Closed Bug 1351201 Opened 3 years ago Closed 3 years ago

Assertion failure "mOutputSize->width <= aWidth && mOutputSize->height <= aHeight (Output size will result in upscaling)" in [@ mozilla::image::Decoder::PostSize]

Categories

(Core :: ImageLib, defect, P3)

defect

Tracking

()

RESOLVED DUPLICATE of bug 1315554
Tracking Status
firefox55 --- affected

People

(Reporter: tsmith, Unassigned)

References

(Blocks 1 open bug, )

Details

(Keywords: assertion, testcase, Whiteboard: [gfx-noted])

Attachments

(3 files)

Attached file log.txt
Assertion failure: mOutputSize->width <= aWidth && mOutputSize->height <= aHeight (Output size will result in upscaling), at /home/worker/workspace/build/src/image/Decoder.cpp:414

Found with mozilla-central asan debug buildID=20170327212148

    #0 0x7fa7c49b29e7 in mozilla::image::Decoder::PostSize(int, int, mozilla::image::Orientation) /home/worker/workspace/build/src/image/Decoder.cpp:413:3
    #1 0x7fa7c4a7a330 in mozilla::image::nsPNGDecoder::info_callback(png_struct_def*, png_info_def*) /home/worker/workspace/build/src/image/decoders/nsPNGDecoder.cpp:571:12
    #2 0x7fa7c8c00fe8 in MOZ_PNG_push_read_chunk /home/worker/workspace/build/src/media/libpng/pngpread.c:351:7
    #3 0x7fa7c8c001c1 in MOZ_PNG_process_data /home/worker/workspace/build/src/media/libpng/pngpread.c:46:7
    #4 0x7fa7c4a7be51 in mozilla::image::nsPNGDecoder::ReadPNGData(char const*, unsigned long) /home/worker/workspace/build/src/image/decoders/nsPNGDecoder.cpp:402:3
    #5 0x7fa7c4abccad in mozilla::image::nsPNGDecoder::DoDecode(mozilla::image::SourceBufferIterator&, mozilla::image::IResumable*)::$_8::operator()(mozilla::image::nsPNGDecoder::State, char const*, unsigned long) const /home/worker/workspace/build/src/image/decoders/nsPNGDecoder.cpp:372:16
    #6 0x7fa7c4abcfb2 in mozilla::Maybe<mozilla::Variant<mozilla::image::TerminalState, mozilla::image::Yield> > mozilla::image::StreamingLexer<mozilla::image::nsPNGDecoder::State, 16ul>::ContinueUnbufferedRead<mozilla::image::nsPNGDecoder::DoDecode(mozilla::image::SourceBufferIterator&, mozilla::image::IResumable*)::$_8>(char const*, unsigned long, unsigned long, mozilla::image::nsPNGDecoder::DoDecode(mozilla::image::SourceBufferIterator&, mozilla::image::IResumable*)::$_8) /home/worker/workspace/build/src/image/StreamingLexer.h:541:7
    #7 0x7fa7c4abc54b in mozilla::Maybe<mozilla::Variant<mozilla::image::TerminalState, mozilla::image::Yield> > mozilla::image::StreamingLexer<mozilla::image::nsPNGDecoder::State, 16ul>::UnbufferedRead<mozilla::image::nsPNGDecoder::DoDecode(mozilla::image::SourceBufferIterator&, mozilla::image::IResumable*)::$_8>(mozilla::image::SourceBufferIterator&, mozilla::image::nsPNGDecoder::DoDecode(mozilla::image::SourceBufferIterator&, mozilla::image::IResumable*)::$_8) /home/worker/workspace/build/src/image/StreamingLexer.h:485:12
    #8 0x7fa7c4a7ba34 in mozilla::Variant<mozilla::image::TerminalState, mozilla::image::Yield> mozilla::image::StreamingLexer<mozilla::image::nsPNGDecoder::State, 16ul>::Lex<mozilla::image::nsPNGDecoder::DoDecode(mozilla::image::SourceBufferIterator&, mozilla::image::IResumable*)::$_8>(mozilla::image::SourceBufferIterator&, mozilla::image::IResumable*, mozilla::image::nsPNGDecoder::DoDecode(mozilla::image::SourceBufferIterator&, mozilla::image::IResumable*)::$_8) /home/worker/workspace/build/src/image/StreamingLexer.h:453:20
    #9 0x7fa7c4a7b6ca in mozilla::image::nsPNGDecoder::DoDecode(mozilla::image::SourceBufferIterator&, mozilla::image::IResumable*) /home/worker/workspace/build/src/image/decoders/nsPNGDecoder.cpp:368:17
    #10 0x7fa7c49a2d2c in mozilla::image::Decoder::Decode(mozilla::image::IResumable*) /home/worker/workspace/build/src/image/Decoder.cpp:130:20
    #11 0x7fa7c4a6e551 in mozilla::image::nsICODecoder::WriteToContainedDecoder(char const*, unsigned int) /home/worker/workspace/build/src/image/decoders/nsICODecoder.cpp:664:43
    #12 0x7fa7c4a6e8de in mozilla::image::nsICODecoder::ReadPNG(char const*, unsigned int) /home/worker/workspace/build/src/image/decoders/nsICODecoder.cpp:353:8
    #13 0x7fa7c4ab159b in mozilla::image::nsICODecoder::DoDecode(mozilla::image::SourceBufferIterator&, mozilla::image::IResumable*)::$_4::operator()(mozilla::image::ICOState, char const*, unsigned long) const /home/worker/workspace/build/src/image/decoders/nsICODecoder.cpp:627:16
...
see log.txt
Attached file test_case.html
Attached image test_data.ico
Flags: in-testsuite?
Flags: needinfo?(aosmond)
It appears the entry size is 0x0, which our ICO decoder assumes is 256x256, but in reality the size of the resource itself is 64x64.

Bug 1315554 fixes this because when we get an unspecified entry size in the ICO (0x0), we do a metadata decode on the resource data to get the real size. It was intended for resources larger than 256x256 but it works for any size :).
Depends on: 1315554
Flags: needinfo?(aosmond)
also affects realworld websites like http://www.colwagen.co - bughunter detected this during topsite tests and reproduced on windows 7
also still happening in pages like http://www.photogeek.ru on load
And my site: http://sat-boy.com
Priority: -- → P3
Whiteboard: [gfx-noted]
I confirm this has been fixed with bug 1315554 having landed. The latest nightly contains it. If you find this is not the case for you, please re-open.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1315554
You need to log in before you can comment on or make changes to this bug.