Closed
Bug 83804
Opened 23 years ago
Closed 22 years ago
N621, M098 & Trunk crashes [@ HaveDecodedRow]
Categories
(Core :: Graphics: ImageLib, defect, P1)
Tracking
()
VERIFIED
FIXED
mozilla1.0
People
(Reporter: dbaron, Assigned: nivedita)
References
Details
(Keywords: crash, testcase, topcrash+, Whiteboard: hitchhiker,[needs r=/sr=])
Crash Data
Attachments
(10 files, 3 obsolete files)
7.94 KB,
patch
|
Details | Diff | Splinter Review | |
8.11 KB,
patch
|
Details | Diff | Splinter Review | |
1.20 KB,
patch
|
Details | Diff | Splinter Review | |
9.60 KB,
text/plain
|
Details | |
101 bytes,
text/plain
|
Details | |
1.16 KB,
text/plain
|
Details | |
18.85 KB,
text/plain
|
Details | |
722 bytes,
patch
|
pavlov
:
review+
|
Details | Diff | Splinter Review |
37 bytes,
image/gif
|
Details | |
5.78 KB,
patch
|
pavlov
:
review+
tor
:
superreview+
dbaron
:
approval+
|
Details | Diff | Splinter Review |
Talkback is reporting 2 different crashes in HaveDecodedRow (at a number of different line numbers). (These are showing up both before and after tor's changes... I'll give a stack with line numbers for after.) (was line 470) HaveDecodedRow [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\nsGIFDecoder2.cpp line 505] output_row [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\GIF2.cpp line 211] do_lzw [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\GIF2.cpp line 400] gif_write [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\GIF2.cpp line 825] (was line 382) HaveDecodedRow [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\nsGIFDecoder2.cpp line 413] output_row [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\GIF2.cpp line 211] do_lzw [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\GIF2.cpp line 400] gif_write [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\GIF2.cpp line 825]
Reporter | ||
Comment 1•23 years ago
|
||
For more information see http://ftp.mozilla.org/pub/data/crash-data/detailed-crash-analysis-all.html#HaveDecodedRow The URLs mentioned include: http://www.dmusic.com/ http://www.linuxtoday.com/ bugscape http://www.usatoday.com/ http://www.possenet.org/ http://www.forest.impress.co.jp/ http://www.operaghost.com/ http://www.lemo.com/ http://www.novell.com/
Keywords: crash
The problems is that GIF2.cpp allocates gs->rgbrow (line 1264) as 3*width, while nsGIFDecoder2 assumes that the length is nsImageFrame->GetImageBytesPerRows() (line 505). The latter can be bigger because nsImageFrame tries to word align rows.
Comment 6•23 years ago
|
||
r=pavlov
Comment 7•23 years ago
|
||
+ if (decoder->mRGBLine) + nsMemory::Free(decoder->mRGBLine); + decoder->mRGBLine = (PRUint8 *)nsMemory::Alloc(bpr); + Are you freeing someone else's memory there? That seems like an odd pattern there. Also, is it possible to just re-use the memory if it's the same size or larger instead of reallocating? Other than that, sr=blizzard
Comment 9•23 years ago
|
||
a=blizzard for 0.9.1 and the trunk for drivers
Comment 10•23 years ago
|
||
Checked into trunk and 0.9.1 branch.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Comment 11•23 years ago
|
||
I'm using the 0.9.1 2001060614 build on Win 2000 and I just got this crash going to a bugscape page. According to talkback reports there have been 5 crashes (3 trunk and 2 branch) since 6/5 builds which is after this bug was marked fixed. So, I'm going to reopen this. If someone thinks I'm seeing a different bug let me know and I'll file a new one. My incident id is (31425983) for those with access and the stack is: HaveDecodedRow [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\nsGIFDecoder2.cpp, line 508] output_row [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\GIF2.cpp, line 210] do_lzw [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\GIF2.cpp, line 399] gif_write [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\GIF2.cpp, line 823] nsGIFDecoder2::ProcessData [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\nsGIFDecoder2.cpp, line 208] ReadDataOut [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\nsGIFDecoder2.cpp, line 156] nsPipe::nsPipeInputStream::ReadSegments [d:\builds\seamonkey\mozilla\xpcom\io\nsPipe2.cpp, line 412]
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Comment 12•23 years ago
|
||
Too little data, especially since the win32 talkback linenumbers aren't accurate. Is there talkback data from a linux or macos crash? Crasher URLs?
Comment 13•23 years ago
|
||
All of the crashes that occurred after your fix was checked in are on Win32. Here are the sites mentioned: 2 of them occurred at http://bugscape.com (which are inside the Netscape firewall so that won't help you out). and www.elkhart.net/websites.html http://www.plenum.com/
Comment 14•23 years ago
|
||
From today's talkback report (31422028) URL: www.elkhart.net/websites.html (31406922) URL: http://bugscape.com/ (31406922) Comments: filing bugs... (31382620) URL: http://www.plenum.com/ (31382620) Comments: Mozilla crashed while downloading graphics (31373609) Comments: - www.iltalehti.fi -> crash (31257752) URL: www.netscape.com (31257752) Comments: Opening the Netscape home page. (31246127) URL: www.askmen.com (31174628) URL: http://linuxtoday.com (31174628) Comments: Scrolling through a webpage (31157659) Comments: no clue where/why it crashed... (31146747) Comments: crash loading a page (31092607) URL: www.usatoday.com (31092607) Comments: Clicked on the tech link
Comment 15•23 years ago
|
||
Comments from M091 builds (31425983) Comments: Went to a bugscape query list (31361691) Comments: Crashed after I entered a Bugscape bug (31233390) Comments: browsing borland community
Comment 16•23 years ago
|
||
Platforms? Build #s? Stacks?
