From aa82e980a655d8bdf7c2e052dddb8750cddda8eb Mon Sep 17 00:00:00 2001
From: "roc+@cs.cmu.edu" <roc+@cs.cmu.edu>
Date: Tue, 3 Apr 2007 19:28:27 -0700
Subject: [PATCH] Bug 368860. Don't perform out-of-bounds access if we have a
 bogus empty previous-text-frame. r+sr=dbaron

---
 layout/generic/nsTextFrame.cpp | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/layout/generic/nsTextFrame.cpp b/layout/generic/nsTextFrame.cpp
index 2cac8c5e56c3..b6fae47ef99d 100644
--- a/layout/generic/nsTextFrame.cpp
+++ b/layout/generic/nsTextFrame.cpp
@@ -4996,9 +4996,12 @@ static PRBool CanBreakBetween(nsTextFrame* aBefore,
     firstAfter = fragAfter->CharAt(afterOffset);
   }
   while (IS_DISCARDED(lastBefore)) {
-    NS_ASSERTION(beforeOffset > 0,
-                 "Before-textframe maps no content, should not have called SetTrailingTextFrame");
     --beforeOffset;
+    if (beforeOffset == 0) {
+      // aBefore was entirely skipped. Who knows why it called SetTrailingTextFrame.
+      NS_WARNING("Before-frame should not have called SetTrailingTextFrame");
+      return PR_FALSE;
+    }
     lastBefore = fragBefore->CharAt(beforeOffset - 1);
   }