Closed Bug 247542 Opened 20 years ago Closed 20 years ago

M17 crash [@ SBCopyDir32To16Clip()][@ SBCopyDir32To16() ] on loading ca.yahoo.finance.com and finance.yahoo.com

Categories

(Core Graveyard :: Image: Painting, defect)

Product:
Core Graveyard
Component:
Image: Painting
Platform:
PowerPC
macOS
Type:
defect
Priority:
Not set
Severity:
blocker

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
mozilla1.7final

People

(Reporter: jcoghill, Assigned: jdunn)

References

(
URL
)

Details

(Keywords: crash, fixed1.7, topcrash)

Crash Data

Attachments

(4 files)

Crash log
20.10 KB, text/plain
Details
testcase
103 bytes, text/html
Details
patch
9.25 KB, patch
Details | Diff | Splinter Review
patch (diff -w)
4.10 KB, patch
mikepinkerton
: review+
sfraser_bugs
: superreview+
mkaply
: approval1.7.5+
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7) Gecko/20040517 Camino/0.8b
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7) Gecko/20040517 Camino/0.8b

Camino, Mozilla and Firefox crash when attempting to load ca.finance.yahoo.com
and finance.yahoo.com.  The first nightly builds that exhibited this problem
were from June 8, 2004.

Reproducible: Always
Steps to Reproduce:
1. load the offending websites
2. refresh a couple of times if it hasn't crashed, should do so then

Actual Results:  
Browser crashes and Talkback is loaded

Expected Results:  
Page should have loaded without crashing the browser

I am using Mac OSX 10.2.8
Attached file Crash log 

    
    

    
  
not a camino-specific bug
Assignee: pinkerton → jdunn
Severity: critical → blocker
Status: UNCONFIRMED → NEW
Component: General → Image: GFX
Ever confirmed: true
Product: Camino → Browser
Target Milestone: --- → mozilla1.7final
Version: unspecified → Trunk

    
    

    
  
this is a topcrash introduced on June 8 by the changes to mac imageLib. it could
be related to the leak crash that was fixed 2 days ago.

Jeremy, can you retest with a build from 6/17 or later?

    
    

    
  
The latest camino nightly 2004061708 still exhibits the behaviour.  I did submit
another Talkback event when it crashed, the ID is TB137797X

    
    

    
  
Can someone pin this down to a specific image on the page? It's likely to be a
GIF with transparency, that's being scaled.

    
    

    
  
Jeremy, just to clarify, you specifically tested the 2004-06-07 Camino 0.8 build
and this crash did not happen, but you did crash using the 0.8 release from the
following day?

Also, is your screen set to thousands or millions of colors?

    
    

    
  
I'm not certain if this is helpful or not, but if you shrink the camino window
so that there is only small area open at the top of the page visible, say an
inch or so, you will be able to successfully load the page.  Then you can try
slowly enlarging the browser window to reveal more and more of the page until it
crashes.  From what I can see, it crashes as you get close to displaying the
bottom of the graph on the left side of the page.  I checked this against
ca.finance.yahoo.com, but not finance.yahoo.com, so am not certain if this same
thing happens on that site.

    
    

    
  
(In reply to comment #6)
> Jeremy, just to clarify, you specifically tested the 2004-06-07 Camino 0.8 build
> and this crash did not happen, but you did crash using the 0.8 release from the
> following day?
> 
> Also, is your screen set to thousands or millions of colors?

Yes, I tested with the 2004-06-07 builds for both Camino and Mozilla, and they
worked fine.  Testing with the builds from 2004-06-08 is when the crashes
started to occur.

I have my screen set to thousands of colours.

    
    

    
  
weird, I changed my display to millions and it no longer crashes using the
2004-06-17 builds.

    
    

    
  
The only image that hits the RectStretch code on that page is the "Yahoo! Chat"
image on the right hand side.

I set my display to Thousands to test, but could not recreate.  However, I am
using OS X 10.3.4, not 10.2.8.

    
    

    
  

      
      
      
      

        Attached file
          
        testcase
      

    


  
Testcase with only bubbles.gif.

Jeremy, could you try this out and see if this crashes under Thousands of
colors.

    
    

    
  
I tried the testcase with thousands of colours selected and does not fail on my
setup, this is with the 2004-06-17 camino build.

