With: user_pref("svg.text.css-frames.enabled", true); Crash [@ gfxSkipCharsIterator::SetOffsets]
On Windows: bp-a59c21b6-9b55-4b17-8d91-7c8652130311.
Crash Signature: [@ gfxSkipCharsIterator::SetOffsets(unsigned int, bool) ]
OS: Mac OS X → All
Hardware: x86_64 → All
Bug 843072 was almost right but not quite. We need to check we're at the end before calling Next(chars)
Attachment #724061 - Flags: review?(dholbert)
Attachment #724061 - Attachment is patch: true
The kid stuff is unused code and never gets hit.
Comment on attachment 724061 [details] [diff] [review] patch r=me, but this also means that Next() is buggy (or at least doesn't hold up to its documentation) It's currently documented as follows: > 2037 /** > 2038 * Advances ahead aCount matching characters. Returns true if there were > 2039 * enough characters to advance past, and false otherwise. > 2040 */ > 2041 bool Next(uint32_t aCount); which implies that it should just return false (not crash) if we're at the end & try to advance. Could you file a followup on fixing that? Not sure if it'll still be possible to trigger that behavior after this bug's fixed, but it's a footgun waiting to be loaded when someone adds a Next() call elsewhere and trusts its documentation to be accurate. :)
Attachment #724061 - Flags: review?(dholbert) → review+
Created bug 655877 per cooment 5
(In reply to Robert Longson from comment #8) > Created bug 655877 per cooment 5 looks like a mis-paste?
can't type comment either :-(
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla22
You need to log in before you can comment on or make changes to this bug.