Closed
Bug 645139
Opened 13 years ago
Closed 13 years ago
Crash [@ nsTextFragment::CharAt(int)] | ASSERTION: bad index: 'PRUint32(aIndex) < mState.mLength'
Categories
(Core :: Layout: Text and Fonts, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 645072
People
(Reporter: bc, Unassigned)
References
()
Details
(Keywords: assertion, crash, reproducible)
Crash Data
1. http://beon.ru/tests/734-285.html 2. Crash @ 0x0| Assertion See also bug 612532 whose top frame is the same but whose stack is different. Locally reproduced on Fedora14 32bit with the following: ###!!! ASSERTION: bad index: 'PRUint32(aIndex) < mState.mLength', file ../../dist/include/nsTextFragment.h, line 204 Program received signal SIGSEGV, Segmentation fault. 0x0090dce0 in nsTextFragment::CharAt (this=0x92b6610, aIndex=0) at ../../dist/include/nsTextFragment.h:205 205 return mState.mIs2b ? m2b[aIndex] : static_cast<unsigned char>(m1b[aIndex]); #0 0x0090dce0 in nsTextFragment::CharAt (this=0x92b6610, aIndex=0) at ../../dist/include/nsTextFragment.h:205 #1 0x00a814e9 in PropertyProvider::GetHyphenationBreaks (this=0xbfffa5d0, aStart=0, aLength=0, aBreakBefore=0xbfff95d0 "\001") at /work/mozilla/builds/2.0.0/mozilla/layout/generic/nsTextFrameThebes.cpp:2848 #2 0x00a8a4b0 in nsTextFrame::AddInlineMinWidthForFlow (this=0x9314ec0, aRenderingContext=0x92ac020, aData=0xbfffa8e4) at /work/mozilla/builds/2.0.0/mozilla/layout/generic/nsTextFrameThebes.cpp:6102 #3 0x00a8a9ee in nsTextFrame::AddInlineMinWidth (this=0x9314ec0, aRenderingContext=0x92ac020, aData=0xbfffa8e4) at /work/mozilla/builds/2.0.0/mozilla/layout/generic/nsTextFrameThebes.cpp:6204 #4 0x009f0da0 in nsContainerFrame::DoInlineIntrinsicWidth (this=0x9314e78, aRenderingContext=0x92ac020, aData=0xbfffa8e4, aType= nsLayoutUtils::MIN_WIDTH) at /work/mozilla/builds/2.0.0/mozilla/layout/generic/nsContainerFrame.cpp:647 #5 0x00a3f593 in nsInlineFrame::AddInlineMinWidth (this=0x9314e78, aRenderingContext=0x92ac020, aData=0xbfffa8e4) at /work/mozilla/builds/2.0.0/mozilla/layout/generic/nsInlineFrame.cpp:210 #6 0x009f0da0 in nsContainerFrame::DoInlineIntrinsicWidth (this=0x9314d58, I was not able to reproduce locally on 32bit WinXP or 64bit Fedora14 but the automation did reproduce on Windows, Linux and Mac.
|
Reporter | |
Updated•13 years ago
|
Summary: Crash [@ nsTextFragment::CharAt(int)] | → Crash [@ nsTextFragment::CharAt(int)] | ASSERTION: bad index: 'PRUint32(aIndex) < mState.mLength'
|
||
Updated•13 years ago
|
Component: DOM → Layout: Text
QA Contact: general → layout.fonts-and-text
|
||
Comment 1•13 years ago
|
||
This looks like bug 645072 (which was fixed by backing out bug 418975).
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
|
Assignee | |
Updated•13 years ago
|
Crash Signature: [@ nsTextFragment::CharAt(int)]
|
||
Updated•9 years ago
|
Keywords: testcase-wanted
You need to log in
before you can comment on or make changes to this bug.
Description
•