From bug 703100 comment 57: We should review the existing buffer allocations in nsTextFrameThebes.cpp, and switch to fallible arrays in some cases where we're allocating space for a potentially huge string of text, and the code include checks for failure - it was clearly written assuming fallible arrays, but we've since changed the default behavior of arrays. The buffer passed to BuildTextRunForFrames, for example, should be allocated fallibly, as should the temporary buffer used when we need to "expand" 8- to 16-bit text. Basically, wherever we're doing "nsAutoTArray<T,BIG_TEXT_NODE_SIZE>", we probably want FallibleAutoTArray.
Created attachment 588005 [details] [diff] [review] patch, use fallible arrays for large text buffers
Backed out of inbound for multiple test failures: https://tbpl.mozilla.org/?tree=Mozilla-Inbound&rev=148044813372 https://hg.mozilla.org/integration/mozilla-inbound/rev/7ee957b3e883
Re-landed without the change to how BuildTextRunForFrames is called (it needs to be able to return null for the textrun without this being treated as failure): https://hg.mozilla.org/integration/mozilla-inbound/rev/4117cd7064ee