enable-optimize=-O2 crash in imgContainer::AppendFrame

VERIFIED FIXED

Status

()

Core
ImageLib
--
critical
VERIFIED FIXED
17 years ago
17 years ago

People

(Reporter: R.K.Aa., Assigned: Stuart Parmenter)

Tracking

({crash})

Trunk
x86
Linux
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(3 attachments)

(Reporter)

Description

17 years ago
my CVS build has been crashing since around the checkin for bug 106212
The crash occures when attempting to load any webpage.
A current clobbered build still crashes.

Building on RH7.1 with all erratas and config. I'm aware that gcc 2.96-85 is
considered rouge, and is unsupported by the project. Thus I'm filing this with
severity trivial. The bug prevents me from using Mozilla, however, so to me it's
a complete blocker.

ac_add_options --disable-accessibility
ac_add_options --disable-bidi
ac_add_options --enable-strip
ac_add_options --disable-ldap
ac_add_options --disable-dtd-debug
ac_add_options --disable-debug
ac_add_options --disable-tests
ac_add_options --disable-logging
ac_add_options --enable-crypto
ac_add_options --enable-optimize=-O2
ac_add_options --disable-jsd
ac_add_options --disable-venkman
mk_add_options --mcpu=i686
mk_add_options --march=i686


Backtrace from non-debug:
#0  0x41025909 in imgContainer::AppendFrame () from libimglib2.so
#1  0x41ff5aac in HaveDecodedRow () from libimggif.so
#2  0x41ff3f2c in output_row () from libimggif.so
#3  0x41ff427e in do_lzw () from libimggif.so
#4  0x41ff46ec in gif_write () from libimggif.so
#5  0x41ff57b6 in nsGIFDecoder2::ProcessData () from libimggif.so
#6  0x41ff5647 in ReadDataOut () from libimggif.so
#7  0x40121d4f in nsPipe::nsPipeInputStream::ReadSegments () at eval.c:41
#8  0x41ff5819 in nsGIFDecoder2::WriteFrom () from libimggif.so
#9  0x4102921b in imgRequest::OnDataAvailable () from libimglib2.so
#10 0x41027ea1 in ProxyListener::OnDataAvailable () from libimglib2.so
#11 0x408306fb in nsJARChannel::OnDataAvailable () from libnecko.so
#12 0x407fafaa in nsOnDataAvailableEvent::HandleEvent () from libnecko.so
#13 0x407ee5c3 in nsARequestObserverEvent::HandlePLEvent () from libnecko.so
#14 0x40137f3b in PL_HandleEvent () at eval.c:41
#15 0x4013834b in PL_ProcessEventsBeforeID () at eval.c:41
#16 0x40c985e3 in processQueue () from libwidget_gtk.so
#17 0x4010896f in nsVoidArray::EnumerateForwards () at eval.c:41
#18 0x40c98620 in nsAppShell::ProcessBeforeID ()  from libwidget_gtk.so
#19 0x40c9eb86 in handle_gdk_event () from libwidget_gtk.so
#20 0x4034816b in gdk_event_dispatch (source_data=0x0, current_time=0xbffff300, 
    user_data=0x0) at gdkevents.c:2139
#21 0x40379055 in g_main_dispatch (dispatch_time=0xbffff300) at gmain.c:656
#22 0x40379659 in g_main_iterate (block=1, dispatch=1) at gmain.c:877
#23 0x403797e8 in g_main_run (loop=0x8169de0) at gmain.c:935
#24 0x4028d65b in gtk_main () at gtkmain.c:524
#25 0x40c98365 in nsAppShell::Run () from libwidget_gtk.so
#26 0x40728492 in nsAppShellService::Run () from libnsappshell.so
#27 0x08050880 in main1 () at eval.c:41
#28 0x0805117d in main () at eval.c:41
#29 0x404c1627 in __libc_start_main (main=0x8051044 <main>, argc=1, 
    ubp_av=0xbffff714, init=0x804b5cc <_init>, fini=0x8051e8c <_fini>, 
    rtld_fini=0x4000dcd4 <_dl_fini>, stack_end=0xbffff70c)
    at ../sysdeps/generic/libc-start.c:129
(Reporter)

