Closed
Bug 1743637
Opened 2 years ago
Closed 2 years ago
Fix array out of bounds in nsTextFrame::ToCString
Categories
(Core :: Layout: Text and Fonts, defect, P3)
Core
Layout: Text and Fonts
Tracking
()
RESOLVED
FIXED
97 Branch
| Tracking | Status | |
|---|---|---|
| firefox97 | --- | fixed |
People
(Reporter: mikokm, Assigned: mikokm)
References
Details
Attachments
(1 file)
Noticed that this caused a crash when calling nsIFrame::GetFrameName() when running for example dom/tests/mochitest/dom-level1-core/test_hc_characterdatadeletedataexceedslength.html.
0:46.91 GECKO(471795) GetContentLength(): 5, frag->GetLength(): 4
0:46.91 GECKO(471795) Assertion failure: aIndex < mState.mLength (bad index), at /home/miko/Code/mu3/dom/base/nsTextFragment.h:219
Initializing stack-fixing for the first stack frame, this may take a while...
1:01.89 GECKO(471795) #01: nsTextFragment::CharAt(unsigned int) const (/home/miko/Code/mu3/dom/base/nsTextFragment.h:219)
1:01.89 GECKO(471795) #02: nsTextFrame::ToCString(nsTString<char>&, int*) const (/home/miko/Code/mu3/layout/generic/nsTextFrame.cpp:10263)
1:01.90 GECKO(471795) #03: nsTextFrame::GetFrameName(nsTSubstring<char16_t>&) const (/home/miko/Code/mu3/layout/generic/nsTextFrame.cpp:10282)
|
Assignee | |
Comment 1•2 years ago
|
||
Pushed by mikokm@gmail.com: https://hg.mozilla.org/integration/autoland/rev/e86bd6c22ef7 Fix array out of bounds in nsTextFrame::ToCString r=emilio
|
||
Comment 3•2 years ago
|
||
Backed out for causing android failures
Backout link: https://hg.mozilla.org/integration/autoland/rev/b72e28915eff25f3fc1365f063bfd528eca91f1b
Flags: needinfo?(mikokm)
|
|
Assignee | |
Updated•2 years ago
|
Flags: needinfo?(mikokm)
Pushed by mikokm@gmail.com: https://hg.mozilla.org/integration/autoland/rev/7af79a49bf5f Fix array out of bounds in nsTextFrame::ToCString r=emilio
|
||
Comment 5•2 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox96:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 96 Branch
|
||
Comment 6•2 years ago
|
||
Backed out changeset 7af79a49bf5f (Bug 1743637) for causing perma geckoview failures
Log: https://treeherder.mozilla.org/logviewer?job_id=359959315&repo=autoland&lineNumber=14463
Status: RESOLVED → REOPENED
status-firefox96:
fixed → ---
Flags: needinfo?(mikokm)
Resolution: FIXED → ---
Target Milestone: 96 Branch → ---
Backout by nerli@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/8290bc0f4ceb Backed out changeset 7af79a49bf5f for causing perma geckoview failures
|
|
Assignee | |
Updated•2 years ago
|
Flags: needinfo?(mikokm)
|
||
Comment 8•2 years ago
|
||
Backout merged to central: https://hg.mozilla.org/mozilla-central/rev/8290bc0f4cebe33a586feabe5d9040dedcd6a94d
Pushed by mikokm@gmail.com: https://hg.mozilla.org/integration/autoland/rev/02d8ea288aad Fix array out of bounds in nsTextFrame::ToCString r=emilio
|
||
Comment 10•2 years ago
|
||
| bugherder | ||
Status: REOPENED → RESOLVED
Closed: 2 years ago → 2 years ago
status-firefox97:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 97 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•