Re-merge mc to tm
authorBlake Kaplan <mrbkap@gmail.com>
Wed, 04 Feb 2009 15:25:24 -0800
changeset 24840 c68347e890360b2fbff9af72a09c417a0f2ca093
parent 24839 33d63e807d6becd1759412e7ef05e4a086e4c44b (current diff)
parent 24644 6c1090838778c6b119177cf053a977ad28ac06df (diff)
child 24841 05a74019c74c1d681932b2f170928684f5c78564
push idunknown
push userunknown
push dateunknown
milestone1.9.2a1pre
Re-merge mc to tm
--- a/layout/base/nsCSSFrameConstructor.cpp
+++ b/layout/base/nsCSSFrameConstructor.cpp
@@ -5087,16 +5087,19 @@ nsCSSFrameConstructor::FindInputData(nsI
     COMPLEX_INT_CREATE(NS_FORM_INPUT_BUTTON,
                        &nsCSSFrameConstructor::ConstructButtonFrame)
     // Keeping hidden inputs out of here on purpose for so they get frames by
     // display (in practice, none).
   };
 
   nsCOMPtr<nsIFormControl> control = do_QueryInterface(aContent);
   NS_ASSERTION(control, "input doesn't implement nsIFormControl?");
+  if (!control) {
+    printf("BOGUS INPUT DETECTED IN FRAME CONSTRUCTION (about to crash).\n");
+  }
 
   return FindDataByInt(control->GetType(), aContent, aStyleContext,
                        sInputData, NS_ARRAY_LENGTH(sInputData));
 }
 
 /* static */
 const nsCSSFrameConstructor::FrameConstructionData*
 nsCSSFrameConstructor::FindObjectData(nsIContent* aContent,
--- a/layout/style/nsCSSValue.h
+++ b/layout/style/nsCSSValue.h
@@ -322,17 +322,114 @@ public:
   NS_HIDDEN_(void)  SetRectIsAutoValue();
   NS_HIDDEN_(void)  StartImageLoad(nsIDocument* aDocument)
                                    const;  // Not really const, but pretending
 
   // Returns an already addrefed buffer.  Can return null on allocation
   // failure.
   static nsStringBuffer* BufferFromString(const nsString& aValue);
   
-  struct Array;
+  struct Array {
+
+    // return |Array| with reference count of zero
+    static Array* Create(PRUint16 aItemCount) {
+      return new (aItemCount) Array(aItemCount);
+    }
+
+    nsCSSValue& operator[](PRUint16 aIndex) {
+      NS_ASSERTION(aIndex < mCount, "out of range");
+      return *(First() + aIndex);
+    }
+
+    const nsCSSValue& operator[](PRUint16 aIndex) const {
+      NS_ASSERTION(aIndex < mCount, "out of range");
+      return *(First() + aIndex);
+    }
+
+    nsCSSValue& Item(PRUint16 aIndex) { return (*this)[aIndex]; }
+    const nsCSSValue& Item(PRUint16 aIndex) const { return (*this)[aIndex]; }
+
+    PRUint16 Count() const { return mCount; }
+
+    PRBool operator==(const Array& aOther) const
+    {
+      if (mCount != aOther.mCount)
+        return PR_FALSE;
+      for (PRUint16 i = 0; i < mCount; ++i)
+        if ((*this)[i] != aOther[i])
+          return PR_FALSE;
+      return PR_TRUE;
+    }
+
+    void AddRef() {
+      if (mRefCnt == PR_UINT16_MAX) {
+        NS_WARNING("refcount overflow, leaking nsCSSValue::Array");
+        return;
+      }
+      ++mRefCnt;
+      NS_LOG_ADDREF(this, mRefCnt, "nsCSSValue::Array", sizeof(*this));
+    }
+    void Release() {
+      if (mRefCnt == PR_UINT16_MAX) {
+        NS_WARNING("refcount overflow, leaking nsCSSValue::Array");
+        return;
+      }
+      --mRefCnt;
+      NS_LOG_RELEASE(this, mRefCnt, "nsCSSValue::Array");
+      if (mRefCnt == 0)
+        delete this;
+    }
+
+  private:
+
+    PRUint16 mRefCnt;
+    PRUint16 mCount;
+
+    void* operator new(size_t aSelfSize, PRUint16 aItemCount) CPP_THROW_NEW {
+      return ::operator new(aSelfSize + sizeof(nsCSSValue)*aItemCount);
+    }
+
+    void operator delete(void* aPtr) { ::operator delete(aPtr); }
+
+    nsCSSValue* First() {
+      return (nsCSSValue*) (((char*)this) + sizeof(*this));
+    }
+
+    const nsCSSValue* First() const {
+      return (const nsCSSValue*) (((const char*)this) + sizeof(*this));
+    }
+
+#define CSSVALUE_LIST_FOR_VALUES(var)                                         \
+  for (nsCSSValue *var = First(), *var##_end = var + mCount;                  \
+       var != var##_end; ++var)
+
+    Array(PRUint16 aItemCount)
+      : mRefCnt(0)
+      , mCount(aItemCount)
+    {
+      MOZ_COUNT_CTOR(nsCSSValue::Array);
+      CSSVALUE_LIST_FOR_VALUES(val) {
+        new (val) nsCSSValue();
+      }
+    }
+
+    ~Array()
+    {
+      MOZ_COUNT_DTOR(nsCSSValue::Array);
+      CSSVALUE_LIST_FOR_VALUES(val) {
+        val->~nsCSSValue();
+      }
+    }
+
+#undef CSSVALUE_LIST_FOR_VALUES
+
+  private:
+    Array(const Array& aOther); // not to be implemented
+  };
+
   struct URL {
     // Methods are not inline because using an nsIPrincipal means requiring
     // caps, which leads to REQUIRES hell, since this header is included all
     // over.    
 
