Closed Bug 1530222 Opened 5 years ago Closed 5 years ago

PNG containing large zTXt chunk not displayed in Firefox but in other programs

Categories

(Core :: Graphics: ImageLib, defect, P3)

Product:
Core
Component:
Graphics: ImageLib
Version:
65 Branch
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla67
Tracking Flags:
Tracking Status
firefox67 --- fixed

People

(Reporter: jexler, Assigned: aosmond)

References

(
URL
)

Details

(5 keywords)

Attachments

(1 file)

Bug 1530222 - Allow libpng to allocate larger chunks for decoding purposes.
47 bytes, text/x-phabricator-request
Details | Review

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15

Steps to reproduce:

Open https://www.artecat.ch/jexler/moebius/moebius.png in Firefox 65.0.1 (observed on Mac OS X 10.12.6 "Sierra")

Actual results:

Firefox shows a black background with text "The image "https://www.artecat.ch/jexler/moebius/moebius.png" cannot be displayed because it contains errors."

Expected results:

The PNG opens fine in Chrome and Safari, as well as in Photoshop and Gimp etc.
The PNG contains an rather unusually large 5 MB zTXt chunk, which is likely the immediate cause of the error in Firefox (removing all "metadata" chunks from the PNG results in a PNG of 2.8 MB size that is displayed correctly in Firefox, see https://www.artecat.ch/jexler/moebius/moebius2.png ).

The images were produced by converting a PDF to PNG using ImageMagick, see https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=35541

It is not 100% sure at the moment that the PNG is formally correct, but since all other applications tested could display (and/or edit) it, the Firefox behavior is likely not desireable: If an image displays correctly in most places it should ideally rather not fail in just one web browser, else creating web pages is made harder...

Is there a way to get more information behind the error in Firefox? It the error maybe a security measure that limits the size of certain chunks in a PNG to prevent attacks on the browser with images with huge such chunks?

Component: Untriaged → ImageLib
Product: Firefox → Core

Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0
20190224092357

URL: https://www.artecat.ch/jexler/moebius...
Status: UNCONFIRMED → NEW
Has STR: --- → yes
Ever confirmed: true
Keywords: parity-chrome, parity-edge, parity-ie, parity-safari, testcase
OS: Unspecified → All
Hardware: Unspecified → All

Caused by bug 1402057.

Indeed, the 5mb chunk hits the 4000000 limit we have on not idat/fdat chunks.

Chrome patches libpng to work around this.

https://github.com/chromium/chromium/blob/deef63c050a5e68041e2bfd5a7932b412939dc11/third_party/libpng/patches/0001-chunkerror.patch

Blocks: 1402057
Priority: -- → P3

(In reply to Timothy Nikkel (:tnikkel) from comment #2)

Caused by bug 1402057.

Indeed, the 5mb chunk hits the 4000000 limit we have on not idat/fdat chunks.

Chrome patches libpng to work around this.

https://github.com/chromium/chromium/blob/deef63c050a5e68041e2bfd5a7932b412939dc11/third_party/libpng/patches/0001-chunkerror.patch

Do we really need to patch the library? It is configurable, and we could just set it to something larger.

https://searchfox.org/mozilla-central/rev/2a6f3dde00801374d3b2a704232de54a132af389/image/decoders/nsPNGDecoder.cpp#315-317

Assignee: nobody → aosmond
Status: NEW → ASSIGNED
Pushed by aosmond@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/6b78699bdf7b
Allow libpng to allocate larger chunks for decoding purposes. r=tnikkel

https://hg.mozilla.org/mozilla-central/rev/6b78699bdf7b

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox67: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla67
QA Whiteboard: [qa-67b-p2]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: