Ensure that Reset is always called before using the subparagraph. Bug 707098, r=roc
authorSimon Montagu <smontagu@smontagu.org>
Wed, 07 Dec 2011 12:07:42 +0200
changeset 82253 1e0d0ad9767a009180f4ffc3409fbff5b23582ba
parent 82252 792a9ba2aa26628e4eb540b51dfe66f6479d6e06
child 82254 21aac86d665894429ac1a0f7ab89da4be68a7fc6
push id21587
push userbmo@edmorley.co.uk
push dateThu, 08 Dec 2011 15:13:43 +0000
treeherdermozilla-central@98db2311a44c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersroc
bugs707098
milestone11.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Ensure that Reset is always called before using the subparagraph. Bug 707098, r=roc
layout/base/crashtests/707098.html
layout/base/crashtests/crashtests.list
layout/base/nsBidiPresUtils.cpp
new file mode 100644
--- /dev/null
+++ b/layout/base/crashtests/707098.html
@@ -0,0 +1,6 @@
+<!DOCTYPE html>
+<html>
+<body onload="var x = document.getElementById('x'); x.parentNode.removeChild(x);">
+<div><bdi><bdi><span id="x">&#x062A;</span> </bdi></bdi></div>
+</body>
+</html>
--- a/layout/base/crashtests/crashtests.list
+++ b/layout/base/crashtests/crashtests.list
@@ -339,8 +339,9 @@ load 653133-1.html
 load 663295.html
 load 663662-1.html
 load 663662-2.html
 load 665837.html
 load 668941.xhtml
 load 670226.html
 asserts(2) load 675246-1.xhtml # Bug 675713
 load 695861.html
+load 707098.html
--- a/layout/base/nsBidiPresUtils.cpp
+++ b/layout/base/nsBidiPresUtils.cpp
@@ -75,16 +75,17 @@ static const PRUnichar kPDF             
 
 struct BidiParagraphData {
   nsString            mBuffer;
   nsAutoTArray<PRUnichar, 16> mEmbeddingStack;
   nsTArray<nsIFrame*> mLogicalFrames;
   nsTArray<nsLineBox*> mLinePerFrame;
   nsDataHashtable<nsISupportsHashKey, PRInt32> mContentToFrameIndex;
   bool                mIsVisual;
+  bool                mReset;
   nsBidiLevel         mParaLevel;
   nsIContent*         mPrevContent;
   nsAutoPtr<nsBidi>   mBidiEngine;
   nsIFrame*           mPrevFrame;
   nsAutoPtr<BidiParagraphData> mSubParagraph;
 
   void Init(nsBlockFrame *aBlockFrame)
   {
@@ -152,20 +153,22 @@ struct BidiParagraphData {
 
     // If the containing paragraph has a level of NSBIDI_DEFAULT_LTR/RTL, set
     // the sub-paragraph to the corresponding non-default level (We can't use
     // GetParaLevel, because the containing paragraph hasn't yet been through
     // bidi resolution
     if (IS_DEFAULT_LEVEL(mParaLevel)) {
       mParaLevel = (mParaLevel == NSBIDI_DEFAULT_RTL) ? NSBIDI_RTL : NSBIDI_LTR;
     }                    
+    mReset = false;
   }
 
   void Reset(nsIFrame* aFrame, BidiParagraphData *aBpd)
   {
+    mReset = true;
     mLogicalFrames.Clear();
     mLinePerFrame.Clear();
     mContentToFrameIndex.Clear();
     mBuffer.SetLength(0);
     mPrevFrame = aBpd->mPrevFrame;
     // We need to copy in embeddings (but not overrides!) from the containing
     // paragraph so that the line(s) including this sub-paragraph will be
     // correctly reordered.
@@ -1112,17 +1115,17 @@ nsBidiPresUtils::TraverseFrames(nsBlockF
            * As at the beginning of the loop, it's important to check for
            * next-continuations before handling the frame. If we do
            * TraverseFrames and *then* do GetNextContinuation on the original
            * first frame, it could return a bidi continuation that had only
            * just been created, and we would skip doing bidi resolution on the
            * last part of the sub-paragraph.
            */
           bool isLastContinuation = !frame->GetNextContinuation();
-          if (!frame->GetPrevContinuation()) {
+          if (!frame->GetPrevContinuation() || !subParagraph->mReset) {
             subParagraph->Reset(kid, aBpd);
           }
           TraverseFrames(aBlockFrame, aLineIter, kid, subParagraph);
           if (isLastContinuation) {
             ResolveParagraph(aBlockFrame, subParagraph);
           }
 
           // Treat the element as a neutral character within its containing