Last Comment Bug 650499 - "ASSERTION: Invalid offset" with soft hyphen, white-space:pre
: "ASSERTION: Invalid offset" with soft hyphen, white-space:pre
Status: RESOLVED FIXED
: assertion, testcase
Product: Core
Classification: Components
Component: Layout: Text (show other bugs)
: Trunk
: x86 Mac OS X
: -- normal (vote)
: ---
Assigned To: Jonathan Kew (:jfkthame)
:
Mentors:
Depends on:
Blocks: randomstyles textfuzzer 418975
  Show dependency treegraph
 
Reported: 2011-04-16 07:44 PDT by Jesse Ruderman
Modified: 2011-04-21 05:48 PDT (History)
3 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
testcase (306 bytes, application/xhtml+xml)
2011-04-16 07:44 PDT, Jesse Ruderman
no flags Details
stack trace (3.00 KB, text/plain)
2011-04-16 07:45 PDT, Jesse Ruderman
no flags Details
patch, limit length for PropertyProvider to what's actually in the textrun (1.55 KB, patch)
2011-04-18 06:45 PDT, Jonathan Kew (:jfkthame)
roc: review+
Details | Diff | Review
add the testcase as a crashtest (949 bytes, patch)
2011-04-18 06:53 PDT, Jonathan Kew (:jfkthame)
roc: review+
Details | Diff | Review

Description Jesse Ruderman 2011-04-16 07:44:03 PDT
Created attachment 526491 [details]
testcase

###!!! ASSERTION: Invalid offset: 'aOffset <= mSkipChars->mCharCount', file gfx/thebes/gfxSkipChars.cpp, line 92
Comment 1 Jesse Ruderman 2011-04-16 07:45:21 PDT
Created attachment 526493 [details]
stack trace
Comment 2 Jonathan Kew (:jfkthame) 2011-04-16 07:50:59 PDT
Looks like more fallout from bug 418975 and its followup fixes (sigh).
Comment 3 Jonathan Kew (:jfkthame) 2011-04-18 06:45:56 PDT
Created attachment 526712 [details] [diff] [review]
patch, limit length for PropertyProvider to what's actually in the textrun

It looks like the problem here arises because the presence of the preformatted newline in the text node means that the textrun ends up "truncated" at that point, so it doesn't cover all the text that the code was expecting it to.

To handle this case, we can set len for the PropertyProvider to the minimum of the actual content length and the length covered by the textrun.
Comment 4 Jonathan Kew (:jfkthame) 2011-04-18 06:53:14 PDT
Created attachment 526714 [details] [diff] [review]
add the testcase as a crashtest
Comment 6 :Ms2ger 2011-04-21 05:48:33 PDT
Comment on attachment 526712 [details] [diff] [review]
patch, limit length for PropertyProvider to what's actually in the textrun

>+    len = PR_MIN(GetContentOffset() + GetInFlowContentLength(),
>+                 tmp.ConvertSkippedToOriginal(flowEndInTextRun)) - iter.GetOriginalOffset();

This really should have been NS_MIN.

Note You need to log in before you can comment on or make changes to this bug.