Closed
Bug 516772
Opened 15 years ago
Closed 15 years ago
nsImageFrame ends up using random values for image size if mError set in imgContainer
Categories
(Core :: Graphics: ImageLib, defect)
Tracking
()
RESOLVED
FIXED
mozilla1.9.3a3
Tracking | Status | |
---|---|---|
blocking2.0 | --- | final+ |
People
(Reporter: bzbarsky, Assigned: joe)
References
Details
(Whiteboard: [decodeondraw])
Attachments
(1 file)
(deleted),
patch
|
bholley
:
review+
bzbarsky
:
review+
|
Details | Diff | Splinter Review |
This is a regression from bug 435296. I'm looking at this callstack:
#0 imgContainer::GetWidth (this=0x1679ffb0, aWidth=0xbfffa664) at /Users/bzbarsky/mozilla/css-frameconst/mozilla/modules/libpr0n/src/imgContainer.cpp:347
#1 0x11caa8e3 in nsImageFrame::UpdateIntrinsicSize (this=0x170c0f0, aImage=0x1679ffb0) at /Users/bzbarsky/mozilla/css-frameconst/mozilla/layout/generic/nsImageFrame.cpp:282
#2 0x11cab7bd in nsImageFrame::EnsureIntrinsicSize (this=0x170c0f0, aPresContext=0x12ab600) at /Users/bzbarsky/mozilla/css-frameconst/mozilla/layout/generic/nsImageFrame.cpp:649
#3 0x11caf907 in nsImageFrame::ComputeSize (this=0x170c0f0, aRenderingContext=0x167a0c30, aCBSize=@0xbfffa7c8, aAvailableWidth=66300, aMargin=@0xbfffa7c0, aBorder=@0xbfffa7b8, aPadding=@0xbfffa7b0, aShrinkWrap=1) at /Users/bzbarsky/mozilla/css-frameconst/mozilla/layout/generic/nsImageFrame.cpp:672
Now in frame 2, STATUS_SIZE_AVAILABLE is set, so we assume we can get the size from the imgContainer. but GetWidth/GetHeight actually return error and don't set the out param, ever since bug 435296 landed. That means we end up using random values (whatever was on the stack) for the image width/height.
I'm not sure whether the right fix is to change the nsImageFrame code or to change imgContainer to return the size if it has one, or to change imgRequest to not claim STATUS_SIZE_AVAILABLE in this situation, but _something_ needs to get changed.
Reporter | ||
Comment 1•15 years ago
|
||
My preference would be to make the imgIRequest status match whatever is going on (whichever way that's done). All sorts of things rely on that status being reliable.
Updated•15 years ago
|
Whiteboard: [decodeondraw]
Reporter | ||
Comment 2•15 years ago
|
||
Picking a random owner, but if Bobby is the right owner, please ressign. This is causing random reftest and page bustage over here...
Assignee: nobody → joe
blocking2.0: --- → ?
Assignee | ||
Comment 3•15 years ago
|
||
Boris, I'm hoping to look at decode-on-draw regressions RSN. Do you have a particular URL/reftest where this happens?
Reporter | ||
Comment 4•15 years ago
|
||
I'll comment next time I'm reftesting in a debug build and hit this... I think all it really takes to reproduce, though, is an image with a correct size header and then bogus image data somewhere down the line. Plus luck on the timing.
Assignee | ||
Comment 5•15 years ago
|
||
This should make it so that, if we find an error, we'll clear our status bits. I'm pretty sure this is 100% safe, but there is a somewhat-worrying comment in OnStopDecode about being about the _load_ and not the _decode_, so I want bholley to take a long, hard look at this.
Attachment #408095 -
Flags: review?(bobbyholley)
Updated•15 years ago
|
Attachment #408095 -
Flags: review?(bzbarsky)
Attachment #408095 -
Flags: review?(bobbyholley)
Attachment #408095 -
Flags: review+
Comment 6•15 years ago
|
||
Comment on attachment 408095 [details] [diff] [review]
clear success bits on failure in OnStopDecode
The comment isn't relevant here. That's saying that above imgRequest.cpp, OnStopDecode is about loads, but it's still what it should be in imgRequest.cpp and below. r=bholley
Flagging bz for review to make sure he's ok with potentially setting STATUS_ERROR in more cases than we used to. In particular, the old system would just squelch all image decoding errors, and return the cached size even if the rest of decoding failed.
This gets into the bigger issue of bug 514033. But I'm still chugging along at a snail's pace through other bugs. so...
Reporter | ||
Comment 7•15 years ago
|
||
Comment on attachment 408095 [details] [diff] [review]
clear success bits on failure in OnStopDecode
r=bzbarsky. Sorry for the terrible lag here. :(
Attachment #408095 -
Flags: review?(bzbarsky) → review+
Updated•15 years ago
|
Keywords: checkin-needed
Comment 8•15 years ago
|
||
Status: NEW → RESOLVED
Closed: 15 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.3a3
Assignee | ||
Updated•15 years ago
|
blocking2.0: ? → final+
You need to log in
before you can comment on or make changes to this bug.
Description
•