Closed Bug 665837 Opened 8 years ago Closed 8 years ago

"ASSERTION: negative length" with -moz-column, rtl, pre-line

Categories

(Core :: Layout: Text and Fonts, defect)

x86_64
macOS
defect
Not set

Tracking

()

RESOLVED FIXED
mozilla7
Tracking Status
firefox5 - wontfix
firefox6 --- unaffected
firefox7 + fixed

People

(Reporter: jruderman, Assigned: smontagu)

References

(Blocks 1 open bug)

Details

(Keywords: assertion, testcase, Whiteboard: [qa-])

Attachments

(2 files)

Attached file testcase
###!!! ASSERTION: negative length: 'GetContentEnd() - mContentOffset >= 0', file /builds/slave/cen-osx64-dbg/build/layout/generic/nsTextFrame.h, line 327
Attached patch PatchSplinter Review
Assignee: nobody → smontagu
Attachment #540726 - Flags: review?(roc)
Comment on attachment 540726 [details] [diff] [review]
Patch

Review of attachment 540726 [details] [diff] [review]:
-----------------------------------------------------------------

So the problem occurs when the entire continuation chain doesn't cover all the text in the node? When did that happen? Was it just a transient state?
Attachment #540726 - Flags: review?(roc) → review+
Not the entire continuation chain, the sibling chain. Bug 663295 made us break off walking continuations at the last sibling. I'll edit some of the code comments to make this clearer before checking in.
Assuming sg:critical if there's also a runtime crash, please correct if wrong
Whiteboard: [sg:critical?]
No runtime crash in either debug or opt build.
Whiteboard: [sg:critical?]
http://hg.mozilla.org/mozilla-central/rev/99c270809649
Status: NEW → RESOLVED
Closed: 8 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Depends on: 668941
If there's no crash then what is a crashtest testing?
Assertions :)  The reftest framework catches leaks and assertions in addition to crashes and hangs.  "Crashtest" is short for "Make sure nothing goes horribly and obviously wrong when loading this page".
Should this bug be unhidden then, not a security bug after all?
If it's a security bug we need to land this on mozilla-beta for firefox 6. If it's not then we should stop tracking it for 6 and move on.
Target Milestone: --- → mozilla7
The assertion doesn't occur in a current mozilla-beta build, so comment 10 is moot.
Group: core-security
Depends on: 670226
qa- as no QA fix verification needed
Whiteboard: [qa-]
You need to log in before you can comment on or make changes to this bug.