Closed
Bug 77328
Opened 24 years ago
Closed 24 years ago
Mozilla Trunk crashes on access of the image at http://www.animax.no/pictures/anirmouse/AnirMousePro2.jpg [@ MSVCRT.DLL - nsJPEGDecoder::WriteFrom]
Categories
(Core :: Graphics: ImageLib, defect)
Tracking
()
VERIFIED
FIXED
mozilla0.9.1
People
(Reporter: baldauf--2015--bugzilla.mozilla.org, Assigned: pavlov)
References
()
Details
(Keywords: crash, topcrash, Whiteboard: [imglib])
Crash Data
Attachments
(1 file)
(deleted),
patch
|
Details | Diff | Splinter Review |
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:0.8.1+) Gecko/20010422
BuildID: 2001042208
Mozilla crashes reproducibly on access of the image at
http://www.animax.no/pictures/anirmouse/AnirMousePro2.jpg
Reproducible: Always
Steps to Reproduce:
1. Enter http://www.animax.no/pictures/anirmouse/AnirMousePro2.jpg into the URL bar.
2. Press return
Actual Results: Mozilla crashes (segfault)
Expected Results: Mozilla should not crash
IE 5.5 refused to load the image,
Netscape Navigator 4.77 seems to display the image using one pixel for each RGB
component instead of one pixel for all three RGB components.
Comment 1•24 years ago
|
||
Works for me with 2001-04-23-21 on Linux.
Pavlov checked in three patches yesterday that adresses imglib, and I think
these are likely to have fixed this bug.
Xuan Baldauf, could you try a newer build and try to see if you can verify it?
Also, what error message do you see in the console when mozilla crashes?
Comment 2•24 years ago
|
||
I should have mentioned that even though my build was built before Pavlov's
checkin, it did have these patches applied locally.
Reporter | ||
Comment 3•24 years ago
|
||
I have retried to reproduce this bug with the newest mozilla build 2001042304,
it is still reproducible.
The windows stack trace is (german)
MOZILLA verursachte einen Fehler durch eine ungültige Seite
in Modul MSVCRT.DLL bei 017f:780010d9.
Register:
EAX=00000000 CS=017f EIP=780010d9 EFLGS=00010202
EBX=00000000 SS=0187 ESP=0068f7e0 EBP=0068f810
ECX=000007f4 DS=0187 ESI=027686b0 FS=615f
EDX=00000000 ES=0187 EDI=00000000 GS=d477
Bytes bei CS:EIP:
f3 ab 85 d2 75 06 8b 44 24 08 5f c3 88 07 47 4a
Stapelwerte:
00000000 60471609 00000000 00000000 00001fd0 0004f000 027686b0 0004f000 027686b0
0068f858 60471202 02769cd0 0068f858 604714cb fffffffe 00000000
The talkback ID for this crash is TB29545081G
I do not see any error message on any console under windows, because there is no
mozilla console, how can I enable console debug under windows?
I am seeing this on winMe cvs 2001042310
Neither mine, nor Xuan's build have pavlovs patches yet, so ill check again
after compile. I thought these patches fixed crashes in linux with Gdk though.
Comment 5•24 years ago
|
||
confirming with win2k build 20010424..(CVS debug, 10min old)
Stack Trace:
memset() line 108
nsJPEGDecoder::OutputScanlines(int -2) line 528 + 27 bytes
nsJPEGDecoder::WriteFrom(nsJPEGDecoder * const 0x046331d0, nsIInputStream *
0x03e7d8b8, unsigned int 13140, unsigned int * 0x0012f78c) line 395 + 10 bytes
imgRequest::OnDataAvailable(imgRequest * const 0x0414d618, nsIRequest *
0x04619060, nsISupports * 0x00000000, nsIInputStream * 0x03e7d8b8, unsigned int
0, unsigned int 13140) line 757 + 47 bytes
ProxyListener::OnDataAvailable(ProxyListener * const 0x03f50690, nsIRequest *
0x04619060, nsISupports * 0x00000000, nsIInputStream * 0x03e7d8b8, unsigned int
0, unsigned int 13140) line 374
ImageListener::OnDataAvailable(ImageListener * const 0x04728a68, nsIRequest *
0x04619060, nsISupports * 0x00000000, nsIInputStream * 0x03e7d8b8, unsigned int
0, unsigned int 13140) line 201
nsDocumentOpenInfo::OnDataAvailable(nsDocumentOpenInfo * const 0x040fca68,
nsIRequest * 0x04619060, nsISupports * 0x00000000, nsIInputStream * 0x03e7d8b8,
unsigned int 0, unsigned int 13140) line 259 + 46 bytes
nsHTTPFinalListener::OnDataAvailable(nsHTTPFinalListener * const 0x040fcad0,
nsIRequest * 0x04619060, nsISupports * 0x00000000, nsIInputStream * 0x03e7d8b8,
unsigned int 0, unsigned int 13140) line 1170 + 46 bytes
nsStreamListenerTee::OnDataAvailable(nsStreamListenerTee * const 0x045dcf98,
nsIRequest * 0x04619060, nsISupports * 0x00000000, nsIInputStream * 0x045a4058,
unsigned int 0, unsigned int 13140) line 56 + 51 bytes
nsHTTPServerListener::OnDataAvailable(nsHTTPServerListener * const 0x045b3618,
nsIRequest * 0x04717b88, nsISupports * 0x04619060, nsIInputStream * 0x045a4058,
unsigned int 1460, unsigned int 13140) line 539 + 64 bytes
nsOnDataAvailableEvent::HandleEvent() line 173 + 70 bytes