    
    

    
  
In the crash log, the function called from nsImageMac::Draw is CopyBits, which
would seem to suggest the call at
http://lxr.mozilla.org/mozilla/source/gfx/src/mac/nsImageMac.cpp#292.  No idea
why that would be crashing, though.

Jeremy, do you have your own debug build of Camino?

    
    

    
  
(In reply to comment #13)
> In the crash log, the function called from nsImageMac::Draw is CopyBits, which
> would seem to suggest the call at
> http://lxr.mozilla.org/mozilla/source/gfx/src/mac/nsImageMac.cpp#292.  No idea
> why that would be crashing, though.
> 
> Jeremy, do you have your own debug build of Camino?

No, I don't have my own debug build, I have just been using the nightly
releases.  I haven't built the code before as I was under the impression that
you needed xcode to build these.  If I'm wrong about that, I'd be willing to try
and get a debug build together, though it may take a bit of hand holding to get
me up to speed on the build process.

    
    

    
  
yes, xcode and 10.3+ are requirements for building (thanks apple).

    
    

    
  
What about for Mozilla or Firefox?  Do you need 10.3+ to build those as well? 
If I can build either of them with the tools I currently have, then perhaps we
can track down where the issue really is as each of those browsers displays the
same behaviour as Camino with this bug.

    
    

    
  
yes, you can build ff/sm on 10.2

    
    

    
  

      
      
      
      

        Attached patch
          
          
        patchSplinter Review
      

    


  
It seems that there is an OS bug if any of the CopyBits functions are called
with srcCopy.  If we pass ditherCopy to CopyDeepMask(), some images can look
bad when running under Thousands of colors (bug 239701).  If we pass srcCopy to
CopyDeepMask() or call CopyMask() (which does srcCopy implicitly), then we
crash.

So, this patch backs out bug 239701 (ugly images under thousands of colors are
better than a crash).  It also moves the call to CopyBits in nsImageMac::Draw
back under the print case, making any draw to screen code go through
nsImageMac::CopyBitsWithMask, where CopyBits is called with ditherCopy.  

I think this should take care of most of the crashers.	As for the badly drawn
images discussed in bug 239701, I don't think there is much that can be done,
other than moving over to using Quartz.

    
    

    
  

      
      
      
      

        Attached patch
          
          
        patch (diff -w)Splinter Review
      

    


  
Same patch, but more legible.

    
    

    
  
*** Bug 247548 has been marked as a duplicate of this bug. ***

    
    

    
  
*** Bug 247561 has been marked as a duplicate of this bug. ***

    
    

    
  
*** Bug 246571 has been marked as a duplicate of this bug. ***

    
    

    
  
*** Bug 246987 has been marked as a duplicate of this bug. ***

    
    

    
  
*** Bug 247211 has been marked as a duplicate of this bug. ***

    
    

    
  
*** Bug 247498 has been marked as a duplicate of this bug. ***

    
    

    
  
For all those now copied on this bug, a workaround is to set your screen depth
to millions of colors.

    
    

    
  
Has anyone tried to see if there could be a workaround using the fact that the
crash depends on the filename? (See Bug 247498)

Different filenames suggests that the bug could be somewhere else, and that this
only is the symptom...

    
    

    
  
the ugly images (amazon.com star ratings, for example) were one of the highest
visible and highest reported glitches in camino's rendering. while i agree bad
images are better than not crashing, can we simply not fix it the right way?

    
    

    
  
I think the right way to fix this is to switch to using Quartz to render images
(bug 245407); I haven't found a way to work around these issues in QuickDraw. 
Unfortunately, I haven't had time to continue work on that patch.  Plus, the
changes are so great that it's not something you would want to pick up for
Camino 0.8.

    
    

    
  
If this crash is in fact fixed in 10.3, it might be worth using gestalt or
appkit checks to give 10.3 users the fix for the ugly images bug.

    
    

    
  
The crash seems to apply to 10.3 as well. I experienced it on HomeDepot.com (one
of the duplicates of this one) running 10.3.4.

    
    

    
  
Comment on attachment 151177 [details] [diff] [review]
patch (diff -w)

r=pink

i wish there was another way, but we need this ASAP for 0.8f

        Attachment #151177 -
        Flags: review+

    
    

    
  
Comment on attachment 151177 [details] [diff] [review]
patch (diff -w)

smfr? thoughts?

        Attachment #151177 -
        Flags: superreview?(sfraser)

        Attachment #151177 -
        Flags: superreview?(sfraser) → superreview+

    
    

    
  
Comment on attachment 151177 [details] [diff] [review]
patch (diff -w)

Seeking approval.  This patch fixes a regression that led to crashes on some
user's machines.

        Attachment #151177 -
        Flags: approval1.7.1?

    
    

    
  
Comment on attachment 151177 [details] [diff] [review]
patch (diff -w)

Seeking approval.  This patch fixes a regression that led to crashes on some
user's machines.

    
    

    
  
Comment on attachment 151177 [details] [diff] [review]
patch (diff -w)

a=mkaply

        Attachment #151177 -
        Flags: approval1.7.1?

        Attachment #151177 -
        Flags: approval1.7.1+

    
    

    
  
Checked in to trunk, 1.7.1, and aviary.

For all those copied on this bug, this fix will make it in to tomorrow's Camino
build. Please download it and test it and report if you still see any crashes.

    
    

    
  
should 239701 be reopened then?

    
    

    
  
Should last nights Camino build, 2004062108 (v0.8b+), have had this patch in it?
 If the patch did make into the latest download, then I am still seeing the
crash when setting the display to thousands of colours (OSX 10.2.8).

    
    

    
  
2004062208 is the first build that would have this as the patch landed in the
afternoon on the 21st.

    
    

    
  
I have just downloaded Camino 2004062108 (v0.8b+) and it seems that the problem
is gone on frenchmozilla.sourceforge.net and http://ca.finance.yahoo.com/ with
thousands of colors.

Thanks for the fix

    
    

    
  
I repeat, 2004062108 does not have this fix. It was landed 5 hours after this
build started.

    
    

    
  
Sorry for comment 41, I read your mail too quickly. Strangely though the camino
build I downloaded does not crash anymore on frenchmozilla.sourceforge.net
though this site crashes (I have just tested it a few minutes ago) with Mozilla
1.7. Something was fixed, no ?


    
    

    
  
Everyone copied, please test with the latest Camino 0.8 or Mozilla nightly.  The
builds that are out today include the patch in this bug.  Please post if you are
still seeing any related crashes.

    
    

    
  
*** Bug 248070 has been marked as a duplicate of this bug. ***

    
    

    
  
Appears to be fixed with 20040622 Camino branch build. With an older build I get
crashes on http://frenchmozilla.sourceforge.net/ (one of the dupes) at Thousands
of colors, but with 6/22 I don't get crashes no matter how many times I
visit/reload/shift-reload (although I do get the old image distortion).

I'll hold off marking FIXED, in case someone else can still see a crash.

    
    

    
  
Is this problem listed in the release notes for 1.7?

It's really bad and lead to a bad impression for me (and probably many others
given the number of duplicates).  It'd be good to list the workaround (switch to
millions of colors) for those who do run into it.

    
    

    
  
it's listed in the camino 0.8 release notes :)

    
    

    
  
*** Bug 248676 has been marked as a duplicate of this bug. ***

    
    

    
  
-> fixed
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED

    
    

    
  
verified per comment #46
Status: RESOLVED → VERIFIED

    
    

    
  
updating with topcrash info for tracking...
Keywords: crash, 
          
            topcrash
Summary: crash on loading ca.yahoo.finance.com and finance.yahoo.com → M17 crash [@ SBCopyDir32To16Clip] on loading ca.yahoo.finance.com and finance.yahoo.com

    
  
Summary: M17 crash [@ SBCopyDir32To16Clip] on loading ca.yahoo.finance.com and finance.yahoo.com → M17 crash [@ SBCopyDir32To16Clip()][@ SBCopyDir32To16()	] on loading ca.yahoo.finance.com and finance.yahoo.com

    
    

    
  
*** Bug 254591 has been marked as a duplicate of this bug. ***

    
  
Keywords: fixed1.7
Blocks: 258023

    
  
Product: Core → Core Graveyard
Crash Signature: [@ SBCopyDir32To16Clip()]
[@ SBCopyDir32To16() ]

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: