Closed
Bug 375700
Opened 18 years ago
Closed 17 years ago
JPEG file crashes Firefox everytime
Categories
(Core :: Graphics, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 371135
People
(Reporter: kbass, Unassigned)
References
()
Details
(Keywords: crash)
Attachments
(1 file)
(deleted),
image/jpeg
|
Details |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3 Click the about JPEG (which is a small file, but large pixels). Reproducible: Always Steps to Reproduce: 1. Simply visit the URL I specified 2. 3. Actual Results: Crash Expected Results: Display the image or provide an error.
On trunk, I see a SIGABRT come from here: http://lxr.mozilla.org/mozilla/source/gfx/thebes/src/gfxImageSurface.cpp#46 The image is 20,000 x 20,000 pixels, and it seems to me that we're trying to allocate an unsigned char[20000 * 20000 * 4] array.
Component: General → GFX: Thebes
Product: Firefox → Core
QA Contact: general → thebes
Version: unspecified → Trunk
OS: Linux → All
Summary: JPEG file crashes Firefox everytime on Linux. → JPEG file crashes Firefox everytime
Comment 3•18 years ago
|
||
The duped bug was about Branch, and Seamonkey, not about Trunk Bug 375732 – Huge graphic crashes SeaMonkey, but not Firefox I don't see that crash on Seamonkey Branch on Win98, both 1.0.8 and 1.1.1 I get the error message as it should be: The image “http://www.danamania.com/temp/dontloadthis.jpg” cannot be displayed, because it contains errors.
Crashes on Windows too, slightly different point. http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/modules/libpr0n/decoders/jpeg/nsJPEGDecoder.cpp&rev=1.70&mark=481#454 |this| looks totally bogus (a refcount of 0x01fafbd8...) this=0x01f0ec74 What's odd is that it's caller seems to have a valid |this|: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/modules/libpr0n/decoders/jpeg/nsJPEGDecoder.cpp&rev=1.70&mark=357#350 refcount=1 this=0x01e5d3c8 I am not sure if that should be a new bug or not. bug 293986 might also be related.
Updated•17 years ago
|
Flags: blocking1.9?
Comment 5•17 years ago
|
||
Attaching the image in question for perpetuity's sake
I'm going to guess this is related to, or perhaps a dupe of, bug 371135
Status: NEW → RESOLVED
Closed: 17 years ago
Flags: blocking1.9?
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•