Closed
Bug 820
Opened 26 years ago
Closed 26 years ago
Mozilla crashing bug in jpeg handling dll
Categories
(MozillaClassic Graveyard :: JPEG Image Handling, defect, P2)
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: ngrennan, Assigned: tgl)
Details
Builds 1998-09-12, 1998-09-13, and 1998-09-14 will crash if you go to one of the
urls below. The crash infomation was this:
MOZILLA caused an invalid page fault in
module JPEG3250.DLL at 015f:009ee701.
Registers:
EAX=00e70c50 CS=015f EIP=009ee701 EFLGS=00210282
EBX=00e6fc8c SS=0167 ESP=00c4f338 EBP=00c4f3bc
ECX=00e6fc0c DS=0167 ESI=00e70c48 FS=19bf
EDX=00e74ff8 ES=0167 EDI=00e74fb8 GS=0000
Bytes at CS:EIP:
0f 7f 6a 08 0f 7f f3 0f 60 f6 0f 60 f9 0f 60 f1
Stack dump:
00000000 81664020 00b40000 00cb7d54 00e6ea58 00000001 00800080 00800080 00000000
00000000 00e6ea10 00e6e9d0 00e6ea50 00cb7124 00000000 00000000
and
MOZILLA caused an invalid page fault in
module MSVCRTD.DLL at 015f:102117d5.
Registers:
EAX=00e6eb60 CS=015f EIP=102117d5 EFLGS=00010206
EBX=81672d74 SS=0167 ESP=0213fb90 EBP=0213fba4
ECX=55ffff21 DS=0167 ESI=5f400000 FS=4e1f
EDX=55ffff21 ES=0167 EDI=00000000 GS=0000
Bytes at CS:EIP:
8b 42 14 25 ff ff 00 00 85 c0 7c 66 8b 4d f8 8b
Stack dump:
00000000 5f400000 81672d74 55ffff21 00000005 0213fbf0 10211dc2 0213fbbc 00000000
5f400000 81672d74 00e6eb60 00000000 00000000 00000000 00000000
http://developer.netscape.com/images/pixel3.jpg is a 1x1x24bit jpg. Which is in
the page for reasons I can only guess. Netscape Communicator 4.5p2 has no
problem with it.
http://developer.netscape.com/images/pixel3.jpg
http://developer.netscape.com/source/intel.html
Summary: Mozilla crashing hug in jpeg handling dll → Mozilla crashing bug in jpeg handling dll
I believe this is a bug in the Intel MMX JPEG code --- they have a problem
with writing past the end of the scanline buffers when the image width is
not a multiple of 8. Will install Intel's update when I get time.
In the meantime, anyone who really needs to get some work done on an MMX
machine may want to disable the test for MMX hardware near the top of
jpeg/jdapimin.c.
If anyone is seeing this on a machine that does *not* have MMX hardware,
please let me know!
Updated•26 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
Updated•26 years ago
|
Status: RESOLVED → VERIFIED
Comment 2•26 years ago
|
||
The new codebase does not have a problem with it. Marking resolved fix.
Strictly speaking, this bug is not "fixed". It has been patched around
until there is time to implement a proper fix. (The patch consists of
not invoking the MMX code on images narrower than 8 pixels ... ewwww.)
Unfortunately Bugzilla doesn't seem to have a status code for "temporary
patch in place"... should we reopen it or leave it as "fixed" when it
isn't really?
You need to log in
before you can comment on or make changes to this bug.
Description
•