Closed Bug 137694 Opened 22 years ago Closed 22 years ago

CreateOffscreenPixmap() crash embedded application.

Categories

(Core Graveyard :: Image: Painting, defect)

Sun
Solaris
defect
Not set
blocker

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: galfandary, Assigned: tor)

References

Details

(Keywords: crash, embed, topembed-)

Attachments

(2 files)

Trying to render the above attachment crashes
our application ( also happens with TestGtkEmbed).

The following code change solves this problem:
nsImageGTK.cpp
=============
1519  if (!s1bitGC && mAlphaPixmap)
1520    s1bitGC = gdk_gc_new(mAlphaPixmap);
1521
1522  if (!sXbitGC && mImagePixmap)
1523    sXbitGC = gdk_gc_new(mImagePixmap);
Keywords: crash
Maybe tor can have a look at the fix.
Debug stack trace?
#0  gdk_gc_new_with_values (window=0x0, values=0x0, values_mask=0) at 
gdkgc.c:54 
#1  0xef3ca524 in gdk_gc_new (window=0x0) at gdkgc.c:36 
#2  0xee06d5fc in nsImageGTK::CreateOffscreenPixmap () 
#3  0xee061948 in nsImageGTK::UpdateCachedImage () 
#4  0xee063cdc in nsImageGTK::Optimize () 
#5  0xee092060 in gfxImageFrame::SetMutable () 
#6  0xed459c88 in imgContainer::DecodingComplete () 
#7  0xeddc3734 in nsGIFDecoder2::WriteFrom () 
#8  0xeddc2bd0 in gif_write () 
#9  0xeddc355c in nsGIFDecoder2::ProcessData () 
#10 0xeddc3394 in nsGIFDecoder2::Flush () 
#11 0xef698e18 in nsInputStreamTee::WriteSegmentFun () 
#12 0xef69c22c in nsPipe::nsPipeInputStream::ReadSegments () 
#13 0xef6991c8 in nsInputStreamTee::ReadSegments () 
#14 0xeddc35f8 in nsGIFDecoder2::WriteFrom () 
#15 0xed45eca4 in imgRequest::OnDataAvailable () 
#16 0xed45c8cc in ProxyListener::OnDataAvailable () 
#17 0xec9fc3e8 in nsStreamListenerTee::OnDataAvailable () 
#18 0xeca346bc in nsHttpChannel::OnDataAvailable () 
#19 0xec9fb6fc in nsOnDataAvailableEvent::HandleEvent () 
#20 0xec9ea004 in nsARequestObserverEvent::HandlePLEvent () 
#21 0xef6b5a34 in PL_HandleEvent () 
#22 0xef6b5964 in PL_ProcessPendingEvents () 
#23 0xef6b69fc in nsEventQueueImpl::ProcessPendingEvents () 
#24 0xebfef588 in nsAppShell::SetDispatchListener () 
#25 0xebfef23c in keysym2ucs () 
#26 0xef35ee84 in g_io_unix_dispatch (source_data=0x311698, 
current_time=0xefffd2c0, user_data=0x29648) at giounix.c:135 
#27 0xef3608a8 in g_main_dispatch (dispatch_time=0xefffd2c0) at gmain.c:656 
#28 0xef3610cc in g_main_iterate (block=-281545940, dispatch=1) at gmain.c:877 
#29 0xef361284 in g_main_run (loop=0x28d110) at gmain.c:935 
#30 0xef4926f8 in gtk_main () at gtkmain.c:524 
#31 0x124d4 in main (argc=1, argv=0xefffd49c) at TestGtkEmbed.cpp:208
I don't get a crash, but I do get lots of warnings:

Gdk-CRITICAL **: file gdkgc.c: line 51 (gdk_gc_new_with_values): assertion
`window != NULL' failed.
Status: UNCONFIRMED → NEW
Ever confirmed: true
-> tor
Assignee: pavlov → tor
Moving bugs to new Image: GFX component
Component: ImageLib → Image: GFX
can anyone repro this on mac or win?
Keywords: topembed+embed, topembed-
You might not get the crash - it depends on weather your GTK library
will emit an assertion failed printout and bail out, or will actually
try to do the NULL access resulting with the crash.

It's a very simple bug to reproduce and fix on whatever platform.
Please do the following:

1. Open TestGtkEmbed in the debugger (no matter what platform)
2. Put a breakpoint in nsImageGTK::CreateOffscreenPixmap
3. Run TestGtkEmbed. Make sure the first page it renders is the one supplied
   in the attachment.
4. Now in the debugger advance over the statements until you'll get to Line#1519.
5. You should see that gdk_gc_new() is called with NULL.
Comment on attachment 81922 [details] [diff] [review]
only create the 1-bit GC once we've created a 1-bit pixmap

sr=blizzard
Attachment #81922 - Flags: superreview+
Comment on attachment 81922 [details] [diff] [review]
only create the 1-bit GC once we've created a 1-bit pixmap

r=pavlov
Attachment #81922 - Flags: review+
Comment on attachment 81922 [details] [diff] [review]
only create the 1-bit GC once we've created a 1-bit pixmap

a=asa (on behalf of drivers) for checkin to the 1.0 branch
Attachment #81922 - Flags: approval+
Checked into trunk.
Checked into branch.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
adding branch resolution keyword
Keywords: fixed1.0.0
verified fix checked into lxr.mozilla.org and bonsai.mozilla.org
Status: RESOLVED → VERIFIED
*** Bug 137475 has been marked as a duplicate of this bug. ***
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: