Closed
Bug 124767
Opened 23 years ago
Closed 22 years ago
GIF images >4095 pixels wide crash Mozilla [@ HaveDecodedRow]
Categories
(Core :: Graphics: ImageLib, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: sdagley, Assigned: bryner)
References
()
Details
(Keywords: crash)
Crash Data
GIF images >4095 pixels wide crash Mozilla on the Mac (both under Mac OS 9.x and
Mac OS X). This problem does not occur on the Windows build of Mozilla 0.9.8.
Here's the stack of the crash under Mac OS X:
Exception: EXC_BAD_ACCESS (0x0001)
Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000000
Thread 0 Crashed:
#0 0x039aa858 in HaveDecodedRow(void *, unsigned char *, int, int, int, int,
unsigned char, int)
#1 0x039aa71c in 0x39aa71c
#2 0x039aae88 in output_row(gif_struct *)
#3 0x039ab1cc in do_lzw(gif_struct *, unsigned char const *)
#4 0x039abd00 in 0x39abd00
#5 0x039aa130 in nsGIFDecoder2::ProcessData(unsigned char *, unsigned int)
#6 0x039a9ea4 in ReadDataOut(nsIInputStream *, void *, char const *, unsigned
int, unsigned int, unsigned int *)
#7 0x005d9044 in nsPipe::nsPipeInputStream::ReadSegments( (
(*)(nsIInputStream *)))
#8 0x039aa1f8 in nsGIFDecoder2::WriteFrom(nsIInputStream *, unsigned int,
unsigned int *)
#9 0x03054418 in OnDataAvailable__10imgRequestFP10nsIRequestP11nsISupportsP14ns
#10 0x03050a74 in OnDataAvailable__13ProxyListenerFP10nsIRequestP11nsISupportsP1
#11 0x02c84b80 in OnDataAvailable__13ImageListenerFP10nsIRequestP11nsISupportsP1
#12 0x02ac8de8 in OnDataAvailable__18nsDocumentOpenInfoFP10nsIRequestP11nsISuppo
#13 0x010397cc in OnDataAvailable__13nsFileChannelFP10nsIRequestP11nsISupportsP1
#14 0x01048b20 in nsOnDataAvailableEvent::HandleEvent(void)
#15 0x01057150 in nsARequestObserverEvent::HandlePLEvent(PLEvent *)
#16 0x005f8a30 in PL_HandleEvent
#17 0x005f889c in PL_ProcessPendingEvents
#18 0x0059f17c in nsEventQueueImpl::ProcessPendingEvents(void)
#19 0x0299c84c in nsMacNSPREventQueueHandler::ProcessPLEventQueue(void)
#20 0x0299c610 in nsMacNSPREventQueueHandler::RepeatAction(EventRecord const &)
#21 0x01196b14 in Repeater::DoRepeaters(EventRecord const &)
#22 0x029afaf8 in nsMacMessagePump::DispatchEvent(int, EventRecord *)
#23 0x029af6d0 in nsMacMessagePump::DoMessagePump(void)
#24 0x029af00c in nsAppShell::Run(void)
#25 0x0296ce4c in nsAppShellService::Run(void)
#26 0x004cebb4 in main1(int, char **, nsISupports *)
#27 0x004cf68c in main
Reporter | ||
Comment 2•23 years ago
|
||
Not that it isn't related but I don't think it's exactly a dupe since my test of
the Windows 0.9.8 build did not crash on a 4096x1 pixel GIF image like the Mac
builds did.
Comment 3•23 years ago
|
||
dup of 113406
*** This bug has been marked as a duplicate of 113406 ***
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
Reporter | ||
Comment 4•23 years ago
|
||
Pav, look again - #113406 is a failure to display an image. This is a crasher.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
Comment 5•23 years ago
|
||
Then this must be a dupe of bug 120781.
*** This bug has been marked as a duplicate of 120781 ***
Status: REOPENED → RESOLVED
Closed: 23 years ago → 23 years ago
Resolution: --- → DUPLICATE
Comment 6•22 years ago
|
||
Reopening. This bug is not a dup of bug 120781. Wide JPEG image do not cause
crashes, but wide GIF images do. The bug cannot therefore lie in the Mac GFX
code, since that has no notion of image formats. The problem here is that the
GIF code does insufficient error checking.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
Comment 7•22 years ago
|
||
*** Bug 152381 has been marked as a duplicate of this bug. ***
Severity: major → critical
Summary: GIF images >4095 pixels wide crash Mozilla → GIF images >4095 pixels wide crash Mozilla [@ HaveDecodedRow]
Comment 8•22 years ago
|
||
Umm, bryner and I fixed this Friday night in the GIF code. Giving to him for
closure as appropriate
Assignee: pavlov → bryner
Status: REOPENED → NEW
Comment 9•22 years ago
|
||
*** Bug 154660 has been marked as a duplicate of this bug. ***
Comment 10•22 years ago
|
||
*** Bug 154716 has been marked as a duplicate of this bug. ***
Assignee | ||
Comment 11•22 years ago
|
||
What saari said.
Status: NEW → RESOLVED
Closed: 23 years ago → 22 years ago
Resolution: --- → FIXED
Updated•13 years ago
|
Crash Signature: [@ HaveDecodedRow]
You need to log in
before you can comment on or make changes to this bug.
Description
•