Bug 410228. Fix crash when an uppercased szlig has a font-change in the middle of it, r=smontagu
authorroc+@cs.cmu.edu
Wed, 09 Jan 2008 15:33:34 -0800
changeset 10106 159b47d55dc4d21598bd3071eaacc7b97dc0c299
parent 10105 e74cc245ea6d172067165a99cab39a26b714fb5e
child 10107 a11c54f4baab27db92fa4c2ab9085d0bc3563629
push idunknown
push userunknown
push dateunknown
reviewerssmontagu
bugs410228
milestone1.9b3pre
Bug 410228. Fix crash when an uppercased szlig has a font-change in the middle of it, r=smontagu
gfx/thebes/src/gfxFont.cpp
layout/generic/nsTextRunTransformations.cpp
--- a/gfx/thebes/src/gfxFont.cpp
+++ b/gfx/thebes/src/gfxFont.cpp
@@ -1722,16 +1722,18 @@ gfxTextRun::CountMissingGlyphs()
         }
     }
     return count;
 }
 
 gfxTextRun::DetailedGlyph *
 gfxTextRun::AllocateDetailedGlyphs(PRUint32 aIndex, PRUint32 aCount)
 {
+    NS_ASSERTION(aIndex < mCharacterCount, "Index out of range");
+
     if (!mCharacterGlyphs)
         return nsnull;
 
     if (!mDetailedGlyphs) {
         mDetailedGlyphs = new nsAutoArrayPtr<DetailedGlyph>[mCharacterCount];
         if (!mDetailedGlyphs) {
             mCharacterGlyphs[aIndex].SetMissing(0);
             return nsnull;
--- a/layout/generic/nsTextRunTransformations.cpp
+++ b/layout/generic/nsTextRunTransformations.cpp
@@ -235,23 +235,31 @@ MergeCharactersInTextRun(gfxTextRun* aDe
         continue;
       }
 
       NS_ASSERTION(mergeRunStart == k ||
                    (g.IsClusterStart() && g.IsLigatureGroupStart() &&
                     !g.IsLowSurrogate()),
                    "Don't know how to merge this stuff");
 
-      if (anyMissing) {
-        g.SetMissing(glyphs.Length());
-      } else {
-        g.SetComplex(PR_TRUE, PR_TRUE, glyphs.Length());
+      // If the start of the merge run is actually a character that should
+      // have been merged with the previous character (this can happen
+      // if there's a font change in the middle of a szlig, for example),
+      // just discard the entire merge run. See comment at start of this
+      // function.
+      if (!aCharsToMerge[mergeRunStart]) {
+        if (anyMissing) {
+          g.SetMissing(glyphs.Length());
+        } else {
+          g.SetComplex(PR_TRUE, PR_TRUE, glyphs.Length());
+        }
+        aDest->SetGlyphs(offset, g, glyphs.Elements());
+        ++offset;
       }
-      aDest->SetGlyphs(offset, g, glyphs.Elements());
-      ++offset;
+
       glyphs.Clear();
       anyMissing = PR_FALSE;
       mergeRunStart = k + 1;
     }
     NS_ASSERTION(glyphs.Length() == 0,
                  "Leftover glyphs, don't request merging of the last character with its next!");  
   }
   NS_ASSERTION(offset == aDest->GetLength(), "Bad offset calculations");