Comment 17•23 years ago
|
||
Also you can check http://ftp.mozilla.org/pub/data/crash-data/detailed-crash-analysis-all.html#Have DecodedRow HaveDecodedRow 24 First BBID : http://climate/reports/stackcommentemail.cfm?dynamicBBID=31092607 Last BBID : http://climate/reports/stackcommentemail.cfm?dynamicBBID=31422028 Min Runtime :187 Max Runtime :534174 Min seconds since last crash :8 Max seconds since last crash :441539 First Appearance Date : 2001-05-30 Last Appearance Date : 2001-06-06 First Build ID : 2001052909 Latest Build ID : 2001060606 Stack Trace: HaveDecodedRow [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\nsGIFDecoder2.cpp line 508] output_row [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\GIF2.cpp line 210] do_lzw [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\GIF2.cpp line 399] gif_write [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\GIF2.cpp line 823] nsGIFDecoder2::ProcessData [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\nsGIFDecoder2.cpp line 208] ReadDataOut [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\nsGIFDecoder2.cpp line 156] nsInputStreamTee::WriteSegmentFun [d:\builds\seamonkey\mozilla\xpcom\io\nsInputStreamTee.cpp line 82] nsInputStreamTee::ReadSegments [d:\builds\seamonkey\mozilla\xpcom\io\nsInputStreamTee.cpp line 138] nsGIFDecoder2::WriteFrom [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\nsGIFDecoder2.cpp line 229] imgRequest::OnDataAvailable [d:\builds\seamonkey\mozilla\modules\libpr0n\src\imgRequest.cpp line 741] ProxyListener::OnDataAvailable [d:\builds\seamonkey\mozilla\modules\libpr0n\src\imgLoader.cpp line 387] nsStreamListenerTee::OnDataAvailable [d:\builds\seamonkey\mozilla\netwerk\base\src\nsStreamListenerTee.cpp line 57] nsHttpChannel::OnDataAvailable [d:\builds\seamonkey\mozilla\netwerk\protocol\http\src\nsHttpChannel.cpp line 2102] nsOnDataAvailableEvent::HandleEvent [d:\builds\seamonkey\mozilla\netwerk\base\src\nsStreamListenerProxy.cpp line 185] PL_HandleEvent [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c line 591] PL_ProcessPendingEvents [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c line 524] _md_EventReceiverProc [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c line 1072] nsAppShellService::Run [d:\builds\seamonkey\mozilla\xpfe\appshell\src\nsAppShellService.cpp line 418] netscp6.exe + 0x16b5 (0x004016b5) netscp6.exe + 0x11b8 (0x004011b8) netscp6.exe + 0x2ecd (0x00402ecd) KERNEL32.DLL + 0x17d08 (0x77e97d08) HaveDecodedRow 28ce7292 http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/modules/libpr0n/decoders/gif /nsGIFDecoder2.cpp line 508 Build: 2001060606 CrashDate: 2001-06-06 UptimeMinutes: 109 Total: 122 OS: Windows NT 5.0 build 2195 Detailed : http://climate/reports/incidenttemplate.cfm?bbid=31422028 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=31422028 (31422028) URL: www.elkhart.net/websites.html HaveDecodedRow 6974c0fc http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/modules/libpr0n/decoders/gif /nsGIFDecoder2.cpp line 470 Build: 2001053023 CrashDate: 2001-06-06 UptimeMinutes: 4 Total: 437 OS: Windows NT 5.0 build 2195 Detailed : http://climate/reports/incidenttemplate.cfm?bbid=31409453 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=31409453 HaveDecodedRow 2d25614d http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/modules/libpr0n/decoders/gif /nsGIFDecoder2.cpp line 508 Build: 2001060506 CrashDate: 2001-06-06 UptimeMinutes: 27 Total: 143 OS: Windows NT 5.0 build 2195 Detailed : http://climate/reports/incidenttemplate.cfm?bbid=31406922 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=31406922 (31406922) URL: http://bugscape.com/ (31406922) Comments: filing bugs... HaveDecodedRow f1a78db1 http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/modules/libpr0n/decoders/gif /nsGIFDecoder2.cpp line 508 Build: 2001060506 CrashDate: 2001-06-06 UptimeMinutes: 66 Total: 66 OS: Windows NT 5.0 build 2195 Detailed : http://climate/reports/incidenttemplate.cfm?bbid=31382620 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=31382620 (31382620) URL: http://www.plenum.com/ (31382620) Comments: Mozilla crashed while downloading graphics HaveDecodedRow 715f7b31 http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/modules/libpr0n/decoders/gif /nsGIFDecoder2.cpp line 470 Build: 2001052909 CrashDate: 2001-06-05 UptimeMinutes: 7358 Total: 8902 OS: Windows NT 5.0 build 2195 Detailed : http://climate/reports/incidenttemplate.cfm?bbid=31373609 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=31373609 (31373609) Comments: - www.iltalehti.fi -> crash HaveDecodedRow 2d25614d http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/modules/libpr0n/decoders/gif /nsGIFDecoder2.cpp line 505 Build: 2001060122 CrashDate: 2001-06-05 UptimeMinutes: 99 Total: 99 OS: Windows NT 5.0 build 2195 Detailed : http://climate/reports/incidenttemplate.cfm?bbid=31348294 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=31348294 HaveDecodedRow c53ea1ed http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/modules/libpr0n/decoders/gif /nsGIFDecoder2.cpp line 382 Build: 2001053106 CrashDate: 2001-06-04 UptimeMinutes: 6 Total: 6 OS: Windows NT 5.0 build 2195 Detailed : http://climate/reports/incidenttemplate.cfm?bbid=31304418 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=31304418 HaveDecodedRow 693fc419 http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/modules/libpr0n/decoders/gif /nsGIFDecoder2.cpp line 505 Build: 2001060106 CrashDate: 2001-06-04 UptimeMinutes: 785 Total: 785 OS: Windows NT 5.0 build 2195 Detailed : http://climate/reports/incidenttemplate.cfm?bbid=31298908 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=31298908 HaveDecodedRow 693fc419 http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/modules/libpr0n/decoders/gif /nsGIFDecoder2.cpp line 505 Build: 2001060222 CrashDate: 2001-06-04 UptimeMinutes: 399 Total: 399 OS: Windows NT 5.0 build 2195 Detailed : http://climate/reports/incidenttemplate.cfm?bbid=31294885 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=31294885 HaveDecodedRow 04bd77f4 http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/modules/libpr0n/decoders/gif /nsGIFDecoder2.cpp line 470 Build: 2001053023 CrashDate: 2001-06-04 UptimeMinutes: 189 Total: 235 OS: Windows 98 4.90 build 73010104 Detailed : http://climate/reports/incidenttemplate.cfm?bbid=31294744 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=31294744 HaveDecodedRow 760e5353 http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/modules/libpr0n/decoders/gif /nsGIFDecoder2.cpp line 470 Build: 2001053106 CrashDate: 2001-06-03 UptimeMinutes: 42 Total: 1053 OS: Windows 98 4.10 build 67766446 Detailed : http://climate/reports/incidenttemplate.cfm?bbid=31257752 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=31257752 (31257752) URL: www.netscape.com (31257752) Comments: Opening the Netscape home page. HaveDecodedRow 2d25614d http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/modules/libpr0n/decoders/gif /nsGIFDecoder2.cpp line 505 Build: 2001060109 CrashDate: 2001-06-02 UptimeMinutes: 335 Total: 335 OS: Windows NT 5.0 build 2195 Detailed : http://climate/reports/incidenttemplate.cfm?bbid=31246127 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=31246127 (31246127) URL: www.askmen.com HaveDecodedRow ed4c2391 http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/modules/libpr0n/decoders/gif /nsGIFDecoder2.cpp line 505 Build: 2001060109 CrashDate: 2001-06-02 UptimeMinutes: 157 Total: 157 OS: Windows NT 5.0 build 2195 Detailed : http://climate/reports/incidenttemplate.cfm?bbid=31234312 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=31234312 HaveDecodedRow 2d25614d http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/modules/libpr0n/decoders/gif /nsGIFDecoder2.cpp line 505 Build: 2001060122 CrashDate: 2001-06-02 UptimeMinutes: 113 Total: 113 OS: Windows 98 4.10 build 67766222 Detailed : http://climate/reports/incidenttemplate.cfm?bbid=31225233 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=31225233 HaveDecodedRow e3604fff http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/modules/libpr0n/decoders/gif /nsGIFDecoder2.cpp line 413 Build: 2001060109 CrashDate: 2001-06-01 UptimeMinutes: 3 Total: 3 OS: Windows 95 4.0 build 67306684 Detailed : http://climate/reports/incidenttemplate.cfm?bbid=31215925 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=31215925 HaveDecodedRow 8a923d83 http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/modules/libpr0n/decoders/gif /nsGIFDecoder2.cpp line 470 Build: 2001052909 CrashDate: 2001-06-01 UptimeMinutes: 932 Total: 932 OS: Windows NT 5.0 build 2195 Detailed : http://climate/reports/incidenttemplate.cfm?bbid=31205085 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=31205085 HaveDecodedRow 6db4d511 http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/modules/libpr0n/decoders/gif /nsGIFDecoder2.cpp line 470 Build: 2001053106 CrashDate: 2001-06-01 UptimeMinutes: 548 Total: 548 OS: Windows NT 5.0 build 2195 Detailed : http://climate/reports/incidenttemplate.cfm?bbid=31204963 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=31204963 HaveDecodedRow 2d25614d http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/modules/libpr0n/decoders/gif /nsGIFDecoder2.cpp line 505 Build: 2001060109 CrashDate: 2001-06-01 UptimeMinutes: 41 Total: 41 OS: Windows 98 4.90 build 73010104 Detailed : http://climate/reports/incidenttemplate.cfm?bbid=31198359 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=31198359 HaveDecodedRow 12544336 http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/modules/libpr0n/decoders/gif /nsGIFDecoder2.cpp line 470 Build: 2001053023 CrashDate: 2001-05-31 UptimeMinutes: 7 Total: 455 OS: Windows NT 4.0 build 1381 Detailed : http://climate/reports/incidenttemplate.cfm?bbid=31174628 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=31174628 (31174628) URL: http://linuxtoday.com (31174628) Comments: Scrolling through a webpage HaveDecodedRow 760e5353 http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/modules/libpr0n/decoders/gif /nsGIFDecoder2.cpp line 470 Build: 2001053106 CrashDate: 2001-05-31 UptimeMinutes: 8 Total: 8 OS: Windows 98 4.10 build 67766446 Detailed : http://climate/reports/incidenttemplate.cfm?bbid=31163362 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=31163362 HaveDecodedRow 2d25614d http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/modules/libpr0n/decoders/gif /nsGIFDecoder2.cpp line 505 Build: 2001053109 CrashDate: 2001-05-31 UptimeMinutes: 20 Total: 20 OS: Windows NT 4.0 build 1381 Detailed : http://climate/reports/incidenttemplate.cfm?bbid=31157659 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=31157659 (31157659) Comments: no clue where/why it crashed... HaveDecodedRow efbb1629 http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/modules/libpr0n/decoders/gif /nsGIFDecoder2.cpp line 470 Build: 2001053023 CrashDate: 2001-05-31 UptimeMinutes: 19 Total: 19 OS: Windows NT 5.0 build 2195 Detailed : http://climate/reports/incidenttemplate.cfm?bbid=31146747 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=31146747 (31146747) Comments: crash loading a page HaveDecodedRow 6974c0fc http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/modules/libpr0n/decoders/gif /nsGIFDecoder2.cpp line 382 Build: 2001053006 CrashDate: 2001-05-30 UptimeMinutes: 0 Total: 407 OS: Windows 98 4.90 build 73010104 Detailed : http://climate/reports/incidenttemplate.cfm?bbid=31114327 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=31114327 HaveDecodedRow 6974c0fc http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/modules/libpr0n/decoders/gif /nsGIFDecoder2.cpp line 470 Build: 2001052922 CrashDate: 2001-05-30 UptimeMinutes: 3 Total: 3 OS: Windows NT 4.0 build 1381 Detailed : http://climate/reports/incidenttemplate.cfm?bbid=31092607 StackTrace: http://climate/reports/stackcommentemail.cfm?dynamicBBID=31092607 (31092607) URL: www.usatoday.com (31092607) Comments: Clicked on the tech link
Comment 18•23 years ago
|
||
Ok, think I've found the problem. Some invalid gifs have the transparency bit set, but the transparent index is larger than the colormap. In the case of http://www.elkhart.net/go.gif the colormap is 32 entries but the transparent index is 255. The following patch adds bullet proofing.
