Closed
Bug 633322
Opened 13 years ago
Closed 13 years ago
"ASSERTION: detailed glyph record missing!" uppercasing ß, followed by zwsp
Categories
(Core :: Graphics, defect)
Tracking
()
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
blocking2.0 | --- | final+ |
People
(Reporter: jruderman, Assigned: jfkthame)
References
Details
(Keywords: assertion, regression, testcase)
Attachments
(4 files)
109 bytes,
text/html
|
Details | |
8.59 KB,
text/plain
|
Details | |
3.96 KB,
patch
|
roc
:
review+
|
Details | Diff | Splinter Review |
695 bytes,
patch
|
roc
:
review+
|
Details | Diff | Splinter Review |
###!!! ASSERTION: detailed glyph record missing!: 'mLastUsed != nsTArray<DGRec>::NoIndex', file gfxFont.h, line 2105 ###!!! ASSERTION: invalid array index: 'i < Length()', file nsTArray.h, line 455 Seems to be a regression from bug 631035. Security-sensitive because it's using nsTArray's ElementAt (not SafeElementAt). It seems to be important that the second character is ß (which uppercases to SS) and the third character is non-rendered (U+200B ZWSP or U+2061 FUNCTION APPLICATION). I don't know what the deal with the first character is; on my machine it's a hexbox.
Reporter | ||
Updated•13 years ago
|
Group: core-security
Reporter | ||
Comment 1•13 years ago
|
||
Reporter | ||
Updated•13 years ago
|
blocking2.0: --- → ?
Assignee | ||
Comment 2•13 years ago
|
||
Yes, this is certainly a regression from bug 631035; I'll dig into it ASAP. Thanks for the testcase! This probably accounts for the crashes reported in bug 633453.
Assignee: nobody → jfkthame
Assignee | ||
Comment 3•13 years ago
|
||
The DetailedGlyphStore is not intended to be called for character indexes that don't have any detailed glyphs; callers are expected to check this before trying to retrieve the DetailedGlyphs pointer. I missed one in MergeCharactersInTextRun(). So the real change here is just to check GetGlyphCount() in MergeCharactersInTextRun(). I've checked that all other current callers of GetDetailedGlyphs look correct, but I've also added extra comments and assertion checks at GetDetailedGlyphs, to help us catch any future issues quickly. We should add this example to crashtests, too.
Attachment #511675 -
Flags: review?(roc)
Assignee | ||
Comment 4•13 years ago
|
||
Attachment #511677 -
Flags: review?(roc)
Assignee | ||
Comment 5•13 years ago
|
||
Moving this to Graphics, as it's a gfx bug rather than layout. (In reply to comment #2) > This probably accounts for the crashes reported in bug 633453. FTR, that turned out to be a separate error, though they're both regressions from 631035.
Component: Layout: Text → Graphics
QA Contact: layout.fonts-and-text → thebes
Attachment #511677 -
Flags: review?(roc) → review+
Attachment #511675 -
Flags: review?(roc) → review+
blocking2.0: ? → final+
Assignee | ||
Comment 6•13 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/fcf6c9b3bd7d (patch) http://hg.mozilla.org/mozilla-central/rev/f36e81d4d60d (crashtest)
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Updated•10 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•