From c762d7b259d2e256a21751e2ea2c63e1ca89bf99 Mon Sep 17 00:00:00 2001
From: Charlie Marlow <cmarlow@mozilla.com>
Date: Fri, 16 Aug 2019 20:57:45 +0000
Subject: [PATCH] Bug 1574392: fix for crash caused by a zero length textblob
 r=dholbert

Differential Revision: https://phabricator.services.mozilla.com/D42347

--HG--
extra : moz-landing-system : lando
---
 layout/painting/crashtests/1574392.html    | 1 +
 layout/painting/crashtests/crashtests.list | 2 +-
 layout/painting/nsCSSRendering.cpp         | 9 ++++++++-
 3 files changed, 10 insertions(+), 2 deletions(-)
 create mode 100644 layout/painting/crashtests/1574392.html

diff --git a/layout/painting/crashtests/1574392.html b/layout/painting/crashtests/1574392.html
new file mode 100644
index 000000000000..2e8c4d15aad1
--- /dev/null
+++ b/layout/painting/crashtests/1574392.html
@@ -0,0 +1 @@
+<u>🏴󠁵󠁳󠁣󠁡󠁿</u>
diff --git a/layout/painting/crashtests/crashtests.list b/layout/painting/crashtests/crashtests.list
index 4ead044fbd9f..540ea02b7e24 100644
--- a/layout/painting/crashtests/crashtests.list
+++ b/layout/painting/crashtests/crashtests.list
@@ -21,4 +21,4 @@ load 1547420-1.html
 load 1549909.html
 asserts(6) load 1551389-1.html # bug 847368
 asserts(0-2) load 1555819-1.html
-
+load 1574392.html
diff --git a/layout/painting/nsCSSRendering.cpp b/layout/painting/nsCSSRendering.cpp
index 7ca93df694b2..c93fbdc21cf5 100644
--- a/layout/painting/nsCSSRendering.cpp
+++ b/layout/painting/nsCSSRendering.cpp
@@ -3877,7 +3877,10 @@ static sk_sp<const SkTextBlob> CreateTextBlob(
   // allocate space for the run buffer, then fill it with the glyphs
   uint32_t len =
       CountAllGlyphs(aTextRun, aCompressedGlyph, aStringStart, aStringEnd);
-  MOZ_ASSERT(len > 0, "there must be at least one glyph for skip ink");
+  if (len <= 0) {
+    return nullptr;
+  }
+
   SkTextBlobBuilder builder;
   const SkTextBlobBuilder::RunBuffer& run = builder.allocRunPos(aFont, len);
 
@@ -4116,6 +4119,10 @@ void nsCSSRendering::PaintDecorationLine(
                        iter.GetStringStart(), iter.GetStringEnd(),
                        (float)appUnitsPerDevPixel, textPos, spacingOffset);
 
+    if (!textBlob) {
+      continue;
+    }
+
     if (textRun->UseCenterBaseline()) {
       // writing modes that use a center baseline need to be adjusted on a
       // font-by-font basis since Skia lines up the text on a alphabetic