Comment 19•23 years ago
|
||
Comment 20•23 years ago
|
||
r=pavlov
Comment 21•23 years ago
|
||
For what it's worth, r=jesup (though I'd prefer to have less lines of indentation change than actual change)
Comment 22•23 years ago
|
||
In Windows NT 4.0, following URL did not crash for me. http://www.elkhart.net/go.gif
Comment 23•23 years ago
|
||
Should there be a respin, we would consider taking this. Please be ready, just in case :-) Thanks!
Whiteboard: hitchhiker
Target Milestone: --- → mozilla0.9.1
Comment 24•23 years ago
|
||
I've looked at the code and I'm pretty sure that's it isn't supposed to be a <= instead of a < but you might want to check to make sure. Assuming that's the case sr=blizzard.
Comment 25•23 years ago
|
||
a= asa@mozilla.org for checkin to the trunk. (on behalf of drivers)
Comment 26•23 years ago
|
||
Checked into trunk.
Status: REOPENED → RESOLVED
Closed: 23 years ago → 23 years ago
Resolution: --- → FIXED
Comment 27•23 years ago
|
||
From the talkback data this particular bug (~ line 508) appears fixed on the trunk. Resolving.
Comment 28•23 years ago
|
||
Verified, no crash on any of the links listed here w2k build 2001080904
Status: RESOLVED → VERIFIED
Comment 29•23 years ago
|
||
Comment 30•23 years ago
|
||
Reopening this bug since Netscape 6.10 RTM Talkback data is showing this as a topcrasher. The line numbers have changed on the stack, but otherwise the latest stack traces are the same as the one originally reported. Here's the latest data: HaveDecodedRow 318 83804 VERI FIXE tor@acm.org mozilla0.9.1 First BBID :33861002 Last BBID :34030690 Min Runtime :2 Max Runtime :519853 First Appearance Date : 2001-08-08 Last Appearance Date : 2001-08-13 First BuildID : 2001072623 Last BuildID : 2001072700 Stack Trace: HaveDecodedRow [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\nsGIFDecoder2.cpp line 416] output_row [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\GIF2.cpp line 210] do_lzw [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\GIF2.cpp line 399] gif_write [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\GIF2.cpp line 826] nsGIFDecoder2::ProcessData [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\nsGIFDecoder2.cpp line 208] ReadDataOut [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\nsGIFDecoder2.cpp line 156] nsInputStreamTee::WriteSegmentFun [d:\builds\seamonkey\mozilla\xpcom\io\nsInputStreamTee.cpp line 82] nsInputStreamTee::ReadSegments [d:\builds\seamonkey\mozilla\xpcom\io\nsInputStreamTee.cpp line 138] nsGIFDecoder2::WriteFrom [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\nsGIFDecoder2.cpp line 229] imgRequest::OnDataAvailable [d:\builds\seamonkey\mozilla\modules\libpr0n\src\imgRequest.cpp line 741] ProxyListener::OnDataAvailable [d:\builds\seamonkey\mozilla\modules\libpr0n\src\imgLoader.cpp line 387] nsStreamListenerTee::OnDataAvailable [d:\builds\seamonkey\mozilla\netwerk\base\src\nsStreamListenerTee.cpp line 57] nsHttpChannel::OnDataAvailable [d:\builds\seamonkey\mozilla\netwerk\protocol\http\src\nsHttpChannel.cpp line 2150] nsOnDataAvailableEvent::HandleEvent [d:\builds\seamonkey\mozilla\netwerk\base\src\nsStreamListenerProxy.cpp line 188] PL_HandleEvent [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c line 591] PL_ProcessPendingEvents [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c line 524] nsEventQueueImpl::ProcessPendingEvents [d:\builds\seamonkey\mozilla\xpcom\threads\nsEventQueue.cpp line 375] Source File : http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/modules/libpr0n/decoders/gif/nsGIFDecoder2.cpp line : 416 I have attached all the user comments and urls submitted.
