Closed Bug 645139 Opened 9 years ago Closed 9 years ago

Crash [@ nsTextFragment::CharAt(int)] | ASSERTION: bad index: 'PRUint32(aIndex) < mState.mLength'

Categories

(Core :: Layout: Text and Fonts, defect)

x86
All
defect
Not set

Tracking

()

RESOLVED DUPLICATE of bug 645072

People

(Reporter: bc, Unassigned)

References

(Blocks 1 open bug, )

Details

(Keywords: assertion, crash, reproducible)

Crash Data

1. http://beon.ru/tests/734-285.html
2. Crash @ 0x0| Assertion

See also bug 612532 whose top frame is the same but whose stack is different.

Locally reproduced on Fedora14 32bit with the following:

###!!! ASSERTION: bad index: 'PRUint32(aIndex) < mState.mLength', file ../../dist/include/nsTextFragment.h, line 204

Program received signal SIGSEGV, Segmentation fault.
0x0090dce0 in nsTextFragment::CharAt (this=0x92b6610, aIndex=0)
    at ../../dist/include/nsTextFragment.h:205
205	    return mState.mIs2b ? m2b[aIndex] : static_cast<unsigned char>(m1b[aIndex]);


#0  0x0090dce0 in nsTextFragment::CharAt (this=0x92b6610, aIndex=0)
    at ../../dist/include/nsTextFragment.h:205
#1  0x00a814e9 in PropertyProvider::GetHyphenationBreaks (this=0xbfffa5d0, 
    aStart=0, aLength=0, aBreakBefore=0xbfff95d0 "\001")
    at /work/mozilla/builds/2.0.0/mozilla/layout/generic/nsTextFrameThebes.cpp:2848
#2  0x00a8a4b0 in nsTextFrame::AddInlineMinWidthForFlow (this=0x9314ec0, 
    aRenderingContext=0x92ac020, aData=0xbfffa8e4)
    at /work/mozilla/builds/2.0.0/mozilla/layout/generic/nsTextFrameThebes.cpp:6102
#3  0x00a8a9ee in nsTextFrame::AddInlineMinWidth (this=0x9314ec0, 
    aRenderingContext=0x92ac020, aData=0xbfffa8e4)
    at /work/mozilla/builds/2.0.0/mozilla/layout/generic/nsTextFrameThebes.cpp:6204
#4  0x009f0da0 in nsContainerFrame::DoInlineIntrinsicWidth (this=0x9314e78, 
    aRenderingContext=0x92ac020, aData=0xbfffa8e4, aType=
    nsLayoutUtils::MIN_WIDTH)
    at /work/mozilla/builds/2.0.0/mozilla/layout/generic/nsContainerFrame.cpp:647
#5  0x00a3f593 in nsInlineFrame::AddInlineMinWidth (this=0x9314e78, 
    aRenderingContext=0x92ac020, aData=0xbfffa8e4)
    at /work/mozilla/builds/2.0.0/mozilla/layout/generic/nsInlineFrame.cpp:210
#6  0x009f0da0 in nsContainerFrame::DoInlineIntrinsicWidth (this=0x9314d58, 

I was not able to reproduce locally on 32bit WinXP or 64bit Fedora14 but the automation did reproduce on Windows, Linux and Mac.
Summary: Crash [@ nsTextFragment::CharAt(int)] | → Crash [@ nsTextFragment::CharAt(int)] | ASSERTION: bad index: 'PRUint32(aIndex) < mState.mLength'
Component: DOM → Layout: Text
QA Contact: general → layout.fonts-and-text
This looks like bug 645072 (which was fixed by backing out bug 418975).
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 645072
Crash Signature: [@ nsTextFragment::CharAt(int)]
You need to log in before you can comment on or make changes to this bug.