Closed Bug 78166 Opened 24 years ago Closed 24 years ago

Browser crashes loading page

Categories

(Core :: Graphics: ImageLib, defect)

Product:
Core
Component:
Graphics: ImageLib
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla0.9.1

People

(Reporter: phil, Assigned: saari)

References

(
URL
)

Details

(Keywords: crash, Whiteboard: [imglib])

Attachments

(1 file)

Patch to fix this crash
1.13 KB, patch
Details | Diff | Splinter Review
From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:0.8.1+) Gecko/20010429 BuildID: 2001042920 Browser crashes with an invalid page fault in module IMGGIF.DLL at 0177:60471f56 when loading page Reproducible: Always Steps to Reproduce: 1.Browse to http://www.multimap.com 2. 3. Actual Results: MOZILLA caused an invalid page fault in module IMGGIF.DLL at 0177:60471f56. Registers: EAX=00000000 CS=0177 EIP=60471f56 EFLGS=00010202 EBX=00000000 SS=017f ESP=0068f784 EBP=0068f7a8 ECX=00000006 DS=017f ESI=00989d50 FS=32e7 EDX=00000002 ES=017f EDI=00989d5c GS=0000 Bytes at CS:EIP: 8b 08 ff 51 68 ff 75 10 8b 46 08 ff 75 0c 8b 08 Stack dump: 00000000 00000000 012ea045 00989ee0 00000000 00000000 0000000f 0000000f 0098f4c1 00000001 60471857 00989d50 00000001 00000000 00000000 0068f85c
Linux build also crashed. Program received signal SIGSEGV, Segmentation fault. 0x40d82fdf in nsGIFDecoder2::SetObserver () from /home/mozilla/dist/bin/components/libimggif.so (gdb) bt #0 0x40d82fdf in nsGIFDecoder2::SetObserver () from /home/mozilla/dist/bin/components/libimggif.so #1 0x40d821a5 in gif_write () from /home/mozilla/dist/bin/components/libimggif.so #2 0x40d82c22 in nsGIFDecoder2::ProcessData () from /home/mozilla/dist/bin/components/libimggif.so #3 0x40d82bde in nsGIFDecoder2::Write () from /home/mozilla/dist/bin/components/libimggif.so #4 0x400d59e1 in nsInputStreamTee::WriteSegmentFun () from /home/mozilla/dist/bin/libxpcom.so #5 0x400ce35c in nsPipe::nsPipeInputStream::ReadSegments () from /home/mozilla/dist/bin/libxpcom.so #6 0x400d6024 in nsInputStreamTee::ReadSegments () from /home/mozilla/dist/bin/libxpcom.so #7 0x40d82ce3 in nsGIFDecoder2::WriteFrom () from /home/mozilla/dist/bin/components/libimggif.so #8 0x40d5488d in imgRequest::OnDataAvailable () from /home/mozilla/dist/bin/components/libimglib2.so #9 0x40d51767 in ProxyListener::OnDataAvailable () from /home/mozilla/dist/bin/components/libimglib2.so #10 0x4083939d in nsHTTPFinalListener::OnDataAvailable () from /home/mozilla/dist/bin/components/libnecko.so #11 0x408001b9 in nsStreamListenerTee::OnDataAvailable () from /home/mozilla/dist/bin/components/libnecko.so #12 0x4083781d in nsHTTPServerListener::OnDataAvailable () from /home/mozilla/dist/bin/components/libnecko.so #13 0x407e738a in nsOnDataAvailableEvent::HandleEvent () from /home/mozilla/dist/bin/components/libnecko.so #14 0x407e63fe in nsARequestObserverEvent::HandlePLEvent () from /home/mozilla/dist/bin/components/libnecko.so #15 0x400ed042 in PL_HandleEvent () from /home/mozilla/dist/bin/libxpcom.so #16 0x400eced9 in PL_ProcessPendingEvents () from /home/mozilla/dist/bin/libxpcom.so #17 0x400eed78 in nsEventQueueImpl::ProcessPendingEvents () from /home/mozilla/dist/bin/libxpcom.so #18 0x40e9f8ff in nsAppShell::SetDispatchListener () from /home/mozilla/dist/bin/components/libwidget_gtk.so #19 0x40e9f58d in keysym2ucs () from /home/mozilla/dist/bin/components/libwidget_gtk.so #20 0x40690afa in g_io_unix_dispatch (source_data=0x8255a70, current_time=0xbffff78c, user_data=0x82649b0) at giounix.c:135 #21 0x406921b6 in g_main_dispatch (dispatch_time=0xbffff78c) at gmain.c:656 #22 0x40692781 in g_main_iterate (block=1, dispatch=1) at gmain.c:877 #23 0x40692921 in g_main_run (loop=0x8238750) at gmain.c:935 #24 0x405ba7b9 in gtk_main () from /usr/lib/libgtk-1.2.so.0 #25 0x40ea03ae in nsAppShell::Run () from /home/mozilla/dist/bin/components/libwidget_gtk.so #26 0x41c88308 in nsAppShellService::Run () from /home/mozilla/dist/bin/components/libnsappshell.so #27 0x805116e in StringAllocator_char () #28 0x8051de9 in StringAllocator_char () #29 0x4027b9cb in __libc_start_main ( main=0x8051c70 <StringAllocator_char(void)+23352>, argc=1, argv=0xbffff9a4, init=0x804b958 <_init>, fini=0x8057164 <_fini>, rtld_fini=0x4000ae60 <_dl_fini>, stack_end=0xbffff99c) at ../sysdeps/generic/libc-start.c:92
