From fd42606e30e4ad7ebb81f208ecda9818d6874562 Mon Sep 17 00:00:00 2001 From: Boris Zbarsky Date: Tue, 3 Oct 2017 18:50:10 -0400 Subject: [PATCH] Bug 1402766 - Work around layout violating its own invariants and causing stylo code to crash. r=emilio, a=sledru MozReview-Commit-ID: 3ggJI0qmOJV --HG-- extra : source : 71d02a129bebc9dfd804b1babb8fae587d1930a8 extra : histedit_source : d36726bf4182c3820a3f8efd2d2599b114cb55c4 --- layout/generic/crashtests/1405443.html | 19 +++++++++++++++++++ layout/generic/crashtests/crashtests.list | 1 + layout/generic/nsInlineFrame.cpp | 7 +++++++ 3 files changed, 27 insertions(+) create mode 100644 layout/generic/crashtests/1405443.html diff --git a/layout/generic/crashtests/1405443.html b/layout/generic/crashtests/1405443.html new file mode 100644 index 00000000000000..79313ae1c4d49b --- /dev/null +++ b/layout/generic/crashtests/1405443.html @@ -0,0 +1,19 @@ + + + +
+A + + + +
diff --git a/layout/generic/crashtests/crashtests.list b/layout/generic/crashtests/crashtests.list index 25c2c32470fc34..07cc75ea0f9a6f 100644 --- a/layout/generic/crashtests/crashtests.list +++ b/layout/generic/crashtests/crashtests.list @@ -660,3 +660,4 @@ load 1368617-1.html load 1373586.html load 1401709.html load 1401807.html +asserts(11) load 1405443.html # bug 1405443 diff --git a/layout/generic/nsInlineFrame.cpp b/layout/generic/nsInlineFrame.cpp index 089178a6ada254..ce62f822bda032 100644 --- a/layout/generic/nsInlineFrame.cpp +++ b/layout/generic/nsInlineFrame.cpp @@ -1065,6 +1065,13 @@ nsInlineFrame::UpdateStyleOfOwnedAnonBoxesForIBSplit( } nsIFrame* nextInline = blockFrame->GetProperty(nsIFrame::IBSplitSibling()); + + // This check is here due to bug 1405443. Please remove it once + // that bug is fixed. + if (!nextInline) { + break; + } + MOZ_ASSERT(nextInline, "There is always a trailing inline in an IB split"); for (nsIFrame* cont = nextInline; cont; cont = cont->GetNextContinuation()) {