Closed
Bug 329094
Opened 19 years ago
Closed 19 years ago
X error BadAlloc with 10000x1 GIF
Categories
(Firefox :: General, defect)
Tracking
()
VERIFIED
DUPLICATE
of bug 210931
People
(Reporter: dws, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.0.1) Gecko/20060202 Firefox/1.5.0.1
Build Identifier: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.0.1) Gecko/20060202 Firefox/1.5.0.1
When a 10000x1 gif image is loaded, firefox crashes with a X error "BadAlloc" (see stacktrace)
Reproducible: Always
Steps to Reproduce:
1. Open the above URL
2. Crash
Stacktrace:
#0 gdk_x_error (display=0x59070, error=0xffbedab0) at gdkmain-x11.c:599
#1 0xfe53c494 in _XError () from /usr/openwin/lib/libX11.so.4
#2 0xfe51cc9c in _XReply () from /usr/openwin/lib/libX11.so.4
#3 0xfe523dac in XSync () from /usr/openwin/lib/libX11.so.4
#4 0xfe54dc74 in _XSyncFunction () from /usr/openwin/lib/libX11.so.4
#5 0xfe51eb18 in XCreatePixmap () from /usr/openwin/lib/libX11.so.4
#6 0xfef8a608 in gdk_pixmap_new (drawable=0x67418, width=10000, height=1, depth=24) at gdkpixmap-x11.c:199
#7 0xfcc1ea78 in nsImageGTK::UpdateCachedImage (this=0x961928)
at /scratch/build/firefox-1.5.0.1-ds/mozilla/gfx/src/gtk/nsImageGTK.cpp:1613
#8 0xfcc20820 in nsImageGTK::Optimize (this=0x961928, aContext=0x0)
at /scratch/build/firefox-1.5.0.1-ds/mozilla/gfx/src/gtk/nsImageGTK.cpp:1932
#9 0xfcc36b28 in gfxImageFrame::SetMutable (this=0x72cc08, aMutable=0) at nsCOMPtr.h:848
#10 0xfcbab204 in imgContainerGIF::DecodingComplete (this=0x95a3c8) at nsCOMArray.h:162
#11 0xfcba84a4 in nsGIFDecoder2::EndGIF (aClientData=0x95a388, aAnimationLoopCount=0) at nsCOMPtr.h:848
#12 0xfcba72d0 in gif_write (gs=0x4c0e94,
buf=0x3dbe32 "-be-d705900\"\n\nAccept-Ranges: bytes\n\nContent-Length: 190\n\nKeep-Alive: timeout=15, max=30\n\nConnection:
at /scratch/build/firefox-1.5.0.1-ds/mozilla/modules/libpr0n/decoders/gif/GIF2.cpp:979
#13 0xfcba8940 in nsGIFDecoder2::ProcessData (this=0x95a388,
data=0x3dbe32 "-be-d705900\"\n\nAccept-Ranges: bytes\n\nContent-Length: 190\n\nKeep-Alive: timeout=15, max=30\n\nConnection:
at /scratch/build/firefox-1.5.0.1-ds/mozilla/modules/libpr0n/decoders/gif/nsGIFDecoder2.cpp:230
#14 0xfcba8970 in ReadDataOut (in=0x7fd558, closure=0x95a388, fromRawSegment=0x3dbd74 "GIF89a\020'\001", toOffset=0, count=190,
writeCount=0xffbee224) at /scratch/build/firefox-1.5.0.1-ds/mozilla/modules/libpr0n/decoders/gif/nsGIFDecoder2.cpp:172
#15 0xff1a7080 in nsInputStreamTee::WriteSegmentFun ()
from /usr/pack/firefox-1.5.0.1-ds/sun4u-sun-solaris2.8/firefox/libxpcom_core.so
#16 0xff1af2a4 in nsPipeInputStream::ReadSegments ()
from /usr/pack/firefox-1.5.0.1-ds/sun4u-sun-solaris2.8/firefox/libxpcom_core.so
#17 0xff1a6a10 in nsInputStreamTee::ReadSegments ()
from /usr/pack/firefox-1.5.0.1-ds/sun4u-sun-solaris2.8/firefox/libxpcom_core.so
#18 0xfcba8388 in nsGIFDecoder2::WriteFrom (this=0x95a388, inStr=0x97bbe8, count=190, _retval=0xffbee3a8)
