825167 - [TSF] "ASSERTION: nsTDependentString must wrap only null-terminated strings: 'mData[mLength] == 0'" when composition string becomes 0 length

Status: RESOLVED FIXED

(Core :: Widget: Win32, defect)

Comment 1

[Masayuki Nakano [:masayuki] (he/him)(JST, +0900)]

Attachment: Patch

https://tbpl.mozilla.org/?tree=Try&usebuildbot=1&rev=2198f029aa65

Comment 2

[Masayuki Nakano [:masayuki] (he/him)(JST, +0900)]

Comment on attachment 696260 [details] [diff] [review]
Patch

At removing a character of composition string by backspace key, nsTextStore::SetText() may send composition string including the being removed character.  Then, the pchText[cch] is not NULL character. nsDependentString doesn't assume such case (I'm not sure the reason since the constructor has the argument which can specify the length). We should use nsDependentSubstring instead.

Comment 3

[Masayuki Nakano [:masayuki] (he/him)(JST, +0900)]

https://hg.mozilla.org/integration/mozilla-inbound/rev/07795d6a4af0

Comment 4

[neil@parkwaycc.co.uk]

(In reply to Masayuki Nakano from comment #2)
> nsDependentString doesn't assume such case (I'm not sure the reason since
> the constructor has the argument which can specify the length).
nsDependentString derives from nsCString which guarantees a null-terminated string. (Most people don't know the length of their string in advance, but there are some oddballs such as atoms which mess around with fake string buffers and suchlike.)

> We should use nsDependentSubstring instead.
Or you could also use Substring, which returns an nsDependentSubstring. (As with PromiseFlatString, I believe that it's preferred to use the function rather than the constructor, although not everyone remembers to do that.)

Comment 5

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/mozilla-central/rev/07795d6a4af0