From 1a837f2ff00307d4179c8ccfbaab8da88b8a2790 Mon Sep 17 00:00:00 2001 From: Simon Montagu Date: Mon, 30 May 2011 18:19:13 +0300 Subject: [PATCH] Don't use cached inflow length for empty frames. Bug 660416, r=roc --- layout/generic/crashtests/660416.html | 17 +++++++++++++++ layout/generic/crashtests/crashtests.list | 1 + layout/generic/nsTextFrameThebes.cpp | 25 +++++++++++------------ 3 files changed, 30 insertions(+), 13 deletions(-) create mode 100644 layout/generic/crashtests/660416.html diff --git a/layout/generic/crashtests/660416.html b/layout/generic/crashtests/660416.html new file mode 100644 index 000000000000..d9a42d419ea5 --- /dev/null +++ b/layout/generic/crashtests/660416.html @@ -0,0 +1,17 @@ + + + + + +x‮y + diff --git a/layout/generic/crashtests/crashtests.list b/layout/generic/crashtests/crashtests.list index a42bddf71259..cc5cfe644c21 100644 --- a/layout/generic/crashtests/crashtests.list +++ b/layout/generic/crashtests/crashtests.list @@ -359,3 +359,4 @@ load 646561-1.html load 646983-1.html load 647332-1.html load 650499-1.html +load 660416.html diff --git a/layout/generic/nsTextFrameThebes.cpp b/layout/generic/nsTextFrameThebes.cpp index 1d807700e114..e8baf8f0b845 100644 --- a/layout/generic/nsTextFrameThebes.cpp +++ b/layout/generic/nsTextFrameThebes.cpp @@ -626,28 +626,27 @@ PRInt32 nsTextFrame::GetInFlowContentLength() { return mContent->TextLength() - mContentOffset; } - nsTextFrame* nextBidi = nsnull; - PRInt32 start = -1, end, endFlow; FlowLengthProperty* flowLength = static_cast(mContent->GetProperty(nsGkAtoms::flowlength)); - if (flowLength && flowLength->mStartOffset <= mContentOffset && + /** + * This frame must start inside the cached flow. If the flow starts at + * mContentOffset but this frame is empty, logically it might be before the + * start of the cached flow. + */ + if (flowLength && + (flowLength->mStartOffset < mContentOffset || + (flowLength->mStartOffset == mContentOffset && GetContentEnd() > mContentOffset)) && flowLength->mEndFlowOffset > mContentOffset) { #ifdef DEBUG - GetOffsets(start, end); - NS_ASSERTION(flowLength->mEndFlowOffset >= end, - "frame crosses fixed continuation boundary"); + NS_ASSERTION(flowLength->mEndFlowOffset >= GetContentEnd(), + "frame crosses fixed continuation boundary"); #endif return flowLength->mEndFlowOffset - mContentOffset; } - nextBidi = static_cast(GetLastInFlow()->GetNextContinuation()); - if (nextBidi) { - nextBidi->GetOffsets(start, end); - endFlow = start; - } else { - endFlow = mContent->TextLength(); - } + nsTextFrame* nextBidi = static_cast(GetLastInFlow()->GetNextContinuation()); + PRInt32 endFlow = nextBidi ? nextBidi->GetContentOffset() : mContent->TextLength(); if (!flowLength) { flowLength = new FlowLengthProperty;