Status: VERIFIED → REOPENED
Resolution: FIXED → ---
Summary: crashes [@ HaveDecodedRow] → N610 crashes [@ HaveDecodedRow]
Comment 31•23 years ago
|
||
This also is a topcrasher for M093 (MozillaTrunk Win32 build 2001080112 and Linux build 2001080104). Recent MozillaTrunk builds are crashing too, here is the most recent incident: Incident ID 34994341 Stack Signature HaveDecodedRow() 37884bdc Bug ID Trigger Time 2001-09-05 15:23:31 Email Address User Comments Build ID 2001090508 Product ID MozillaTrunk Platform ID LinuxIntel Trigger Reason SIGSEGV: Segmentation Fault: (signal 11) Stack Trace HaveDecodedRow() output_row() do_lzw() gif_write() nsGIFDecoder2::ProcessData() ReadDataOut() ReadSegments() nsGIFDecoder2::WriteFrom() imgRequest::OnDataAvailable() ProxyListener::OnDataAvailable() nsJARChannel::OnDataAvailable() nsOnDataAvailableEvent::HandleEvent() nsARequestObserverEvent::HandlePLEvent() PL_HandleEvent() PL_ProcessPendingEvents() nsEventQueueImpl::ProcessPendingEvents() NS_ShutdownXPCOM() main() libc.so.6 + 0x18736 (0x2aede736) and a recent Win32 crash with line numbers: Incident ID 34652988 Stack Signature HaveDecodedRow 2d25614d Bug ID Trigger Time 2001-08-28 18:45:24 Email Address ssaux@netscape.com User Comments Build ID 2001082809 Product ID MozillaTrunk Platform ID Win32 Trigger Reason Access violation Stack Trace HaveDecodedRow [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\nsGIFDecoder2.cpp, line 416] output_row [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\GIF2.cpp, line 210] do_lzw [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\GIF2.cpp, line 399] gif_write [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\GIF2.cpp, line 826] nsGIFDecoder2::ProcessData [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\nsGIFDecoder2.cpp, line 208] ReadDataOut [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\nsGIFDecoder2.cpp, line 156] nsPipe::nsPipeInputStream::ReadSegments [d:\builds\seamonkey\mozilla\xpcom\io\nsPipe2.cpp, line 412]
Summary: N610 crashes [@ HaveDecodedRow] → N610, M093 & Trunk crashes [@ HaveDecodedRow]
Reporter | ||
Comment 32•23 years ago
|
||
From the disassembly and registers in the talkback (#34652988) it's pretty clear that the crash is on line 412 (the Windows talkback C++ next-line bias), where decoder->mImageFrame is null, and we attempt to call decoder->mImageFrame->Init(). The disassembly is the following. Talkback only shows *starting* with the line that we crashed on, so the crash is on the first of the following lines, with ECX null (comments are mine): 604e15a0 8b11 mov edx,[ecx] ; load vtable ptr. 604e15a2 ffb0ac000000 push dword ptr [eax+0xac] ; width 604e15a8 ffb0a4000000 push dword ptr [eax+0xa4] ; y_offset 604e15ae ffb0a0000000 push dword ptr [eax+0xa0] ; x_offset 604e15b4 51 push ecx ; this 604e15b5 ff520c call dword ptr [edx+0xc] ; call Init 604e15b8 8b4608 mov eax,[esi+0x8] 604e15bb ff37 push dword ptr [edi] 604e15bd 8b08 mov ecx,[eax] Is it possible for this CreateInstance to fail? It looks like a standard generic factory constructor.
Comment 34•23 years ago
|
||
6 of todays 10 crash reports for this bug are at this offset: HaveDecodedRow 2d25614d The comments associated with those crashes are: (35485141) Comments: after having viewed an HTML page containing CSS I have Clicked File -> Exit. Mozilla seems to have frozen a couple of minutes then has generated an error log. (35412010) Comments: switch to modern theme.
Comment 35•23 years ago
|
||
updating summary. Could someone review the target milestone?
Summary: N610, M093 & Trunk crashes [@ HaveDecodedRow] → N610, M094 & Trunk crashes [@ HaveDecodedRow]
Comment 36•23 years ago
|
||
any 0.9.4 data on this one?
Comment 37•23 years ago
|
||
A quick scan of the M094 data shows 22 incidents, only these with comments: (36020424) - Windows 95 4.0 build 67109975 Comment: I was closing Mozilla Windows quickly in sucession as the pop'ed up continously (36061236) - Windows 98 4.10 build 67766446 Comment: Closing the browser. (36103703) - Windows NT 4.0 build 1381 Comment: Exiting Mozilla. URL: http://www.station.sony.com/ (36031057) - Linux 2.2.14 Comment: I went directly to this page through a bookmark. Then I clicked on the `close window' link at the bottom. There was only one window open and it closed quitting Mozilla and prompting the feedback agent. URL: http://www.anandtech.com/printarticle.html?i=1535 (36066237) - Linux 2.4.5 Comment: Closin down site that opened several javascript windows with the javascript console open
Comment 38•23 years ago
|
||
Today's M094 data shows this happening on Linux also. 3 Windows NT 5.0 build 2195 3 Windows 98 4.10 build 67766446 3 Windows 98 4.10 build 67766222 2 Windows NT 4.0 build 1381 1 Windows NT 5.1 build 2600 1 Windows 98 4.90 build 73010104 1 Windows 95 4.0 build 67109975 1 Linux 2.4.8-24mdk 1 Linux 2.4.8 1 Linux 2.4.5 1 Linux 2.4.2-2 1 Linux 2.4.10-xfs 1 Linux 2.4.10 1 Linux 2.2.16-22 1 Linux 2.2.1 Updating platform. Win98 -> All
OS: Windows 98 → All
Comment 39•23 years ago
|
||
From dbaron's comment on 2001-09-05, this appears to a pr0n/gfx2 container problem. Reassigning to pavlov.
Comment 40•23 years ago
|
||
The last crash in the talkback database for this stack sig was in build 2001101705 on N6.20. Other crashes on the Mozilla Branch and trunk are from even earlier builds. This has not shown up at all so far in M095.