Updated

17 years ago
Severity: normal → trivial
Keywords: crash
I'm seeing this with gcc 3.0.1, with -O2, but not in a -g without optimization.
 Putting printfs at various points caused the crash to go away.  I did have a
printf at one point confirm that a getter_AddRefs() passed to an inline function
was ending up with null when it shouldn't have, though.
(Reporter)

Comment 2

17 years ago
Adding to summary + default crash severity.
Gcc 3.0.1 is an official release.
Severity: trivial → critical
Summary: crash in imgContainer::AppendFrame → enable-optimize=-O2 crash in imgContainer::AppendFrame

Comment 3

17 years ago
#0  0x8718e32 in _ZN12imgContainer11AppendFrameEP14gfxIImageFrame ()

-O3 gcc 3.0.1 over here
The problem is the inlining of inlineGetFrameAt.  I'll attach a patch that
un-inlines it.
(Assignee)

Comment 6

17 years ago
Comment on attachment 55292 [details] [diff] [review]
patch

r=pavlov
Attachment #55292 - Flags: review+
Hey pav, shouldn't this method be deCOMtaminated?  Maybe doing so would dodge
the gcc -O2 bug, in addition to making it faster.

/be

Comment 8

17 years ago
Confirm that patch fixes crash problems for me with gcc 2.96-85 on RH 7.0

(thanks rkaa for pointing me to this bug ;)
(Reporter)

Comment 9

17 years ago
Thanks to David Baron for the patch, not least.

Is there any reason why this isn't checked in? It would be a good emergency fix
and I suspect there is an unhappy little crowd of us "hobby builders" out there
right now.

Comment 10

17 years ago
Does gcc 3.0.2 also have the bug ? (I'd check myself, but build times ...)
sr=brendan@mozilla.org on any short-term crash cure, but I think we can do
better, possibly by deCOMifying.

/be

Comment 12

17 years ago
Confirmed compiler bug still present with gcc 3.0.2
Created attachment 55469 [details] [diff] [review]
same patch, but |#ifdef __GNUC__|
Checked in 2001-10-28 13:02 PDT.
Comment on attachment 55469 [details] [diff] [review]
same patch, but |#ifdef __GNUC__|

sr=brendan@mozilla.org with r= carried over from last attachment.

/be
Attachment #55469 - Flags: superreview+
Attachment #55469 - Flags: review+

Comment 16

17 years ago
with gcc 3.0.2, it still crashes with -O3 but works with -O2.  -however-, now
here's something stupid.  add "for(x=0; x<5; x++);" as shown and it will happily
render webpages all day long.  don't ask me why a loop that should get optimized
out fixes it, just bless the chicken i waved around.  (other things fix it too,
printf(""), fflush(stdout), etc, etc).

 {
   *_retval = NS_STATIC_CAST(gfxIImageFrame*, mFrames.ElementAt(index));
+  for(int x=1; x<10; x++);
   if (!*_retval)
      return NS_ERROR_FAILURE;
   return NS_OK;
 }

i would/should take it up with the gcc folk, but i have other work to do which
is getting pressing.

-d
p.s. i hope you enjoy the humor of this

Comment 17

17 years ago
Ulrich Drepper has posted a patch to
http://bugzilla.mozilla.org/show_bug.cgi?id=94375 that fixes the -O3 problem -
does anyone want to check that it doesn't break this one again?

Comment 18

17 years ago
Created attachment 58196 [details] [diff] [review]
patch to fix properly

Patch based off Ulrich Drepper work and is in the form for r/sr.
This patch also removes all the ugly _GNUC_ and CANT_INLINE_GETTER hacks from
the previous patches.
Currently works perfectly with -O3 on gcc-3.0.2 and doesnt regress any part of
this bug.
(Assignee)

Comment 19

17 years ago
Comment on attachment 58196 [details] [diff] [review]
patch to fix properly

r=pavlov
Attachment #58196 - Flags: review+

Updated

17 years ago
Attachment #58196 - Flags: superreview+
(Assignee)

Comment 20

17 years ago
fix checked in.  thanks
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → FIXED

Comment 21

17 years ago
Verified Checked into lxr.mozilla.org
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.