Bug 766305 - WSFragment should use PRInt32 for offsets, not PRInt16; r=ehsan
authorAryeh Gregor <ayg@aryeh.name>
Sun, 24 Jun 2012 09:54:42 +0300
changeset 100245 4968c2a22becc099e0cbad26b7784f3c95880c12
parent 100244 8cd2ae931ba81df8fb28623d21092bb3ab82316d
child 100246 66b3801292a0b42f6eedeb7627d1de0a8c9d5cd5
push id1729
push userlsblakk@mozilla.com
push dateMon, 16 Jul 2012 20:02:43 +0000
treeherdermozilla-aurora@f4e75e148951 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersehsan
bugs766305
milestone16.0a1
Bug 766305 - WSFragment should use PRInt32 for offsets, not PRInt16; r=ehsan
editor/libeditor/base/DeleteTextTxn.cpp
editor/libeditor/html/crashtests/766305.html
editor/libeditor/html/crashtests/crashtests.list
editor/libeditor/html/nsWSRunObject.cpp
editor/libeditor/html/nsWSRunObject.h
--- a/editor/libeditor/base/DeleteTextTxn.cpp
+++ b/editor/libeditor/base/DeleteTextTxn.cpp
@@ -66,17 +66,17 @@ DeleteTextTxn::Init(nsEditor* aEditor,
 NS_IMETHODIMP
 DeleteTextTxn::DoTransaction()
 {
   MOZ_ASSERT(mEditor && mCharData);
 
   // get the text that we're about to delete
   nsresult res = mCharData->SubstringData(mOffset, mNumCharsToDelete,
                                           mDeletedText);
-  NS_ASSERTION(NS_SUCCEEDED(res), "could not get text to delete.");
+  MOZ_ASSERT(NS_SUCCEEDED(res));
   res = mCharData->DeleteData(mOffset, mNumCharsToDelete);
   NS_ENSURE_SUCCESS(res, res);
 
   if (mRangeUpdater) {
     mRangeUpdater->SelAdjDeleteText(mCharData, mOffset, mNumCharsToDelete);
   }
 
   // only set selection to deletion point if editor gives permission
new file mode 100644
--- /dev/null
+++ b/editor/libeditor/html/crashtests/766305.html
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+
+function boom()
+{
+  var s = "x";
+  for (var i = 0; i < 15; ++i)
+    s = s + s;
+  var t = document.createTextNode(s);
+  document.body.appendChild(t);
+  window.getSelection().collapse(t, s.length);
+  document.execCommand("insertText", false, "a");
+}
+
+</script>
+</head>
+
+<body contenteditable="true" onload="boom();"></body>
+</html>
--- a/editor/libeditor/html/crashtests/crashtests.list
+++ b/editor/libeditor/html/crashtests/crashtests.list
@@ -23,8 +23,9 @@ load 612565-1.html
 asserts(0-6) load 615015-1.html # Bug 439258
 load 615450-1.html
 load 639736-1.xhtml
 load 643786-1.html
 load 682650-1.html
 load 716456-1.html
 load 759748.html
 load 761861.html
+load 766305.html
--- a/editor/libeditor/html/nsWSRunObject.cpp
+++ b/editor/libeditor/html/nsWSRunObject.cpp
@@ -1166,17 +1166,17 @@ nsWSRunObject::GetPreviousWSNode(DOMPoin
   nsCOMPtr<nsIDOMNode> node;
   PRInt32 offset;
   aPoint.GetPoint(node, offset);
   return GetPreviousWSNode(node,offset,aBlockParent,aPriorNode);
 }
 
 nsresult 
 nsWSRunObject::GetPreviousWSNode(nsIDOMNode *aStartNode,
-                                 PRInt16 aOffset, 
+                                 PRInt32 aOffset,
                                  nsIDOMNode *aBlockParent, 
                                  nsCOMPtr<nsIDOMNode> *aPriorNode)
 {
   // can't really recycle various getnext/prior routines because we
   // have special needs here.  Need to step into inline containers but
   // not block containers.
   NS_ENSURE_TRUE(aStartNode && aBlockParent && aPriorNode, NS_ERROR_NULL_POINTER);
   *aPriorNode = 0;
@@ -1274,17 +1274,17 @@ nsWSRunObject::GetNextWSNode(DOMPoint aP
   nsCOMPtr<nsIDOMNode> node;
   PRInt32 offset;
   aPoint.GetPoint(node, offset);
   return GetNextWSNode(node,offset,aBlockParent,aNextNode);
 }
 
