Bug 827687 - Be more careful walking segments. r=bz, a=akeybl
authorL. David Baron <dbaron@dbaron.org>
Thu, 10 Jan 2013 21:14:51 -0800
changeset 127094 ea3782d7735553ffecb42d9daaa81b239605e9e9
parent 127093 3f9cc5d8098bca75cb26996a36170d424794e091
child 127095 19fcbf7bc78db4d850d10218bdf1d4b4e51c5f04
push id2151
push userlsblakk@mozilla.com
push dateTue, 19 Feb 2013 18:06:57 +0000
treeherdermozilla-beta@4952e88741ec [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz, akeybl
bugs827687
milestone20.0a2
Bug 827687 - Be more careful walking segments. r=bz, a=akeybl
layout/style/nsAnimationManager.cpp
--- a/layout/style/nsAnimationManager.cpp
+++ b/layout/style/nsAnimationManager.cpp
@@ -256,24 +256,32 @@ ElementAnimations::EnsureStyleRuleFor(Ti
         }
         properties.AddProperty(prop.mProperty);
 
         NS_ABORT_IF_FALSE(prop.mSegments.Length() > 0,
                           "property should not be in animations if it "
                           "has no segments");
 
         // FIXME: Maybe cache the current segment?
-        const AnimationPropertySegment *segment = prop.mSegments.Elements();
+        const AnimationPropertySegment *segment = prop.mSegments.Elements(),
+                               *segmentEnd = segment + prop.mSegments.Length();
         while (segment->mToKey < positionInIteration) {
           NS_ABORT_IF_FALSE(segment->mFromKey < segment->mToKey,
                             "incorrect keys");
           ++segment;
+          if (segment == segmentEnd) {
+            NS_ABORT_IF_FALSE(false, "incorrect positionInIteration");
+            break; // in order to continue in outer loop (just below)
+          }
           NS_ABORT_IF_FALSE(segment->mFromKey == (segment-1)->mToKey,
                             "incorrect keys");
         }
+        if (segment == segmentEnd) {
+          continue;
+        }
         NS_ABORT_IF_FALSE(segment->mFromKey < segment->mToKey,
                           "incorrect keys");
         NS_ABORT_IF_FALSE(segment - prop.mSegments.Elements() <
                             prop.mSegments.Length(),
                           "ran off end");
 
         if (!mStyleRule) {
           // Allocate the style rule now that we know we have animation data.