Updated•23 years ago
|
Target Milestone: mozilla0.9.1 → ---
Comment 41•23 years ago
|
||
Topcrash in N620 Count Offset Real Signature [ 198 HaveDecodedRow db38fc36 - HaveDecodedRow ] Crash date range: 2001-11-05 to 2001-11-13 Min/Max Seconds since last crash: 23 - 109248 Min/Max Runtime: 23 - 152191 Keyword List : load(5), log(6), mail(5), netscape(10), shut(6), sign(5), browser(7), Count Platform List 81 Windows 98 4.10 build 67766446 57 Windows 98 4.90 build 73010104 32 Windows 98 4.10 build 67766222 23 Windows NT 5.0 build 2195 5 Windows 95 4.0 build 67306684 1 Windows 95 4.0 build 67109814 Count Build Id List 199 2001102218 No of Unique Users 197 Stack trace(Frame) HaveDecodedRow [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\nsGIFDecoder2.cpp line 416] output_row [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\GIF2.cpp line 210] do_lzw [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\GIF2.cpp line 399] gif_write [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\GIF2.cpp line 826] nsGIFDecoder2::ProcessData [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\nsGIFDecoder2.cpp line 208] ReadDataOut [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\nsGIFDecoder2.cpp line 156] nsInputStreamTee::WriteSegmentFun [d:\builds\seamonkey\mozilla\xpcom\io\nsInputStreamTee.cpp line 82] nsInputStreamTee::ReadSegments [d:\builds\seamonkey\mozilla\xpcom\io\nsInputStreamTee.cpp line 138] nsGIFDecoder2::WriteFrom [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\nsGIFDecoder2.cpp line 229] imgRequest::OnDataAvailable [d:\builds\seamonkey\mozilla\modules\libpr0n\src\imgRequest.cpp line 795] ProxyListener::OnDataAvailable [d:\builds\seamonkey\mozilla\modules\libpr0n\src\imgLoader.cpp line 466] nsStreamListenerTee::OnDataAvailable [d:\builds\seamonkey\mozilla\netwerk\base\src\nsStreamListenerTee.cpp line 57] nsHttpChannel::OnDataAvailable [d:\builds\seamonkey\mozilla\netwerk\protocol\http\src\nsHttpChannel.cpp line 2226] nsOnDataAvailableEvent::HandleEvent [d:\builds\seamonkey\mozilla\netwerk\base\src\nsStreamListenerProxy.cpp line 188] PL_HandleEvent [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c line 591] PL_ProcessPendingEvents [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c line 524] nsEventQueueImpl::ProcessPendingEvents [d:\builds\seamonkey\mozilla\xpcom\threads\nsEventQueue.cpp line 375] COMMENTS/URLs: (37984704) URL: www.neopets.com (37982610) Comments: WHY do I always have trouble with netscape???????? (37981031) Comments: I am not able to open the taskbar and get to Email.I also need to reset the time I want to stay connected to my Internet. (37978915) Comments: going back to look a nother page (37970886) Comments: Iwas shuttingdown the browzer to see if could activate from my start buttons at bottom of the screen when I got the illegal operation screen. Also the 6.2 down load should have way of linking with the old browzers. Ie 4.7 so as to make the operation (37970886) Comments: transparent. (37968796) Comments: i was logging off (37962779) URL: netscape.com (37962779) Comments: exiting Netscape (37946895) Comments: signing on - this happened 2 X (37942208) URL: www.roxio.de (37942208) Comments: I load down www.roxio.de. It did'nt install.Rudi Witzke (37929187) URL: www.llbean.com (37929187) Comments: checking order (37927757) Comments: i don't know....this always happens (37924317) Comments: logging off (37919166) Comments: i was closing a with the X a light encrypted page from www.kpn.nl (37914088) Comments: Loading Java 1.3.1 (37913189) Comments: ...while browsing (37905330) Comments: signing off (37897930) Comments: shutting down 6.2 (37895875) URL: www.cnn.com (37895875) Comments: trying to leave cnn.com and move to www.drudgereport.com (37888277) Comments: doing a log-in to Netscape (37886634) Comments: shuting dowm my e-mail (37881572) Comments: I just opened it! (37877910) Comments: closing window (37858758) Comments: Only came up with stack dump after I closed the website. I was personalizing the site to fit my needs. (37853054) Comments: Closing the browser (37851517) Comments: signing off the net (37850781) Comments: closing it out. My O.S. here is Windows 2000. (37839139) Comments: logging off internet (37837648) Comments: trying to sign on. (37837028) Comments: I am trying to get into my Email at yahoo and your stupid product freezes out my keyboard. I wish I had never installed it. I give up on Netscape. I will just use explorer. (37836071) Comments: signing off netscape 6.2 (37830824) Comments: shutting down messenger. (37828055) Comments: navigating (37827470) Comments: shuting down browser (37825674) Comments: failed during startup (37820259) Comments: closing the browser (37815992) Comments: I used the - x - in top right corner to close netscape and it did close properly...(visually anyway)?? (37811874) Comments: nothing just connecting to internet & fault message came on (37787863) Comments: loading 6.2 (37786639) Comments: reading my email (37773722) Comments: Exiting Netscape (37765708) Comments: loggin off (37763930) Comments: I was just clicking the browser off when it happened (37712340) Comments: the program error thing popped up and said netscp6.exe. has generated errors and will be closed by windows...you will need to restart the program....an error log is being created (37710649) Comments: shutting netscape down. (37696407) URL: www.surnet.cl (37677600) Comments: closing the program (37672884) Comments: just exiting netscape (37666634) Comments: Closing browser with "X" button. (37637023) Comments: closing out from my mail and a new download from netscape (37610498) Comments: browsing go.com (37592996) Comments: was closing browser... (37589284) URL: www.worldnet.att.net (37589284) Comments: I closed the browser after having opened it to that URL. Upon closing the window it crashed.
