Last Comment Bug 670564 - "ASSERTION: illegal left edge" in nsDisplayText::Paint
: "ASSERTION: illegal left edge" in nsDisplayText::Paint
Status: RESOLVED FIXED
: assertion, testcase
Product: Core
Classification: Components
Component: Layout (show other bugs)
: Trunk
: All All
: -- minor (vote)
: mozilla8
Assigned To: Mats Palmgren (:mats)
:
Mentors:
Depends on:
Blocks: randomstyles 312156
  Show dependency treegraph
 
Reported: 2011-07-10 13:25 PDT by Jesse Ruderman
Modified: 2011-07-12 03:50 PDT (History)
6 users (show)
mats: in‑testsuite+
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
testcase (288 bytes, application/xhtml+xml)
2011-07-10 13:25 PDT, Jesse Ruderman
no flags Details
fix + crashtest (2.29 KB, patch)
2011-07-11 04:15 PDT, Mats Palmgren (:mats)
roc: review+
Details | Diff | Splinter Review

Description Jesse Ruderman 2011-07-10 13:25:59 PDT
Created attachment 545093 [details]
testcase

###!!! ASSERTION: illegal left edge: 'mLeftEdge >= 0', file layout/generic/nsTextFrameThebes.cpp
Comment 1 Mats Palmgren (:mats) 2011-07-10 14:51:57 PDT
Leading up to the reported assertion (on Linux64):

WARNING: Overflowed nscoord_MAX in conversion to nscoord: 'aValue <= nscoord_MAX', file ../../dist/include/nsCoord.h, line 106
nsLineLayout: Text(0)@0x7ff67d230f10 metrics=1073741824,1140!
###!!! ASSERTION: Computed overflow area must contain frame bounds: 'aNewSize.width == 0 || aNewSize.height == 0 || aOverflowAreas.Overflow(otype).Contains(nsRect(nsPoint(0,0), aNewSize))', file layout/generic/nsFrame.cpp, line 6465
###!!! ASSERTION: Wrong bounds: 'bounds.IsEqualInterior(aChildren.GetBounds(aBuilder))', file layout/base/FrameLayerBuilder.cpp, line 1838
###!!! ASSERTION: illegal left edge: 'mLeftEdge >= 0', file layout/generic/nsTextFrameThebes.cpp, line 4179
Comment 2 Mats Palmgren (:mats) 2011-07-10 16:08:24 PDT
The "illegal left edge" assertion was added in bug 312156.
The condition is quite harmless.
Comment 3 Mats Palmgren (:mats) 2011-07-11 04:15:22 PDT
Created attachment 545146 [details] [diff] [review]
fix + crashtest

The distance to the marker edge is so large it causes integer overflow
on nscoord.  I think we can safely assume all of it is clipped (the
the width would have to be > nscoord_MAX to be visible).
Comment 4 Robert O'Callahan (:roc) (Exited; email my personal email if necessary) 2011-07-11 04:20:50 PDT
Comment on attachment 545146 [details] [diff] [review]
fix + crashtest

Review of attachment 545146 [details] [diff] [review]:
-----------------------------------------------------------------

Note You need to log in before you can comment on or make changes to this bug.