Package: mozilla-firefox
Version: 1.0.99+deerpark-alpha2-2
I found a segfault bug with textareas in Ubuntu's Firefox. The Ubuntu
code is based on 1.0.6 and has been heavily patched, and the bug is in
one of those patches. I checked
mozilla-firefox-1.0.99+deerpark-alpha2-2 and the corresponding
orig.tar.gz and the same bug appears to be in that version of the
code, although the file name has changed (to
layout/generic/nsTextFrame.cpp).
For reference, I have reported this to the Mozilla Bugzilla (307537)
and of course it is in the Ubuntu bugzilla too (10257).
Thanks for your attention,
Ian.
--- orig/firefox-1.0.6/layout/html/base/src/nsTextFrame.cpp 2005-09-08
19:11:43.000000000 +0100
+++ firefox-1.0.6/layout/html/base/src/nsTextFrame.cpp 2005-09-08
18:07:18.000000000 +0100
@@ -4008,12 +4008,6 @@
}
PRInt32* ip = indexBuffer.mBuffer;
- nsAutoIndexBuffer clusterBuffer;
- rv = clusterBuffer.GrowTo(mContentLength + 1);
- if (NS_FAILED(rv)) {
- return rv;
- }
-
PRInt32 textLength;
nsresult result(NS_ERROR_FAILURE);
aPos->mResultContent = mContent;//do this right off
@@ -4055,6 +4049,12 @@
nsTextTransformer tx(doc->GetLineBreaker(), nsnull, aPresContext);
PrepareUnicodeText(tx, &indexBuffer, &paintBuffer, &textLength);
+ nsAutoIndexBuffer clusterBuffer;
+ rv = clusterBuffer.GrowTo(textLength + 1);
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+
nsIFrame *frameUsed = nsnull;
PRInt32 start;
PRBool found = PR_TRUE;
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