Status: UNCONFIRMED → NEW
Ever confirmed: true
*** Bug 78167 has been marked as a duplicate of this bug. ***
The following JavaScript causes a crash. function logrt (){ loaddate=new Date(); loadimg =new Image(); loadimg.src='http://www.multimap.com/map/uk.cgi?counter=1&referer='+document.referrer; } I got a same crash on loading <http://www.multimap.com/map/uk.cgi?counter=1>.
OS: Windows 98 → All
I don't have any problems in GNU/Linux i386 (RedHat-6.1), Mozilla build 2001032614. The page is loaded without fuss.
crashed with win2k build 20010429.. (CVS debug) win32 Stack : EndImageFrame(void * 0x03ba93b0, unsigned int 1, unsigned int 0, unsigned int 0) line 303 + 21 bytes gif_write(gif_struct * 0x0392c388, const unsigned char * 0x03c80c85, unsigned int 61) line 1476 + 42 bytes nsGIFDecoder2::ProcessData(nsGIFDecoder2 * const 0x03ba93b0, unsigned char * 0x03c80c85, unsigned int 61) line 161 + 20 bytes ReadDataOut(nsIInputStream * 0x0393fe88, void * 0x03ba93b0, const char * 0x03c80c85, unsigned int 0, unsigned int 61, unsigned int * 0x0012f5c4) line 148 + 17 bytes nsInputStreamTee::WriteSegmentFun(nsIInputStream * 0x0393fe88, void * 0x03ba9368, const char * 0x03c80c85, unsigned int 0, unsigned int 61, unsigned int * 0x0012f5c4) line 81 + 33 bytes nsPipe::nsPipeInputStream::ReadSegments(nsPipe::nsPipeInputStream * const 0x0393fe88, unsigned int (nsIInputStream *, void *, const char *, unsigned int, unsigned int, unsigned int *)* 0x1004d950 nsInputStreamTee::WriteSegmentFun(nsIInputStream *, void *, const char *, unsigned int, unsigned int, unsigned int *), void * 0x03ba9368, unsigned int 61, unsigned int * 0x0012f7d8) line 4 nsInputStreamTee::ReadSegments(nsInputStreamTee * const 0x03ba9368, unsigned int (nsIInputStream *, void *, const char *, unsigned int, unsigned int, unsigned int *)* 0x03431bc0 ReadDataOut(nsIInputStream *, void *, const char *, unsigned int, unsigned int, unsigned int *), void * 0x03ba93b0, unsigned int 61, unsigned int * 0x0012f7d8) line 138 nsGIFDecoder2::WriteFrom(nsGIFDecoder2 * const 0x03ba93b0, nsIInputStream * 0x03ba9368, unsigned int 61, unsigned int * 0x0012f7d8) line 190 imgRequest::OnDataAvailable(imgRequest * const 0x0474feb0, nsIRequest * 0x0474fcf0, nsISupports * 0x00000000, nsIInputStream * 0x03ba9368, unsigned int 0, unsigned int 61) line 757 + 47 bytes ProxyListener::OnDataAvailable(ProxyListener * const 0x046d27a0, nsIRequest * 0x0474fcf0, nsISupports * 0x00000000, nsIInputStream * 0x03ba9368, unsigned int 0, unsigned int 61) line 374 nsHTTPFinalListener::OnDataAvailable(nsHTTPFinalListener * const 0x0474fa40, nsIRequest * 0x0474fcf0, nsISupports * 0x00000000, nsIInputStream * 0x03ba9368, unsigned int 0, unsigned int 61) line 1173 + 46 bytes nsStreamListenerTee::OnDataAvailable(nsStreamListenerTee * const 0x03b4b5e8, nsIRequest * 0x0474fcf0, nsISupports * 0x00000000, nsIInputStream * 0x0393fe88, unsigned int 0, unsigned int 61) line 56 + 51 bytes nsHTTPServerListener::OnDataAvailable(nsHTTPServerListener * const 0x03ba5ce8, nsIRequest * 0x03c97718, nsISupports * 0x0474fcf0, nsIInputStream * 0x0393fe88, unsigned int 133, unsigned int 61) line 542 + 64 bytes nsOnDataAvailableEvent::HandleEvent() line 173 + 70 bytes nsARequestObserverEvent::HandlePLEvent(PLEvent * 0x046c76a4) line 64 PL_HandleEvent(PLEvent * 0x046c76a4) line 588 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x00e70de0) line 518 + 9 bytes _md_EventReceiverProc(HWND__ * 0x00050164, unsigned int 49389, unsigned int 0, long 15142368) line 1069 + 9 bytes USER32! 77e048dc() USER32! 77e04aa7() USER32! 77e166fd() nsAppShellService::Run(nsAppShellService * const 0x00e35c78) line 408 main1(int 2, char * * 0x003576c8, nsISupports * 0x00000000) line 1005 + 32 bytes main(int 2, char * * 0x003576c8) line 1306 + 37 bytes mainCRTStartup() line 338 + 17 bytes KERNEL32! 77e892a6()
Keywords: crash
changing status to imglib
Whiteboard: [imglib]
GIF crasher
Assignee: pavlov → saari
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla0.9.1
r=, sr= needed
Fixed
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Verified fixed mac build 2001052405 Verified fixed w98 build 2001052404 Verified fixed linux build 2001052310
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: