mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-08 19:04:45 +00:00
Bug 849688 - Crash with getStartPositionOfChar when argument is out of range. r=dholbert
This commit is contained in:
parent
c51c03843a
commit
63e1a3e1f6
11
layout/svg/crashtests/849688-1.svg
Normal file
11
layout/svg/crashtests/849688-1.svg
Normal file
@ -0,0 +1,11 @@
|
||||
<svg xmlns="http://www.w3.org/2000/svg">
|
||||
|
||||
<text></text>
|
||||
|
||||
<script>
|
||||
window.addEventListener("load", function() {
|
||||
document.getElementsByTagName('text')[0].getStartPositionOfChar(1);
|
||||
}, false);
|
||||
</script>
|
||||
|
||||
</svg>
|
After Width: | Height: | Size: 212 B |
11
layout/svg/crashtests/849688-2.svg
Normal file
11
layout/svg/crashtests/849688-2.svg
Normal file
@ -0,0 +1,11 @@
|
||||
<svg xmlns="http://www.w3.org/2000/svg">
|
||||
|
||||
<text>X</text>
|
||||
|
||||
<script>
|
||||
window.addEventListener("load", function() {
|
||||
document.getElementsByTagName('text')[0].getStartPositionOfChar(2);
|
||||
}, false);
|
||||
</script>
|
||||
|
||||
</svg>
|
After Width: | Height: | Size: 213 B |
@ -157,3 +157,5 @@ load 842009-1.svg
|
||||
load 842909-1.svg
|
||||
load 843072-1.svg
|
||||
load 847139-1.svg
|
||||
load 849688-1.svg
|
||||
load 849688-2.svg
|
||||
|
@ -3618,11 +3618,6 @@ nsSVGTextFrame2::GetComputedTextLength(nsIContent* aContent)
|
||||
{
|
||||
UpdateGlyphPositioning(false);
|
||||
|
||||
nsIFrame* kid = GetFirstPrincipalChild();
|
||||
if (!kid) {
|
||||
return 0.0f;
|
||||
}
|
||||
|
||||
float cssPxPerDevPx = PresContext()->
|
||||
AppUnitsToFloatCSSPixels(PresContext()->AppUnitsPerDevPixel());
|
||||
|
||||
@ -3647,18 +3642,13 @@ nsSVGTextFrame2::GetSubStringLength(nsIContent* aContent,
|
||||
{
|
||||
UpdateGlyphPositioning(false);
|
||||
|
||||
nsIFrame* kid = GetFirstPrincipalChild();
|
||||
if (!kid) {
|
||||
return 0.0f;
|
||||
}
|
||||
|
||||
// Convert charnum/nchars from addressable characters relative to
|
||||
// aContent to global character indices.
|
||||
CharIterator chit(this, CharIterator::eAddressable, aContent);
|
||||
if (!chit.AdvanceToSubtree() ||
|
||||
chit.AtEnd() ||
|
||||
!chit.Next(charnum) ||
|
||||
chit.IsAfterSubtree() ||
|
||||
chit.AtEnd()) {
|
||||
chit.IsAfterSubtree()) {
|
||||
return 0.0f;
|
||||
}
|
||||
charnum = chit.TextElementCharIndex();
|
||||
@ -3717,11 +3707,6 @@ nsSVGTextFrame2::GetCharNumAtPosition(nsIContent* aContent,
|
||||
{
|
||||
UpdateGlyphPositioning(false);
|
||||
|
||||
nsIFrame* kid = GetFirstPrincipalChild();
|
||||
if (!kid) {
|
||||
return 0.0f;
|
||||
}
|
||||
|
||||
nsPresContext* context = PresContext();
|
||||
|
||||
gfxPoint p(aPoint->X(), aPoint->Y());
|
||||
@ -3757,8 +3742,8 @@ nsSVGTextFrame2::GetStartPositionOfChar(nsIContent* aContent,
|
||||
|
||||
CharIterator it(this, CharIterator::eAddressable, aContent);
|
||||
if (!it.AdvanceToSubtree() ||
|
||||
!it.Next(aCharNum) ||
|
||||
it.AtEnd()) {
|
||||
it.AtEnd() ||
|
||||
!it.Next(aCharNum)) {
|
||||
return NS_ERROR_DOM_INDEX_SIZE_ERR;
|
||||
}
|
||||
|
||||
@ -3782,8 +3767,8 @@ nsSVGTextFrame2::GetEndPositionOfChar(nsIContent* aContent,
|
||||
|
||||
CharIterator it(this, CharIterator::eAddressable, aContent);
|
||||
if (!it.AdvanceToSubtree() ||
|
||||
!it.Next(aCharNum) ||
|
||||
it.AtEnd()) {
|
||||
it.AtEnd() ||
|
||||
!it.Next(aCharNum)) {
|
||||
return NS_ERROR_DOM_INDEX_SIZE_ERR;
|
||||
}
|
||||
|
||||
@ -3820,8 +3805,8 @@ nsSVGTextFrame2::GetExtentOfChar(nsIContent* aContent,
|
||||
|
||||
CharIterator it(this, CharIterator::eAddressable, aContent);
|
||||
if (!it.AdvanceToSubtree() ||
|
||||
!it.Next(aCharNum) ||
|
||||
it.AtEnd()) {
|
||||
it.AtEnd() ||
|
||||
!it.Next(aCharNum)) {
|
||||
return NS_ERROR_DOM_INDEX_SIZE_ERR;
|
||||
}
|
||||
|
||||
@ -3872,8 +3857,8 @@ nsSVGTextFrame2::GetRotationOfChar(nsIContent* aContent,
|
||||
|
||||
CharIterator it(this, CharIterator::eAddressable, aContent);
|
||||
if (!it.AdvanceToSubtree() ||
|
||||
!it.Next(aCharNum) ||
|
||||
it.AtEnd()) {
|
||||
it.AtEnd() ||
|
||||
!it.Next(aCharNum)) {
|
||||
return NS_ERROR_DOM_INDEX_SIZE_ERR;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user