670564 - "ASSERTION: illegal left edge" in nsDisplayText::Paint

Status: RESOLVED FIXED

(Core :: Layout, defect)

Description

[Jesse Ruderman]

Attachment: testcase

###!!! ASSERTION: illegal left edge: 'mLeftEdge >= 0', file layout/generic/nsTextFrameThebes.cpp

Comment 1

[Mats Palmgren (inactive)]

Leading up to the reported assertion (on Linux64):

WARNING: Overflowed nscoord_MAX in conversion to nscoord: 'aValue <= nscoord_MAX', file ../../dist/include/nsCoord.h, line 106
nsLineLayout: Text(0)@0x7ff67d230f10 metrics=1073741824,1140!
###!!! ASSERTION: Computed overflow area must contain frame bounds: 'aNewSize.width == 0 || aNewSize.height == 0 || aOverflowAreas.Overflow(otype).Contains(nsRect(nsPoint(0,0), aNewSize))', file layout/generic/nsFrame.cpp, line 6465
###!!! ASSERTION: Wrong bounds: 'bounds.IsEqualInterior(aChildren.GetBounds(aBuilder))', file layout/base/FrameLayerBuilder.cpp, line 1838
###!!! ASSERTION: illegal left edge: 'mLeftEdge >= 0', file layout/generic/nsTextFrameThebes.cpp, line 4179

Comment 2

[Mats Palmgren (inactive)]

The "illegal left edge" assertion was added in bug 312156.
The condition is quite harmless.

Comment 3

[Mats Palmgren (inactive)]

Attachment: fix + crashtest

The distance to the marker edge is so large it causes integer overflow
on nscoord.  I think we can safely assume all of it is clipped (the
the width would have to be > nscoord_MAX to be visible).

Comment 4

[Robert O'Callahan (:roc) (email my personal email if necessary)]

Comment on attachment 545146 [details] [diff] [review]
fix + crashtest

Review of attachment 545146 [details] [diff] [review]:
-----------------------------------------------------------------

Comment 5

[Mats Palmgren (inactive)]

http://hg.mozilla.org/integration/mozilla-inbound/rev/21d1ecfeabd8
http://hg.mozilla.org/integration/mozilla-inbound/rev/94bf463e0040

Comment 6

[Mounir Lamouri (:mounir)]

Merged:
http://hg.mozilla.org/mozilla-central/rev/21d1ecfeabd8
http://hg.mozilla.org/mozilla-central/rev/94bf463e0040