Closed
Bug 118233
Opened 24 years ago
Closed 23 years ago
png decoder module error handling crash
Categories
(Core :: Graphics: ImageLib, defect)
Tracking
()
Future
People
(Reporter: tor, Assigned: pavlov)
References
()
Details
(Keywords: crash, Whiteboard: dup?)
The invalid PNG on this page causes a crash in setjmp from the PNG decoder.
Stack trace from a 1/4 build:
(gdb) where
#0 0x404f1416 in _setjmp () from /lib/i686/libc.so.6
#1 0x42da1464 in ReadDataOut ()
from /home/tor/mopt/dist/bin/components/libimgpng.so
#2 0x4014fc45 in nsInputStreamTee::WriteSegmentFun () at eval.c:41
#3 0x4015244d in nsPipe::nsPipeInputStream::ReadSegments () at eval.c:41
#4 0x4014fedc in nsInputStreamTee::ReadSegments () at eval.c:41
#5 0x42da14db in nsPNGDecoder::WriteFrom ()
from /home/tor/mopt/dist/bin/components/libimgpng.so
#6 0x4105f6cd in imgRequest::OnDataAvailable ()
from /home/tor/mopt/dist/bin/components/libimglib2.so
#7 0x4105e127 in ProxyListener::OnDataAvailable ()
from /home/tor/mopt/dist/bin/components/libimglib2.so
#8 0x407ea452 in nsStreamListenerTee::OnDataAvailable ()
from /home/tor/mopt/dist/bin/components/libnecko.so
#9 0x408206da in nsHttpChannel::OnDataAvailable ()
from /home/tor/mopt/dist/bin/components/libnecko.so
#10 0x407e9a29 in nsOnDataAvailableEvent::HandleEvent ()
from /home/tor/mopt/dist/bin/components/libnecko.so
#11 0x407dcbcf in nsARequestObserverEvent::HandlePLEvent ()
from /home/tor/mopt/dist/bin/components/libnecko.so
#12 0x4016a037 in PL_HandleEvent () at eval.c:41
#13 0x40169f45 in PL_ProcessPendingEvents () at eval.c:41
#14 0x4016b007 in nsEventQueueImpl::ProcessPendingEvents () at eval.c:41
#15 0x40701556 in event_processor_callback ()
from /home/tor/mopt/dist/bin/components/libwidget_gtk.so
#16 0x407012a5 in our_gdk_io_invoke ()
from /home/tor/mopt/dist/bin/components/libwidget_gtk.so
#17 0x4039401e in g_io_unix_dispatch () from /usr/lib/libglib-1.2.so.0
#18 0x403957f3 in g_main_dispatch () from /usr/lib/libglib-1.2.so.0
#19 0x40395dd9 in g_main_iterate () from /usr/lib/libglib-1.2.so.0
#20 0x40395f8c in g_main_run () from /usr/lib/libglib-1.2.so.0
#21 0x402aa803 in gtk_main () from /usr/lib/libgtk-1.2.so.0
#22 0x40701a46 in nsAppShell::Run ()
from /home/tor/mopt/dist/bin/components/libwidget_gtk.so
#23 0x406e23be in nsAppShellService::Run ()
from /home/tor/mopt/dist/bin/components/libnsappshell.so
#24 0x08051d9d in main1 () at eval.c:41
#25 0x0805270b in main () at eval.c:41
#26 0x404e0177 in __libc_start_main (main=0x80525bc <main>, argc=1,
ubp_av=0xbffff894, init=0x804c9b4 <_init>, fini=0x8053cd4 <_fini>,
rtld_fini=0x4000e184 <_dl_fini>, stack_end=0xbffff88c)
at ../sysdeps/generic/libc-start.c:129
|
Assignee | |
Comment 1•24 years ago
|
||
this is a dup of another bug I have ... I think. i'll try and find it
Whiteboard: dup?
|
|
Assignee | |
Updated•23 years ago
|
Target Milestone: --- → Future
|
||
Comment 2•23 years ago
|
||
*** This bug has been marked as a duplicate of 89595 ***
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•