, and then setNavBounds() requests the stale
cache, in rare circumstances it can receive a newer cache
as well.

The fix is to replace the setNavBounds() function with a
direct call on the valid cache.

Change-Id: If23ee9222f2b701d916911f4b667185f1c3d3d18
http://b/2316138

0 files changed, 0 insertions, 0 deletions