nsARequestObserverEvent::HandlePLEvent(PLEvent * 0x0424b1c4) line 64
PL_HandleEvent(PLEvent * 0x0424b1c4) line 588 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00e6ea10) line 518 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x0004075a, unsigned int 49369, unsigned int 0,
long 15133200) line 1069 + 9 bytes
USER32! 77e048dc()
USER32! 77e04aa7()
USER32! 77e166fd()
nsAppShellService::Run(nsAppShellService * const 0x00e92528) line 408
main1(int 2, char * * 0x003576c8, nsISupports * 0x00000000) line 1005 + 32 bytes
main(int 2, char * * 0x003576c8) line 1300 + 37 bytes
mainCRTStartup() line 338 + 17 bytes
KERNEL32! 77e892a6()
Color seperated JPEG, 4 channels:
Image: AnirMousePro2.jpg
Format: JPEG (Joint Photographic Experts Group JFIF format)
Type: color separated
Class: DirectClass
Geometry: 2036x3060
Depth: 8
Matte: False
Colors: 179560
Profile-iptc: 472 bytes
Filesize: 1778kb
Interlace: None
Background Color: gray100
Border Color: #dfdfdf00
Matte Color: gray74
Compression: JPEG
Comment: File written by Adobe Photoshop¨ 4.0
Signature: 4335ad3c70e992cb88aeeaf52d215d27
Tainted: False
User Time: 2.5u
Elapsed Time: 0:04
Independent JPEG Group's DJPEG, version 6b 27-Mar-1998
Copyright (C) 1998, Thomas G. Lane
Start of Image
Miscellaneous marker 0xed, length 486
Comment, length 37:
File written by Adobe Photoshop\250 4.0\000
Adobe APP14 marker: version 100, flags 0x0000 0x0000, transform 2
Define Quantization Table 0 precision 0
Define Quantization Table 1 precision 0
Start Of Frame 0xc0: width=2036, height=3060, components=4
Component 1: 1hx1v q=0
Component 2: 1hx1v q=1
Component 3: 1hx1v q=1
Component 4: 1hx1v q=0
Define Restart Interval 255
Define Huffman Table 0x00
Define Huffman Table 0x01
Define Huffman Table 0x10
Define Huffman Table 0x11
Start Of Scan: 4 components
Component 1: dc=0 ac=0
Component 2: dc=1 ac=1
Component 3: dc=1 ac=1
Component 4: dc=0 ac=0
Ss=0, Se=63, Ah=0, Al=0
Move to ImageLib component.
Assignee: mjudge → pavlov
Component: Image Conversion Library → ImageLib
Comment 10•24 years ago
|
||
Adding topcrash keyword and [@ MSVCRT.DLL - nsJPEGDecoder::WriteFrom] to summary
for tracking, this is one of the topcrashers showing up under the MSVCRT.DLL
(MSVCRT.DLL + 0x10d9) stack signature in Talkback data. Here's a stacktrace:
Incident ID 29595923
MSVCRT.DLL + 0x10d9 (0x780010d9)
nsJPEGDecoder::WriteFrom
[d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\jpeg\nsJPEGDecoder.cpp,
line 443]
imgRequest::OnDataAvailable
[d:\builds\seamonkey\mozilla\modules\libpr0n\src\imgRequest.cpp, line 759]
ProxyListener::OnDataAvailable
[d:\builds\seamonkey\mozilla\modules\libpr0n\src\imgLoader.cpp, line 374]
nsFileChannel::OnDataAvailable
[d:\builds\seamonkey\mozilla\netwerk\protocol\file\src\nsFileChannel.cpp, line
503]
nsOnDataAvailableEvent::HandleEvent
[d:\builds\seamonkey\mozilla\netwerk\base\src\nsStreamListenerProxy.cpp,
line 183]
PL_HandleEvent [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c, line 589]
PL_ProcessPendingEvents [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c,
line 522]
_md_EventReceiverProc [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c, line
1070]
KERNEL32.DLL + 0x248f7 (0xbff848f7)
0x00688b5a
0x00058f64
According to today's Talkback topcrash report, the last build I see crashing
with this stack is 2001042509. Can QA see if this is still a problem with the
latest builds?
Keywords: topcrash
Summary: Mozilla crashes on access of the image at http://www.animax.no/pictures/anirmouse/AnirMousePro2.jpg → Mozilla Trunk crashes on access of the image at http://www.animax.no/pictures/anirmouse/AnirMousePro2.jpg [@ MSVCRT.DLL - nsJPEGDecoder::WriteFrom]
Assignee | ||
Updated•24 years ago
|
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla0.9.1
Assignee | ||
Comment 11•24 years ago
|
||
Assignee | ||
Comment 12•24 years ago
|
||
I've filed bug 78860 on the fact that we don't display jpegs unless they have 1
or 3 components.
Comment 13•24 years ago
|
||
sr=tor
Comment 14•24 years ago
|
||
r=hixie
Assignee | ||
Comment 15•24 years ago
|
||
fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 16•24 years ago
|
||
*** Bug 78744 has been marked as a duplicate of this bug. ***
Comment 17•24 years ago
|
||
Can't seem to get to test file so verifying fix checked into lxr.mozilla.org
Status: RESOLVED → VERIFIED
Updated•14 years ago
|
Crash Signature: [@ MSVCRT.DLL - nsJPEGDecoder::WriteFrom]
Updated•14 years ago
|
Crash Signature: [@ MSVCRT.DLL - nsJPEGDecoder::WriteFrom]
You need to log in
before you can comment on or make changes to this bug.
Description
•