Summary: N610, M094 & Trunk crashes [@ HaveDecodedRow] → N620, M094 & Trunk crashes [@ HaveDecodedRow]
Updated•23 years ago
|
Whiteboard: hitchhiker → hitchhiker [tucson]
Comment 42•23 years ago
|
||
Comment 43•23 years ago
|
||
Updated Bug Notes From Tucson Beta
Comment 44•23 years ago
|
||
here is another thats probably related http://www.harry.wp.pl/ the crashing pic is http://www.harry.wp.pl/i/p.gif which is a 37b file with what looks like a GIF89a header
Comment 45•23 years ago
|
||
*** Bug 121320 has been marked as a duplicate of this bug. ***
Comment 46•23 years ago
|
||
*** Bug 122164 has been marked as a duplicate of this bug. ***
Comment 47•23 years ago
|
||
Attached N621 talkback data...which contains A LOT user comments and urls to help with testing.
Comment 48•23 years ago
|
||
Updating summary with N621 (this is a topcrasher with Netscape 6.21) and M097 (this crash is still around with Mozilla 0.9.7). Any progress on this? It looks like we have a reproducible testcase but there isn't a target milestone yet!?
Summary: N620, M094 & Trunk crashes [@ HaveDecodedRow] → N621, M097 & Trunk crashes [@ HaveDecodedRow]
Updated•23 years ago
|
Target Milestone: --- → Future
Comment 49•23 years ago
|
||
Are you sure we should be futuring this? According to Talkback, it's showing up a bunch in Netscape 6.2 and Mozilla 0.9.8 builds. In addition, it's still showing up in the trunk as late as the 2/6 build. This is definitely a top crash. Adding nsbeta1 for reconsideration. If there's some info we don't have about why this should be futured, please update the bug.
Keywords: nsbeta1
Comment 50•23 years ago
|
||
This patch adds a check to prevent the crash, but I am not sure why at the first place the global_colormap is 0x0.
Comment 51•23 years ago
|
||
*** Bug 124719 has been marked as a duplicate of this bug. ***
Comment 52•23 years ago
|
||
Giving to nivedita
Assignee: pavlov → nivedita
Target Milestone: Future → ---
Comment 54•23 years ago
|
||
Comment on attachment 68743 [details] [diff] [review] Patch for crash on http://www.harry.wp.pl/ r=pavlov
Attachment #68743 -
Flags: review+
Comment 55•23 years ago
|
||
can someone please sr= this?
Comment 56•23 years ago
|
||
Adding testcase since we have a repro testcase...and a patch! It's been a week and Pav still hasn't gotten his sr= ! Are we going to get this into M099? We still don't have the priority or milestone set...perhaps that's why this has been overlooked?
Updated•23 years ago
|
Comment 57•23 years ago
|
||
If that was causing a crash, wouldn't the loop just after that also have problems with the NULL cmap?
Comment 58•23 years ago
|
||
It does not crash because *rowBufIndex == decoder->mGIFStruct->tpixel, both are 0 in case of the crash gif. But it will be a good idea to have a check here too. But can someone who knows the gif portion of the code tell us why cmap is 0x0 for a transparent gif.
Comment 59•22 years ago
|
||
This bug has a patch (with a review) that has been sitting around since 2/9. The bug is targeted for M099. This needs to happen quickly. Updating the summary and status. Currently crashing: N621 (HaveDecodedRow): 802 M097 (HaveDecodedRow): 2 M098 (HaveDecodedRow): 10 Trunk (HaveDecodedRow): 2
Comment 60•22 years ago
|
||
Setting priority to P1 to get some traction on this. It's targeted for M099, has a patch ready and is a nsbeta1+ and topcrash+...if this doesn't get into M099 we're gonna have to move up the target milestone to 1.0.
Priority: -- → P1
Comment 61•22 years ago
|
||
giving to nivedita for investigation. can you please find out why cmap is null in the transparent gif?
Assignee: pavlov → nivedita
Status: ASSIGNED → NEW
Updated•22 years ago
|
Attachment #68743 -
Flags: needs-work+
Comment 62•22 years ago
|
||
Yeah, http://www.harry.wp.pl/i/p.gif definitely crashes for me: Incident ID 3966484 Stack Signature HaveDecodedRow 902cc80c Trigger Time 2002-03-12 16:14:09 Email Address jpatel@netscape.com URL visited mail/news Build ID 2002030710 Product ID MozillaTrunk Platform Operating System Win32 Module Trigger Reason Access violation User Comments reproducing bug 83804 Stack Trace HaveDecodedRow [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\nsGIFDecoder2.cpp, line 516] output_row [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\GIF2.cpp, line 234] do_lzw [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\GIF2.cpp, line 363] gif_write [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\GIF2.cpp, line 1126] nsGIFDecoder2::ProcessData [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\nsGIFDecoder2.cpp, line 251] ReadDataOut [d:\builds\seamonkey\mozilla\modules\libpr0n\decoders\gif\nsGIFDecoder2.cpp, line 196] nsInputStreamTee::WriteSegmentFun [d:\builds\seamonkey\mozilla\xpcom\io\nsInputStreamTee.cpp, line 97] And I also crashed running a fresh build under purify...not sure how helpful this is, but here's a section from the log: [E] NPR: NULL pointer read in nsCOMPtr_base::~nsCOMPtr_base(void) {1 occurrence} Reading 1 byte from 0x00000000 (1 byte at 0x00000000 illegal) Address 0x00000000 points into invalid memory Thread ID: 0x36c Error location nsCOMPtr_base::~nsCOMPtr_base(void) [imggif.dll] nsCOMPtr_base::~nsCOMPtr_base(void) [imggif.dll] nsCOMPtr_base::~nsCOMPtr_base(void) [imggif.dll] nsCOMPtr_base::~nsCOMPtr_base(void) [imggif.dll] nsCOMPtr_base::~nsCOMPtr_base(void) [imggif.dll] nsCOMPtr_base::~nsCOMPtr_base(void) [imggif.dll] NS_NewTypicalIOFileStream [xpcom.dll] TestSegmentedBuffer(void) [xpcom.dll] NS_NewTypicalIOFileStream [xpcom.dll] nsCOMPtr_base::~nsCOMPtr_base(void) [imggif.dll]
Assignee | ||
Comment 63•22 years ago
|
||
I peeked into headers of this image and found that the Global Color Table Flag is zero, that would mean this image would not provide Global Color Table and that the interpretation of Background Color Index would be meaning less. In the code we check if the globalcolorflag is 1 then set the state as gif_global_colormap and get data, which is fine I think. I think we should check for decoder->mGIFStruct->global_colormap or cmap being null in all the places it is referenced in nsGIFDecoder2.cpp that would avoid crash for all the cases when the globalcolortable flag is 0 . pavlov, please convey your thoughts on above.
Comment 64•22 years ago
|
||
nivedita: go ahead and create for the scenario you have just described and let us test it out. If it fixes the crash we can incorporate it into 1.0.
Target Milestone: mozilla0.9.9 → mozilla1.0
Comment 65•22 years ago
|
||
yes, this sounds fine.
Assignee | ||
Comment 66•22 years ago
|
||
Added a check for globalcolortable being null in nsGIFDecoder.
Assignee | ||
Updated•22 years ago
|
Whiteboard: hitchhiker [tucson], seeking sr=/a= → hitchhiker [tucson], seeking sr=/a=[needs r=/sr=]
Assignee | ||
Comment 67•22 years ago
|
||
The test case gif which was causing the crash.
Comment 68•22 years ago
|
||
Nivedita: Is it worth moving the cmap test outside of the for loop ? @@ -517,7 +522,7 @@ memset(decoder->mAlphaLine, 0, abpr); PRUint32 iwidth = (PRUint32)width; for (PRUint32 x=0; x<iwidth; x++) { - if (*rowBufIndex != decoder->mGIFStruct->tpixel) { + if (*rowBufIndex != decoder->mGIFStruct->tpixel && cmap) { #if defined(XP_PC) || defined(XP_BEOS) || defined(MOZ_WIDGET_PHOTON) *rgbRowIndex++ = cmap[PRUint8(*rowBufIndex)].blue; *rgbRowIndex++ = cmap[PRUint8(*rowBufIndex)].green;
Assignee | ||
Comment 69•22 years ago
|
||
patch file for avoiding the crash if the global color table flag is 0
Attachment #74053 -
Attachment is obsolete: true
Comment 70•22 years ago
|
||
One thought - should we be filling in the non-cmap areas? Otherwise we'll just see whatever garbage was in memory. In the _A1 case the rows should be marked transparent (likely the intended effect of that small gif).
Assignee | ||
Comment 71•22 years ago
|
||
Incorporated comments given by Tor. Tor, In the _A1 case, setting the TransparentColor to default if cmap is null. we are already filling decoder->mRGBLine and decoder->mAlphaLine to 0. If this was what you intended in your first comment. If I am mistaken in understanding your first comment, can you please clarify it further.
Attachment #74070 -
Attachment is obsolete: true
Comment 72•22 years ago
|
||
Looks good. The one thing I'd suggest is zeroing out the rgb line in the RGB and BGR cases if there isn't a cmap. Ie.: if (cmap) { ... } else { memset(decoder->mRGBLine, 0, bpr); }
Assignee | ||
Comment 73•22 years ago
|
||
Incorporated comments given by Tor. setting decoder->mRGBLine to zero for RGB and BGR cases if cmap is null.
Attachment #74496 -
Attachment is obsolete: true
Comment 74•22 years ago
|
||
Comment on attachment 74513 [details] [diff] [review] Incorporated the comments given by Tor sr=tor
Attachment #74513 -
Flags: superreview+
Updated•22 years ago
|
Whiteboard: hitchhiker [tucson], seeking sr=/a=[needs r=/sr=] → hitchhiker,[needs r=/sr=]
Comment 75•22 years ago
|
||
Comment on attachment 74513 [details] [diff] [review] Incorporated the comments given by Tor r=pavlov
Attachment #74513 -
Flags: review+
Reporter | ||
Comment 76•22 years ago
|
||
Comment on attachment 74513 [details] [diff] [review] Incorporated the comments given by Tor a=dbaron for trunk checkin
Attachment #74513 -
Flags: approval+
Assignee | ||
Comment 77•22 years ago
|
||
fixed with check in D:\mozilla_trunk\mozilla\modules\libpr0n\decoders\gif>cvs commit nsGIFDecoder2.c pp Checking in nsGIFDecoder2.cpp; /cvsroot/mozilla/modules/libpr0n/decoders/gif/nsGIFDecoder2.cpp,v <-- nsGIFDec oder2.cpp new revision: 1.34; previous revision: 1.33 done
Status: NEW → RESOLVED
Closed: 23 years ago → 22 years ago
Resolution: --- → FIXED
Comment 79•15 years ago
|
||
Crashtest added as part of http://hg.mozilla.org/mozilla-central/rev/5a6def05ccbc
Flags: in-testsuite+
Updated•13 years ago
|
Crash Signature: [@ HaveDecodedRow]
You need to log in
before you can comment on or make changes to this bug.
Description
•