GIF images >4095 pixels wide crash Mozilla [@ HaveDecodedRow]

RESOLVED FIXED

Status

()

--
critical
RESOLVED FIXED
17 years ago
17 years ago

People

(Reporter: sdagley, Assigned: bryner)

Tracking

({crash})

Trunk
PowerPC
Mac System 9.x
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(crash signature, URL)

(Reporter)

Description

17 years ago
GIF images >4095 pixels wide crash Mozilla on the Mac (both under Mac OS 9.x and
Mac OS X).  This problem does not occur on the Windows build of Mozilla 0.9.8. 
Here's the stack of the crash under Mac OS X:

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x00000000

Thread 0 Crashed:
 #0   0x039aa858 in HaveDecodedRow(void *, unsigned char *, int, int, int, int,
unsigned char, int)
 #1   0x039aa71c in 0x39aa71c
 #2   0x039aae88 in output_row(gif_struct *)
 #3   0x039ab1cc in do_lzw(gif_struct *, unsigned char const *)
 #4   0x039abd00 in 0x39abd00
 #5   0x039aa130 in nsGIFDecoder2::ProcessData(unsigned char *, unsigned int)
 #6   0x039a9ea4 in ReadDataOut(nsIInputStream *, void *, char const *, unsigned
int, unsigned int, unsigned int *)
 #7   0x005d9044 in nsPipe::nsPipeInputStream::ReadSegments( (
(*)(nsIInputStream *)))
 #8   0x039aa1f8 in nsGIFDecoder2::WriteFrom(nsIInputStream *, unsigned int,
unsigned int *)
 #9   0x03054418 in OnDataAvailable__10imgRequestFP10nsIRequestP11nsISupportsP14ns
 #10  0x03050a74 in OnDataAvailable__13ProxyListenerFP10nsIRequestP11nsISupportsP1
 #11  0x02c84b80 in OnDataAvailable__13ImageListenerFP10nsIRequestP11nsISupportsP1
 #12  0x02ac8de8 in OnDataAvailable__18nsDocumentOpenInfoFP10nsIRequestP11nsISuppo
 #13  0x010397cc in OnDataAvailable__13nsFileChannelFP10nsIRequestP11nsISupportsP1
 #14  0x01048b20 in nsOnDataAvailableEvent::HandleEvent(void)
 #15  0x01057150 in nsARequestObserverEvent::HandlePLEvent(PLEvent *)
 #16  0x005f8a30 in PL_HandleEvent
 #17  0x005f889c in PL_ProcessPendingEvents
 #18  0x0059f17c in nsEventQueueImpl::ProcessPendingEvents(void)
 #19  0x0299c84c in nsMacNSPREventQueueHandler::ProcessPLEventQueue(void)
 #20  0x0299c610 in nsMacNSPREventQueueHandler::RepeatAction(EventRecord const &)
 #21  0x01196b14 in Repeater::DoRepeaters(EventRecord const &)
 #22  0x029afaf8 in nsMacMessagePump::DispatchEvent(int, EventRecord *)
 #23  0x029af6d0 in nsMacMessagePump::DoMessagePump(void)
 #24  0x029af00c in nsAppShell::Run(void)
 #25  0x0296ce4c in nsAppShellService::Run(void)
 #26  0x004cebb4 in main1(int, char **, nsISupports *)
 #27  0x004cf68c in main

Comment 1

17 years ago
dup of bug 83804?
(Reporter)

Comment 2

17 years ago
Not that it isn't related but I don't think it's exactly a dupe since my test of 
the Windows 0.9.8 build did not crash on a 4096x1 pixel GIF image like the Mac 
builds did.

Comment 3

17 years ago
dup of 113406

*** This bug has been marked as a duplicate of 113406 ***
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → DUPLICATE
(Reporter)

Comment 4

17 years ago
Pav, look again - #113406 is a failure to display an image.  This is a crasher.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---

Comment 5

17 years ago
Then this must be a dupe of bug 120781.

*** This bug has been marked as a duplicate of 120781 ***
Status: REOPENED → RESOLVED
Last Resolved: 17 years ago17 years ago
Resolution: --- → DUPLICATE

Comment 6

17 years ago
Reopening. This bug is not a dup of bug 120781. Wide JPEG image do not cause
crashes, but wide GIF images do. The bug cannot therefore lie in the Mac GFX
code, since that has no notion of image formats. The problem here is that the
GIF code does insufficient error checking.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---

Comment 7

17 years ago
*** Bug 152381 has been marked as a duplicate of this bug. ***

Updated

17 years ago
Severity: major → critical
Summary: GIF images >4095 pixels wide crash Mozilla → GIF images >4095 pixels wide crash Mozilla [@ HaveDecodedRow]

Comment 8

17 years ago
Umm, bryner and I fixed this Friday night in the GIF code. Giving to him for
closure as appropriate
Assignee: pavlov → bryner
Status: REOPENED → NEW
*** Bug 154660 has been marked as a duplicate of this bug. ***

Comment 10

17 years ago
*** Bug 154716 has been marked as a duplicate of this bug. ***
(Assignee)

Comment 11

17 years ago
What saari said.
Status: NEW → RESOLVED
Last Resolved: 17 years ago17 years ago
Resolution: --- → FIXED
Crash Signature: [@ HaveDecodedRow]
You need to log in before you can comment on or make changes to this bug.