     // aString must not be null.
     // aOriginPrincipal must not be null.
     URL(nsIURI* aURI, nsStringBuffer* aString, nsIURI* aReferrer,
@@ -412,109 +509,10 @@ protected:
     nsStringBuffer* mString;
     nscolor    mColor;
     Array*     mArray;
     URL*       mURL;
     Image*     mImage;
   }         mValue;
 };
 
-struct nsCSSValue::Array {
-
-  // return |Array| with reference count of zero
-  static Array* Create(PRUint16 aItemCount) {
-    return new (aItemCount) Array(aItemCount);
-  }
-
-  nsCSSValue& operator[](PRUint16 aIndex) {
-    NS_ASSERTION(aIndex < mCount, "out of range");
-    return mArray[aIndex];
-  }
-
-  const nsCSSValue& operator[](PRUint16 aIndex) const {
-    NS_ASSERTION(aIndex < mCount, "out of range");
-    return mArray[aIndex];
-  }
-
-  nsCSSValue& Item(PRUint16 aIndex) { return (*this)[aIndex]; }
-  const nsCSSValue& Item(PRUint16 aIndex) const { return (*this)[aIndex]; }
-
-  PRUint16 Count() const { return mCount; }
-
-  PRBool operator==(const Array& aOther) const
-  {
-    if (mCount != aOther.mCount)
-      return PR_FALSE;
-    for (PRUint16 i = 0; i < mCount; ++i)
-      if ((*this)[i] != aOther[i])
-        return PR_FALSE;
-    return PR_TRUE;
-  }
-
-  void AddRef() {
-    if (mRefCnt == PR_UINT16_MAX) {
-      NS_WARNING("refcount overflow, leaking nsCSSValue::Array");
-      return;
-    }
-    ++mRefCnt;
-    NS_LOG_ADDREF(this, mRefCnt, "nsCSSValue::Array", sizeof(*this));
-  }
-  void Release() {
-    if (mRefCnt == PR_UINT16_MAX) {
-      NS_WARNING("refcount overflow, leaking nsCSSValue::Array");
-      return;
-    }
-    --mRefCnt;
-    NS_LOG_RELEASE(this, mRefCnt, "nsCSSValue::Array");
-    if (mRefCnt == 0)
-      delete this;
-  }
-
-private:
-
-  PRUint16 mRefCnt;
-  const PRUint16 mCount;
-  // This must be the last sub-object, since we extend this array to
-  // be of size mCount; it needs to be a sub-object so it gets proper
-  // alignment.
-  nsCSSValue mArray[1];
-
-  void* operator new(size_t aSelfSize, PRUint16 aItemCount) CPP_THROW_NEW {
-    NS_ABORT_IF_FALSE(aItemCount > 0, "cannot have a 0 item count");
-    return ::operator new(aSelfSize + sizeof(nsCSSValue) * (aItemCount - 1));
-  }
-
-  void operator delete(void* aPtr) { ::operator delete(aPtr); }
-
-  nsCSSValue* First() { return mArray; }
-
-  const nsCSSValue* First() const { return mArray; }
-
-#define CSSVALUE_LIST_FOR_EXTRA_VALUES(var)                                   \
-  for (nsCSSValue *var = First() + 1, *var##_end = First() + mCount;          \
-       var != var##_end; ++var)
-
-  Array(PRUint16 aItemCount)
-    : mRefCnt(0)
-    , mCount(aItemCount)
-  {
-    MOZ_COUNT_CTOR(nsCSSValue::Array);
-    CSSVALUE_LIST_FOR_EXTRA_VALUES(val) {
-      new (val) nsCSSValue();
-    }
-  }
-
-  ~Array()
-  {
-    MOZ_COUNT_DTOR(nsCSSValue::Array);
-    CSSVALUE_LIST_FOR_EXTRA_VALUES(val) {
-      val->~nsCSSValue();
-    }
-  }
-
-#undef CSSVALUE_LIST_FOR_EXTRA_VALUES
-
-private:
-  Array(const Array& aOther); // not to be implemented
-};
-
 #endif /* nsCSSValue_h___ */
 
--- a/parser/htmlparser/tests/crashtests/crashtests.list
+++ b/parser/htmlparser/tests/crashtests/crashtests.list
@@ -1,3 +1,3 @@
 load 423373-1.html
-load 460706-1.xhtml
+# load 460706-1.xhtml
 load 468538-1.xhtml