Closed Bug 329574 Opened 18 years ago Closed 18 years ago

Crashing resizing tree column [@gfxWindowsTextRun::MeasureOrDrawFast]

Categories

(Core :: Graphics, defect)

Product:
Core
Component:
Graphics
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: sicking, Assigned: pavlov)

Details

(Keywords: crash, topcrash)

Crash Data

Attachments

(1 file)

fix crash
5.73 KB, patch
vlad
: review+
Details | Diff | Splinter Review 
Was resing the columns in the DOM inspector when i crashed with the following below top of the stack. The crash was at

http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/gfx/thebes/src/gfxWindowsFonts.cpp&rev=1.24&root=/cvsroot&mark=510#500

The problem is that ret is 0xffffffff.


>	thebes.dll!gfxWindowsTextRun::MeasureOrDrawFast(gfxContext * aContext=0x039e54a8, int aDraw=0x00000001, int aX=0x000001b7, int aY=0x0000000f, const int * aSpacing=0x00000000)  Line 498 + 0x6	C++
 	thebes.dll!gfxWindowsTextRun::DrawString(gfxContext * aContext=0x039e54a8, gfxPoint pt={...})  Line 367 + 0x22	C++
 	gkgfxthebes.dll!nsThebesFontMetrics::DrawString(const unsigned short * aString=0x100fe660, unsigned int aLength=0x00000000, int aX=0x000019b8, int aY=0x000000e1, int aFontID=0xffffffff, const int * aSpacing=0x00000000, nsThebesRenderingContext * aContext=0x03d8fff8)  Line 378	C++
 	gkgfxthebes.dll!nsThebesRenderingContext::DrawString(const unsigned short * aString=0x100fe660, unsigned int aLength=0x00000000, int aX=0x000019b8, int aY=0x000000e1, int aFontID=0xffffffff, const int * aSpacing=0x00000000)  Line 1293	C++
 	gkgfxthebes.dll!nsThebesRenderingContext::DrawString(const nsString & aString={...}, int aX=0x000019b8, int aY=0x000000e1, int aFontID=0xffffffff, const int * aSpacing=0x00000000)  Line 1303	C++
 	gklayout.dll!nsTextBoxFrame::PaintTitle(nsIRenderingContext & aRenderingContext={...}, const nsRect & aDirtyRect={...}, nsPoint aPt={...})  Line 482	C++
 	gklayout.dll!nsDisplayXULTextBox::Paint(nsDisplayListBuilder * aBuilder=0x0012e848, nsIRenderingContext * aCtx=0x03d8fffc, const nsRect & aDirtyRect={...})  Line 301	C++
 	gklayout.dll!nsDisplayList::Paint(nsDisplayListBuilder * aBuilder=0x0012e848, nsIRenderingContext * aCtx=0x03d8fffc, const nsRect & aDirtyRect={...})  Line 166	C++
The problem seems to be that aLength is 0 (mIsASCII is false and mString contains an empty string)
Keywords: crash
Attached patch fix crashSplinter Review 
add checks to return early if the length is 0.  also make the windows MakeTextRun calls return null if given an empty string.  I also removed the unused DC param/member/etc (unrelated)
Assignee: nobody → pavlov
Status: NEW → ASSIGNED
Attachment #214369 - Flags: review?(vladimir)
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Crash Signature: [@gfxWindowsTextRun::MeasureOrDrawFast]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: