Closed
Bug 154716
Opened 22 years ago
Closed 22 years ago
Mozilla crashes in the GIF decoder at this url
Categories
(Core :: Graphics: ImageLib, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 124767
People
(Reporter: nazgul, Assigned: pavlov)
References
()
Details
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.0.0) Gecko/20020529
BuildID: 2002052918
Go to the provided URL, Mozilla crashes decoding the GIF.
Reproducible: Always
Date/Time: 2002-06-27 20:58:19 -0400
OS Version: 10.1.5 (Build 5S66)
Host: wraith.somewhere.com
Command: Mozilla
PID: 1722
Exception: EXC_BAD_ACCESS (0x0001)
Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000000
Thread 0 Crashed:
#0 0x01c0b854 in HaveDecodedRow(void *, unsigned char *, int, int, int, int,
unsigned char, int)
#1 0x01c0b764 in 0x1c0b764
#2 0x01c0bec8 in output_row(gif_struct *)
#3 0x01c0c20c in do_lzw(gif_struct *, unsigned char const *)
#4 0x01c0c808 in 0x1c0c808
#5 0x01c0b124 in nsGIFDecoder2::ProcessData(unsigned char *, unsigned int,
unsigned int *)
#6 0x01c0ae88 in ReadDataOut(nsIInputStream *, void *, char const *, unsigned
int, unsigned int, unsigned int *)
#7 0x006d5ba8 in nsInputStreamTee::WriteSegmentFun(nsIInputStream *, void *,
char const *, unsigned int, unsigned int)
#8 0x006995fc in nsPipe::nsPipeInputStream::ReadSegments( (
(*)(nsIInputStream *)))
#9 0x006d6114 in nsInputStreamTee::ReadSegments( (*)(nsIInputStream *, void
*, char const *, unsigned int, unsigned int, *))
#10 0x01c0b1f8 in nsGIFDecoder2::WriteFrom(nsIInputStream *, unsigned int,
unsigned int *)
#11 0x02bf19e0 in OnDataAvailable__10imgRequestFP10nsIRequestP11nsISupportsP14ns
#12 0x02bee054 in OnDataAvailable__13ProxyListenerFP10nsIRequestP11nsISupportsP1
#13 0x01ace7ec in OnDataAvailable__19nsStreamListenerTeeFP10nsIRequestP11nsISupp
#14 0x01ae383c in OnDataAvailable__13nsHttpChannelFP10nsIRequestP11nsISupportsP1
#15 0x01ac5520 in nsOnDataAvailableEvent::HandleEvent(void)
#16 0x01ad3900 in nsARequestObserverEvent::HandlePLEvent(PLEvent *)
#17 0x006b9ea0 in PL_HandleEvent
#18 0x006b9d0c in PL_ProcessPendingEvents
#19 0x0065fd9c in nsEventQueueImpl::ProcessPendingEvents(void)
#20 0x0239d93c in nsMacNSPREventQueueHandler::ProcessPLEventQueue(void)
#21 0x0239d7e0 in nsMacNSPREventQueueHandler::RepeatAction(EventRecord const &)
#22 0x000e6b14 in Repeater::DoRepeaters(EventRecord const &)
#23 0x023b3b58 in nsMacMessagePump::DispatchEvent(int, EventRecord *)
#24 0x023b3880 in nsMacMessagePump::DoMessagePump(void)
#25 0x023b31fc in nsAppShell::Run(void)
#26 0x022d9acc in nsAppShellService::Run(void)
#27 0x00227efc in main1(int, char **, nsISupports *)
#28 0x0022893c in main
Thread 1:
#0 0x70000978 in mach_msg_overwrite_trap
#1 0x70005a04 in mach_msg
#2 0x7017bf84 in __CFRunLoopRun
#3 0x701b70ec in CFRunLoopRunSpecific
#4 0x7017b8cc in CFRunLoopRunInMode
#5 0x7061be08 in
XIOAudioDeviceManager::NotificationThread(XIOAudioDeviceManager *)
#6 0x706141c0 in CAPThread::Entry(CAPThread *)
#7 0x7002054c in _pthread_body
Thread 2:
#0 0x7000497c in syscall
#1 0x70557600 in BSD_waitevent