at /scratch/build/firefox-1.5.0.1-ds/mozilla/modules/libpr0n/decoders/gif/nsGIFDecoder2.cpp:250
#19 0xfcba08b4 in imgRequest::OnDataAvailable (this=0x3cb3a0, aRequest=0x633638, ctxt=0xc00, inStr=0x97bbe8,
sourceOffset=4290700360, count=190) at nsCOMPtr.h:848
#20 0xfcb96c70 in ProxyListener::OnDataAvailable (this=0x80004005, aRequest=0x633638, ctxt=0xc00, inStr=0x97bbe8,
sourceOffset=4290700360, count=3978212) at nsCOMPtr.h:848
#21 0xfc0b1d54 in nsMediaDocumentStreamListener::OnDataAvailable ()
from /usr/pack/firefox-1.5.0.1-ds/sun4u-sun-solaris2.8/firefox/components/libgklayout.so
#22 0xfc8fa794 in nsDocumentOpenInfo::OnDataAvailable ()
from /usr/pack/firefox-1.5.0.1-ds/sun4u-sun-solaris2.8/firefox/components/libdocshell.so
#23 0xfd0b902c in nsStreamListenerTee::OnDataAvailable ()
from /usr/pack/firefox-1.5.0.1-ds/sun4u-sun-solaris2.8/firefox/components/libnecko.so
#24 0xfd14f3a8 in nsHttpChannel::OnDataAvailable ()
from /usr/pack/firefox-1.5.0.1-ds/sun4u-sun-solaris2.8/firefox/components/libnecko.so
#25 0xfd08cb9c in nsInputStreamPump::OnStateTransfer ()
from /usr/pack/firefox-1.5.0.1-ds/sun4u-sun-solaris2.8/firefox/components/libnecko.so
#26 0xfd08d61c in nsInputStreamPump::OnInputStreamReady ()
from /usr/pack/firefox-1.5.0.1-ds/sun4u-sun-solaris2.8/firefox/components/libnecko.so
#27 0xff228fe4 in nsInputStreamReadyEvent::EventHandler ()
from /usr/pack/firefox-1.5.0.1-ds/sun4u-sun-solaris2.8/firefox/libxpcom_core.so
#28 0xff1d91c0 in PL_HandleEvent () from /usr/pack/firefox-1.5.0.1-ds/sun4u-sun-solaris2.8/firefox/libxpcom_core.so
#29 0xff1d9c04 in PL_ProcessPendingEvents () from /usr/pack/firefox-1.5.0.1-ds/sun4u-sun-solaris2.8/firefox/libxpcom_core.so
#30 0xff1dc3d8 in nsEventQueueImpl::ProcessPendingEvents ()
from /usr/pack/firefox-1.5.0.1-ds/sun4u-sun-solaris2.8/firefox/libxpcom_core.so
#31 0xfc9c8538 in nsWindow::OnExposeEvent ()
from /usr/pack/firefox-1.5.0.1-ds/sun4u-sun-solaris2.8/firefox/components/libwidget_gtk2.so
#32 0xfe75cc10 in g_io_unix_dispatch () from /usr/pack/gtk-2.8.13-ds/sun4u-sun-solaris2.8/lib/libglib-2.0.so.0
#33 0xfe72f09c in g_main_context_dispatch () from /usr/pack/gtk-2.8.13-ds/sun4u-sun-solaris2.8/lib/libglib-2.0.so.0
#34 0xfe731470 in g_main_context_iterate () from /usr/pack/gtk-2.8.13-ds/sun4u-sun-solaris2.8/lib/libglib-2.0.so.0
#35 0xfe731894 in g_main_loop_run () from /usr/pack/gtk-2.8.13-ds/sun4u-sun-solaris2.8/lib/libglib-2.0.so.0
#36 0xfea20b84 in gtk_main () at gtkmain.c:991
#37 0xfc9c9078 in nsAppShell::Run () from /usr/pack/firefox-1.5.0.1-ds/sun4u-sun-solaris2.8/firefox/components/libwidget_gtk2.so
#38 0xfb2aaf1c in nsAppStartup::Run ()
from /usr/pack/firefox-1.5.0.1-ds/sun4u-sun-solaris2.8/firefox/components/libtoolkitcomps.so
#39 0x000226c4 in XRE_main ()
#40 0x00018280 in _start ()
#41 0x00018280 in _start ()
|
||
Comment 1•19 years ago
|
||
*** This bug has been marked as a duplicate of 210931 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•