Bug 1248551 - memset levState at the begining of ResolveImplicitLevels and avoid assigning -1 to levState.startON that could cause a bad access. r?roc
MozReview-Commit-ID: 5BOwIu721Oe
--- a/layout/base/nsBidi.cpp
+++ b/layout/base/nsBidi.cpp
@@ -1479,32 +1479,33 @@ void nsBidi::ResolveImplicitLevels(int32
{
const DirProp *dirProps = mDirProps;
DirProp dirProp;
LevState levState;
int32_t i, start1, start2;
uint16_t oldStateImp, stateImp, actionImp;
uint8_t gprop, resProp, cell;
+ memset(&levState, 0, sizeof(LevState));
/* initialize for property and levels state tables */
levState.runStart = aStart;
levState.runLevel = mLevels[aStart];
levState.pImpTab = impTab[levState.runLevel & 1];
levState.pImpAct = impAct0;
/* The isolates[] entries contain enough information to
resume the bidi algorithm in the same state as it was
when it was interrupted by an isolate sequence. */
if (dirProps[aStart] == PDI && mIsolateCount >= 0) {
start1 = mIsolates[mIsolateCount].start1;
stateImp = mIsolates[mIsolateCount].stateImp;
levState.state = mIsolates[mIsolateCount].state;
mIsolateCount--;
} else {
- levState.startON = -1;
+ levState.startON = 0;
start1 = aStart;
if (dirProps[aStart] == NSM) {
stateImp = 1 + aSOR;
} else {
stateImp = 0;
}
levState.state = 0;
ProcessPropertySeq(&levState, aSOR, aStart, aStart);