Fix buffer underflow bug in tab save state.

For Android JellyBean and older, there was a bug in
MappedByteBufferAdapter that caused ByteBuffer#rewind() to not be
propagated to the underlying buffer, causing buffer underflow when
the same buffer was read completely again to save the state. Fix is
to manually read the buffer rather than rely on rewind/remaining.

BUG=635744

Review-Url: https://codereview.chromium.org/2395493002
Cr-Commit-Position: refs/heads/master@{#422910}

chrome/android/java/src/org/chromium/chrome/browser/TabState.java

@@ -5,6 +5,7 @@
 package org.chromium.chrome.browser;
 
 import android.graphics.Color;
+import android.os.Build;
 import android.os.Handler;
 import android.util.Log;
 import android.util.Pair;
@@ -298,9 +299,18 @@ public class TabState {
         // Create the byte array from contentsState before opening the FileOutputStream, in case
         // contentsState.buffer is an instance of MappedByteBuffer that is mapped to
         // the tab state file.
-        state.contentsState.buffer().rewind();
-        byte[] contentsStateBytes = new byte[state.contentsState.buffer().remaining()];
-        state.contentsState.buffer().get(contentsStateBytes);
+        byte[] contentsStateBytes = new byte[state.contentsState.buffer().limit()];
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
+            state.contentsState.buffer().rewind();
+            state.contentsState.buffer().get(contentsStateBytes);
+        } else {
+            // For JellyBean and below a bug in MappedByteBufferAdapter causes rewind to not be
+            // propagated to the underlying ByteBuffer, and results in an underflow exception. See:
+            // http://b.android.com/53637.
+            for (int i = 0; i < state.contentsState.buffer().limit(); i++) {
+                contentsStateBytes[i] = state.contentsState.buffer().get(i);
+            }
+        }
 
         DataOutputStream dataOutputStream = null;
         FileOutputStream fileOutputStream = null;