#2 0x70554b80 in CarbonSelectThreadFunc
#3 0x7002054c in _pthread_body
Thread 3:
#0 0x7003f4c8 in semaphore_wait_signal_trap
#1 0x7003f2c8 in _pthread_cond_wait
#2 0x705593ec in CarbonOperationThreadFunc
#3 0x7002054c in _pthread_body
Thread 4:
#0 0x70044cf8 in semaphore_timedwait_signal_trap
#1 0x70044cd8 in semaphore_timedwait_signal
#2 0x70283e9c in TSWaitOnConditionTimedRelative
#3 0x7027d740 in TSWaitOnSemaphoreCommon
#4 0x702c2078 in TimerThread
#5 0x7002054c in _pthread_body
Thread 5:
#0 0x7003f4c8 in semaphore_wait_signal_trap
#1 0x7003f2c8 in _pthread_cond_wait
#2 0x70250aa8 in TSWaitOnCondition
#3 0x7027d728 in TSWaitOnSemaphoreCommon
#4 0x70243d0c in AsyncFileThread
#5 0x7002054c in _pthread_body
Thread 6:
#0 0x7003f4c8 in semaphore_wait_signal_trap
#1 0x7003f2c8 in _pthread_cond_wait
#2 0x7055b884 in CarbonInetOperThreadFunc
#3 0x7002054c in _pthread_body
Thread 7:
#0 0x70000978 in mach_msg_overwrite_trap
#1 0x70005a04 in mach_msg
#2 0x70026a2c in _pthread_become_available
#3 0x70026724 in pthread_exit
#4 0x70020550 in _pthread_body
PPC Thread State:
srr0: 0x01c0b854 srr1: 0x0000f030 vrsave: 0x00000000
xer: 0x00000004 lr: 0x01c0b7f8 ctr: 0x01c10b70 mq: 0x00000000
r0: 0x0624e1da r1: 0xbfffed00 r2: 0x0328b830 r3: 0x06256900
r4: 0x00000000 r5: 0x06256900 r6: 0x000000e7 r7: 0x0000001b
r8: 0x00000001 r9: 0x00000004 r10: 0x00000000 r11: 0x80003710
r12: 0x0328bf44 r13: 0x00000000 r14: 0x00000b39 r15: 0x0624e1da
r16: 0x046ee780 r17: 0x046fa130 r18: 0x046ee798 r19: 0x046fbc90
r20: 0x00000010 r21: 0x00000021 r22: 0x00000040 r23: 0x0000008e
r24: 0x0624d080 r25: 0x00000000 r26: 0x06256a20 r27: 0x00000040
r28: 0x03b6b330 r29: 0x0000001b r30: 0x00000001 r31: 0x00000000
**********
Date/Time: 2002-06-27 20:59:10 -0400
OS Version: 10.1.5 (Build 5S66)
Host: wraith.somewhere.com
Command: Mozilla
PID: 2686
Exception: EXC_BAD_ACCESS (0x0001)
Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000000
Thread 0 Crashed:
#0 0x03421854 in HaveDecodedRow(void *, unsigned char *, int, int, int, int,
unsigned char, int)
#1 0x03421764 in 0x3421764
#2 0x03421ec8 in output_row(gif_struct *)
#3 0x0342220c in do_lzw(gif_struct *, unsigned char const *)
#4 0x03422808 in 0x3422808
#5 0x03421124 in nsGIFDecoder2::ProcessData(unsigned char *, unsigned int,
unsigned int *)
#6 0x03420e88 in ReadDataOut(nsIInputStream *, void *, char const *, unsigned
int, unsigned int, unsigned int *)
#7 0x006d5ba8 in nsInputStreamTee::WriteSegmentFun(nsIInputStream *, void *,
char const *, unsigned int, unsigned int)
#8 0x006995fc in nsPipe::nsPipeInputStream::ReadSegments( (
(*)(nsIInputStream *)))
#9 0x006d6114 in nsInputStreamTee::ReadSegments( (*)(nsIInputStream *, void
*, char const *, unsigned int, unsigned int, *))
#10 0x034211f8 in nsGIFDecoder2::WriteFrom(nsIInputStream *, unsigned int,
unsigned int *)
#11 0x02bed9e0 in OnDataAvailable__10imgRequestFP10nsIRequestP11nsISupportsP14ns
#12 0x02bea054 in OnDataAvailable__13ProxyListenerFP10nsIRequestP11nsISupportsP1
#13 0x021097ec in OnDataAvailable__19nsStreamListenerTeeFP10nsIRequestP11nsISupp
