Closed
Bug 413931
Opened 17 years ago
Closed 17 years ago
Crash [@nsGIFDecoder2::DoLzw] when loading GIF file, part 2
Categories
(Core :: Graphics: ImageLib, defect, P2)
Core
Graphics: ImageLib
Tracking
()
VERIFIED
FIXED
mozilla1.9beta3
People
(Reporter: martijn.martijn, Assigned: alfredkayser)
References
Details
(Keywords: crash, regression, testcase)
Crash Data
Attachments
(2 files, 4 obsolete files)
(deleted),
patch
|
Details | Diff | Splinter Review | |
(deleted),
image/gif
|
Details |
I had this image stored on my computer. No idea how I got it. Perhaps, I downloaded it from a bug where that image was crashing too in older builds or something.
http://crash-stats.mozilla.com/report/index/e457fab3-cade-11dc-a0db-001a4bd46e84
Frame Signature Source
0 nsGIFDecoder2::DoLzw(unsigned char const*) mozilla/modules/libpr0n/decoders/gif/nsGIFDecoder2.cpp:614
1 nsGIFDecoder2::GifWrite(unsigned char const*, unsigned int) mozilla/modules/libpr0n/decoders/gif/nsGIFDecoder2.cpp:769
2 ReadDataOut mozilla/modules/libpr0n/decoders/gif/nsGIFDecoder2.cpp:190
3 nsPipeInputStream::ReadSegments(unsigned int (*)(nsIInputStream*, void*, char const*, unsigned int, unsigned int, unsigned int*), void*, unsigned int, unsigned int*) mozilla/xpcom/io/nsPipe3.cpp:799
4 nsGIFDecoder2::WriteFrom(nsIInputStream*, unsigned int, unsigned int*) mozilla/modules/libpr0n/decoders/gif/nsGIFDecoder2.cpp:262
5 imgRequest::OnDataAvailable(nsIRequest*, nsISupports*, nsIInputStream*, unsigned int, unsigned int) mozilla/modules/libpr0n/src/imgRequest.cpp:861
6 ProxyListener::OnDataAvailable(nsIRequest*, nsISupports*, nsIInputStream*, unsigned int, unsigned int) mozilla/modules/libpr0n/src/imgLoader.cpp:877
This wasn't fixed by bug 413373, because I crash in the 2008-01-24 build, but not with the testcase from bug 413373.
This regressed between 2007-06-25 and 2007-06-26:
http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=all&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2007-06-25+04&maxdate=2007-06-26+09&cvsroot=%2Fcvsroot
So I guess a regression from bug 196295.
Assignee | ||
Comment 1•17 years ago
|
||
Another fix to prevent crashes on malformed LZW data in GIF's.
Attachment #299063 -
Attachment is obsolete: true
Attachment #299130 -
Flags: superreview?(tor)
Attachment #299130 -
Flags: review?(pavlov)
Assignee | ||
Comment 2•17 years ago
|
||
Note, the patch is a local diff as I don't have cvs access today
Assignee: nobody → alfredkayser
Attachment #299130 -
Attachment is obsolete: true
Status: NEW → ASSIGNED
Attachment #299131 -
Flags: superreview?(tor)
Attachment #299131 -
Flags: review?(pavlov)
Attachment #299131 -
Flags: approval1.9?
Attachment #299130 -
Flags: superreview?(tor)
Attachment #299130 -
Flags: review?(pavlov)
Comment 3•17 years ago
|
||
Comment on attachment 299130 [details] [diff] [review]
Quick fix to prevent crashes on array out of bounds
this diff seems to have some issues..
Attachment #299130 -
Attachment is obsolete: false
Updated•17 years ago
|
Attachment #299131 -
Flags: review?(pavlov) → review+
Assignee | ||
Comment 4•17 years ago
|
||
This evening (CET time) I will try to upload a real cvs diff
Attachment #299131 -
Flags: superreview?(tor) → superreview+
Assignee | ||
Updated•17 years ago
|
Flags: blocking1.9?
Keywords: checkin-needed
Comment 5•17 years ago
|
||
Comment on attachment 299131 [details] [diff] [review]
V2: Remove the cruft from the patch file
a=beltzner for 1.9
Attachment #299131 -
Flags: approval1.9? → approval1.9+
Assignee | ||
Comment 6•17 years ago
|
||
Attachment #299130 -
Attachment is obsolete: true
Attachment #299131 -
Attachment is obsolete: true
Assignee | ||
Comment 7•17 years ago
|
||
Attachment #299246 -
Attachment is obsolete: true
Comment 8•17 years ago
|
||
Can we get this image in the testsuite as well?
Flags: in-testsuite?
Flags: blocking1.9?
Flags: blocking1.9+
Priority: -- → P2
Comment 9•17 years ago
|
||
Checking in modules/libpr0n/decoders/gif/nsGIFDecoder2.cpp;
/cvsroot/mozilla/modules/libpr0n/decoders/gif/nsGIFDecoder2.cpp,v <-- nsGIFDecoder2.cpp
new revision: 1.96; previous revision: 1.95
done
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Keywords: checkin-needed
OS: Windows XP → All
Hardware: PC → All
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9 M11
Comment 10•17 years ago
|
||
So who's going to add a crashtest for this (search the tree for examples)? Alfred?
Assignee | ||
Comment 11•17 years ago
|
||
Assignee | ||
Comment 12•17 years ago
|
||
Who can put the file of https://bugzilla.mozilla.org/attachment.cgi?id=299702 into the testsuite?
Comment 13•17 years ago
|
||
I wrote a simple reftest/crashtest the image, but ran into a problem. See bug 414185 for details (marked blocking this one).
Alfred: Is you last attachment the same image as the first attachment in this bug?
Assignee | ||
Comment 14•17 years ago
|
||
Yes, it is. There are no other images which display the same bug.
Reporter | ||
Comment 15•17 years ago
|
||
There is another image here, that was fixed by this patch:
http://martijn.martijn.googlepages.com/200px-Rotating_earth_large.gif
But it's a bit large.
Reporter | ||
Comment 16•17 years ago
|
||
Verified fixed, using:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b3pre) Gecko/2008012704 Minefield/3.0b3pre
Status: RESOLVED → VERIFIED
Updated•13 years ago
|
Crash Signature: [@nsGIFDecoder2::DoLzw]
Updated•13 years ago
|
Attachment #299702 -
Attachment is patch: false
Attachment #299702 -
Attachment mime type: text/plain → image/gif
You need to log in
before you can comment on or make changes to this bug.
Description
•