Bug 1291082 - ContentCache::TextRectArray::GetUnionRectAsFarAsPossible() should avoid crash by itself. r=m_kato, a=ritu
authorMasayuki Nakano <masayuki@d-toybox.com>
Wed, 17 Aug 2016 00:15:44 +0900
changeset 462118 5e550887033a95f63a6382795cc7d49de33b5951
parent 462117 590db93819a56ed477aff263e452ee4991de6b04
child 462119 533c2e8ef2abc0cb0e1c846e280a581f1c58fb08
push id41678
push userfelipc@gmail.com
push dateMon, 16 Jan 2017 20:19:38 +0000
reviewersm_kato, ritu
bugs1291082
milestone50.1.0
Bug 1291082 - ContentCache::TextRectArray::GetUnionRectAsFarAsPossible() should avoid crash by itself. r=m_kato, a=ritu ContentCache::TextRectArray::GetUnionRectAsFarAsPossible() should avoid crash by itself even if it's caller's bug. This makes parent process more stable, that is what one of the purpose of e10s is. MozReview-Commit-ID: qKAfvm6eZw
widget/ContentCache.cpp
--- a/widget/ContentCache.cpp
+++ b/widget/ContentCache.cpp
@@ -1167,29 +1167,31 @@ ContentCache::TextRectArray::GetUnionRec
 }
 
 LayoutDeviceIntRect
 ContentCache::TextRectArray::GetUnionRectAsFarAsPossible(
                                uint32_t aOffset,
                                uint32_t aLength,
                                bool aRoundToExistingOffset) const
 {
-  MOZ_ASSERT(HasRects());
-
   LayoutDeviceIntRect rect;
-  if (!aRoundToExistingOffset && !IsOverlappingWith(aOffset, aLength)) {
+  if (!HasRects() ||
+      (!aRoundToExistingOffset && !IsOverlappingWith(aOffset, aLength))) {
     return rect;
   }
   uint32_t startOffset = std::max(aOffset, mStart);
   if (aRoundToExistingOffset && startOffset >= EndOffset()) {
     startOffset = EndOffset() - 1;
   }
   uint32_t endOffset = std::min(aOffset + aLength, EndOffset());
   if (aRoundToExistingOffset && endOffset < mStart + 1) {
     endOffset = mStart + 1;
   }
+  if (NS_WARN_IF(endOffset < startOffset)) {
+    return rect;
+  }
   for (uint32_t i = 0; i < endOffset - startOffset; i++) {
     rect = rect.Union(mRects[startOffset - mStart + i]);
   }
   return rect;
 }
 
 } // namespace mozilla