From 6e79bdd62a59c64cb1590b60c01be72a8860fb66 Mon Sep 17 00:00:00 2001
From: "brettw@google.com"
 <brettw@google.com@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Wed, 30 Jul 2008 23:12:20 +0000
Subject: This changes the assertion somewhat. We get NULL a lot, just with no
 characters. The case we want to catch is when there is a character count but
 no characters.

BUG=1296904

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@145 0039d316-1c4b-4281-b951-d872f2087c98
---
 webkit/glue/webframe_impl.cc | 27 +++++++++++++++++++++------
 1 file changed, 21 insertions(+), 6 deletions(-)

diff --git a/webkit/glue/webframe_impl.cc b/webkit/glue/webframe_impl.cc
index d6288ed..cdfe972 100644
--- a/webkit/glue/webframe_impl.cc
+++ b/webkit/glue/webframe_impl.cc
@@ -121,6 +121,7 @@
 #include "base/gfx/bitmap_platform_device.h"
 #include "base/gfx/rect.h"
 #include "base/gfx/platform_canvas.h"
+#include "base/logging.h"
 #include "base/message_loop.h"
 #include "base/stats_counters.h"
 #include "base/string_util.h"
@@ -205,13 +206,27 @@ static void FrameContentAsPlainText(int max_chars, Frame* frame,
     // string conversion.
     for (TextIterator it(range.get()); !it.atEnd(); it.advance()) {
       const wchar_t* chars = reinterpret_cast<const wchar_t*>(it.characters());
-      if (chars) {
-        int to_append = std::min(it.length(),
-                                 max_chars - static_cast<int>(output->size()));
-        output->append(chars, to_append);
-        if (output->size() >= static_cast<size_t>(max_chars))
-          return;  // Filled up the buffer.
+      if (!chars) {
+        // It appears from crash reports that an iterator can get into a state
+        // where the character count is nonempty but the character pointer is
+        // NULL. advance()ing it will then just add that many to the NULL
+        // pointer which won't be caught in a NULL check but will crash.
+        //
+        // So as soon as we see a NULL character pointer, we know that the
+        // iterator is done and we should not continue.
+        //
+        // IF YOU CATCH THIS IN A DEBUGGER please let brettw know. We don't
+        // currently understand the conditions for this to occur. Ideally, the
+        // iterators would never get into the condition so we should fix them
+        // if we can.
+        DCHECK(it.length() == 0);
+        break;
       }
+      int to_append = std::min(it.length(),
+                               max_chars - static_cast<int>(output->size()));
+      output->append(chars, to_append);
+      if (output->size() >= static_cast<size_t>(max_chars))
+        return;  // Filled up the buffer.
     }
   }
 
-- 
cgit v1.1