Strange. We're apparently crashing with an access violation in the call to `std::max_element(resulting_offsets.begin(), resulting_offsets.end())` [here](https://searchfox.org/mozilla-central/rev/8ec3cc0472ad4f51b254728d024b696eaba82ba0/gfx/ots/src/glyf.cc#485-486), which suggests that there's something wrong with the `begin()` or `end()` iterators that we're passing to `max_element`. But `resulting_offsets` is just a `std::vector<uint32_t>` that was allocated (and sized) [here](https://searchfox.org/mozilla-central/rev/8ec3cc0472ad4f51b254728d024b696eaba82ba0/gfx/ots/src/glyf.cc#365), and all we've done with it is to fill in values with simple `resulting_offsets[i] = ...` assignments. The vector is a local var that's still in scope, so its `begin()` and `end()` ought to be perfectly safe to use. Oh, wait.... what if the range is empty? Then `max_element` would return the `.end()` iterator, but that's wouldn't be safe to deref... nope, can't be that, because the vector has `num_glyphs + 1` elements, so it isn't zero-length even in the degenerate case of a font with no glyphs. No idea what's happening here....
Bug 1895636 Comment 6 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Strange. We're apparently crashing with an access violation in the call to `std::max_element(resulting_offsets.begin(), resulting_offsets.end())` [here](https://searchfox.org/mozilla-central/rev/8ec3cc0472ad4f51b254728d024b696eaba82ba0/gfx/ots/src/glyf.cc#485-486), which suggests that there's something wrong with the `begin()` or `end()` iterators that we're passing to `max_element`. But `resulting_offsets` is just a `std::vector<uint32_t>` that was allocated (and sized) [here](https://searchfox.org/mozilla-central/rev/8ec3cc0472ad4f51b254728d024b696eaba82ba0/gfx/ots/src/glyf.cc#365), and all we've done with it is to fill in values with simple `resulting_offsets[i] = ...` assignments. The vector is a local var that's still in scope, so its `begin()` and `end()` ought to be perfectly safe to use. Oh, wait.... what if the range is empty? Then `max_element` would return the `.end()` iterator, but that wouldn't be safe to deref... nope, can't be that, because the vector has `num_glyphs + 1` elements, so it isn't zero-length even in the degenerate case of a font with no glyphs. No idea what's happening here....