#14 0x0211e83c in OnDataAvailable__13nsHttpChannelFP10nsIRequestP11nsISupportsP1
#15 0x02100520 in nsOnDataAvailableEvent::HandleEvent(void)
#16 0x0210e900 in nsARequestObserverEvent::HandlePLEvent(PLEvent *)
#17 0x006b9ea0 in PL_HandleEvent
#18 0x006b9d0c in PL_ProcessPendingEvents
#19 0x0065fd9c in nsEventQueueImpl::ProcessPendingEvents(void)
#20 0x0238993c in nsMacNSPREventQueueHandler::ProcessPLEventQueue(void)
#21 0x023897e0 in nsMacNSPREventQueueHandler::RepeatAction(EventRecord const &)
#22 0x000dfb14 in Repeater::DoRepeaters(EventRecord const &)
#23 0x0239fb58 in nsMacMessagePump::DispatchEvent(int, EventRecord *)
#24 0x0239f880 in nsMacMessagePump::DoMessagePump(void)
#25 0x0239f1fc in nsAppShell::Run(void)
#26 0x022c5acc in nsAppShellService::Run(void)
#27 0x00230efc in main1(int, char **, nsISupports *)
#28 0x0023193c in main
Thread 1:
#0 0x70000978 in mach_msg_overwrite_trap
#1 0x70005a04 in mach_msg
#2 0x70026a2c in _pthread_become_available
#3 0x70026724 in pthread_exit
#4 0x70020550 in _pthread_body
#5 0x90010008 in 0x90010008
Thread 2:
#0 0x70000978 in mach_msg_overwrite_trap
#1 0x70005a04 in mach_msg
#2 0x7017bf84 in __CFRunLoopRun
#3 0x701b70ec in CFRunLoopRunSpecific
#4 0x7017b8cc in CFRunLoopRunInMode
#5 0x7061be08 in
XIOAudioDeviceManager::NotificationThread(XIOAudioDeviceManager *)
#6 0x706141c0 in CAPThread::Entry(CAPThread *)
#7 0x7002054c in _pthread_body
Thread 3:
#0 0x7000497c in syscall
#1 0x70557600 in BSD_waitevent
#2 0x70554b80 in CarbonSelectThreadFunc
#3 0x7002054c in _pthread_body
Thread 4:
#0 0x7003f4c8 in semaphore_wait_signal_trap
#1 0x7003f2c8 in _pthread_cond_wait
#2 0x705593ec in CarbonOperationThreadFunc
#3 0x7002054c in _pthread_body
Thread 5:
#0 0x70044cf8 in semaphore_timedwait_signal_trap
#1 0x70044cd8 in semaphore_timedwait_signal
#2 0x70283e9c in TSWaitOnConditionTimedRelative
#3 0x7027d740 in TSWaitOnSemaphoreCommon
#4 0x702c2078 in TimerThread
#5 0x7002054c in _pthread_body
Thread 6:
#0 0x7003f4c8 in semaphore_wait_signal_trap
#1 0x7003f2c8 in _pthread_cond_wait
#2 0x70250aa8 in TSWaitOnCondition
#3 0x7027d728 in TSWaitOnSemaphoreCommon
#4 0x70243d0c in AsyncFileThread
#5 0x7002054c in _pthread_body
Thread 7:
#0 0x7003f4c8 in semaphore_wait_signal_trap
#1 0x7003f2c8 in _pthread_cond_wait
#2 0x7055b884 in CarbonInetOperThreadFunc
#3 0x7002054c in _pthread_body
PPC Thread State:
srr0: 0x03421854 srr1: 0x0000f030 vrsave: 0x00000000
xer: 0x00000010 lr: 0x034217f8 ctr: 0x025e2b70 mq: 0x00000000
r0: 0x03dc567a r1: 0xbfffed00 r2: 0x025a4800 r3: 0x03dc77c0
r4: 0x00000000 r5: 0x03dc77c0 r6: 0x000000e7 r7: 0x00000013
r8: 0x00000001 r9: 0x00000004 r10: 0x00000000 r11: 0x80003710
r12: 0x034500d4 r13: 0x00000000 r14: 0x00000b41 r15: 0x03dc567a
r16: 0x03578440 r17: 0x03577430 r18: 0x035784c5 r19: 0x03575420
r20: 0x00000001 r21: 0x00000021 r22: 0x00000040 r23: 0x00000109
r24: 0x03dc4520 r25: 0x00000000 r26: 0x03dc78e0 r27: 0x00000040
r28: 0x03833670 r29: 0x00000013 r30: 0x00000001 r31: 0x00000000
**********
*** This bug has been marked as a duplicate of 124767 ***
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•