Bug 1459697: Change an assert into a runtime check to ensure we avoid a bad array index dereference.
MozReview-Commit-ID: CYeBKhDYD1F
--- a/layout/generic/nsFloatManager.cpp
+++ b/layout/generic/nsFloatManager.cpp
@@ -991,18 +991,24 @@ nsFloatManager::EllipseShapeInfo::LineEd
bEndIsBelowOrAtCenter ? aBEnd : aBEnd + (mCenter.y - aBEnd) * 2 - 1);
MOZ_ASSERT(bSmallestWithinIntervals >= mCenter.y &&
bSmallestWithinIntervals < BEnd(),
"We should have a block value within the intervals.");
size_t index = MinIntervalIndexContainingY(mIntervals,
bSmallestWithinIntervals);
- MOZ_ASSERT(index < mIntervals.Length(),
- "We should have found a matching interval for this block value.");
+ if (index >= mIntervals.Length()) {
+ // Shouldn't occur, but this indicates that this float area doesn't
+ // influence the outcome. We also avoid an illegal array index reference
+ // by returning early here.
+ NS_WARNING("We should have found a matching interval for this "
+ "block value.");
+ return 0;
+ }
// The interval is storing the line right value. If aIsLineLeft is true,
// return the line right value reflected about the center. Since this is
// an inline measurement, it's just checking the distance to an edge, and
// not a collision with a specific pixel. For that reason, we don't need
// to subtract 1 from the reflection, as we did with the block reflection.
nscoord iLineRight = mIntervals[index].XMost();
return aIsLineLeft ? iLineRight - (iLineRight - mCenter.x) * 2