Closed Bug 267126 Opened 20 years ago Closed 20 years ago

xlib makes mozilla exit due to large image

Categories

(Core Graveyard :: GFX: Gtk, defect)

Product:
Core Graveyard
Component:
GFX: Gtk
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 210931

People

(Reporter: guninski, Assigned: blizzard)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040914 Firefox/0.10
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040914 Firefox/0.10

when visiting the above url with latest mozilla trunk (and previous versions) 
on linux mozilla exits with the following error:


The error was 'BadValue (integer parameter out of range for operation)'.
  (Details: serial 93624 error_code 2 request_code 53 minor_code 0)
  (Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the --sync command line
   option to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)


Reproducible: Always
Steps to Reproduce:
go to the url
seems confirmed on debian also.

gdb doesn't fire.

GFX:Xlib is for the xlib port of mozilla. this is not what default builds use.
Assignee: roland.mainz → blizzard
Component: GFX: Xlib → GFX: Gtk
QA Contact: timeless → ian
This is related to bug 210931 . Essentially gdb will not fire since it is a
clean exit being called. If we (mozilla) redefine the error handler then we can
trap this.
In your html you have

<img src="apache.png" style="width: 65536; height: 65536; background:
red;">asdf</img>

So for a 8bpp image of that size you'll be wanting 8*65535^2 = 32GB of memory to
build that image. That clearly bad coding. Have you ever sceen a screen that big ?
it is strange at first sight, but

1. this is linux specific - the testcase works on f*cked windoze
2. if you change <img> to <div> you'll see large scrollbars and red backround of
the <div> (without large amount of virtual memory)
As explained:

1. Of course this is linux specific. Windows doesn't have Xlib. I am not
disputing it is a bug.
2. an <img> tag creates a xserver pixmap which triggers the bug. A <div> tag
doesn't create a xserver pixmap hence it works.

Bottom line, this is a dup of aforementioned bug.
style="width: 2; height: 65536" => crash
style="width: 2; height: 65535" => no crash

something related to "short int" ?

Yes it is a short. Gregori can you close this as a dup of 210931. I have a patch
which i will attach to the aforementioned bug and carry on discussion in that bug.
Depends on: 210931
Resolving per the previous comment.

*** This bug has been marked as a duplicate of 210931 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
No longer depends on: 210931
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.