 nsresult 
 nsWSRunObject::GetNextWSNode(nsIDOMNode *aStartNode,
-                             PRInt16 aOffset, 
+                             PRInt32 aOffset,
                              nsIDOMNode *aBlockParent, 
                              nsCOMPtr<nsIDOMNode> *aNextNode)
 {
   // can't really recycle various getnext/prior routines because we have special needs
   // here.  Need to step into inline containers but not block containers.
   NS_ENSURE_TRUE(aStartNode && aBlockParent && aNextNode, NS_ERROR_NULL_POINTER);
   *aNextNode = 0;
 
--- a/editor/libeditor/html/nsWSRunObject.h
+++ b/editor/libeditor/html/nsWSRunObject.h
@@ -174,18 +174,18 @@ class NS_STACK_CLASS nsWSRunObject
     // WSFragment struct ---------------------------------------------------------
     // WSFragment represents a single run of ws (all leadingws, or all normalws,
     // or all trailingws, or all leading+trailingws).  Note that this single run may
     // still span multiple nodes.
     struct WSFragment
     {
       nsCOMPtr<nsIDOMNode> mStartNode;  // node where ws run starts
       nsCOMPtr<nsIDOMNode> mEndNode;    // node where ws run ends
-      PRInt16 mStartOffset;             // offset where ws run starts
-      PRInt16 mEndOffset;               // offset where ws run ends
+      PRInt32 mStartOffset;             // offset where ws run starts
+      PRInt32 mEndOffset;               // offset where ws run ends
       PRInt16 mType, mLeftType, mRightType;  // type of ws, and what is to left and right of it
       WSFragment *mLeft, *mRight;            // other ws runs to left or right.  may be null.
 
       WSFragment() : mStartNode(0),mEndNode(0),mStartOffset(0),
                      mEndOffset(0),mType(0),mLeftType(0),
                      mRightType(0),mLeft(0),mRight(0) {}
     };
     
@@ -234,27 +234,27 @@ class NS_STACK_CLASS nsWSRunObject
     void     ClearRuns();
     void     MakeSingleWSRun(PRInt16 aType);
     nsresult PrependNodeToList(nsIDOMNode *aNode);
     nsresult AppendNodeToList(nsIDOMNode *aNode);
     nsresult GetPreviousWSNode(nsIDOMNode *aStartNode, 
                                nsIDOMNode *aBlockParent, 
                                nsCOMPtr<nsIDOMNode> *aPriorNode);
     nsresult GetPreviousWSNode(nsIDOMNode *aStartNode,
-                               PRInt16      aOffset, 
+                               PRInt32      aOffset,
                                nsIDOMNode  *aBlockParent, 
                                nsCOMPtr<nsIDOMNode> *aPriorNode);
     nsresult GetPreviousWSNode(DOMPoint aPoint,
                                nsIDOMNode  *aBlockParent, 
                                nsCOMPtr<nsIDOMNode> *aPriorNode);
     nsresult GetNextWSNode(nsIDOMNode *aStartNode, 
                            nsIDOMNode *aBlockParent, 
                            nsCOMPtr<nsIDOMNode> *aNextNode);
     nsresult GetNextWSNode(nsIDOMNode *aStartNode,
-                           PRInt16     aOffset, 
+                           PRInt32     aOffset,
                            nsIDOMNode *aBlockParent, 
                            nsCOMPtr<nsIDOMNode> *aNextNode);
     nsresult GetNextWSNode(DOMPoint aPoint,
                            nsIDOMNode  *aBlockParent, 
                            nsCOMPtr<nsIDOMNode> *aNextNode);
     nsresult PrepareToDeleteRangePriv(nsWSRunObject* aEndObject);
     nsresult PrepareToSplitAcrossBlocksPriv();
     nsresult DeleteChars(nsIDOMNode *aStartNode, PRInt32 aStartOffset,