Closed Bug 159256 Opened 22 years ago Closed 22 years ago

Crash on loading favicon

Categories

(Core :: Graphics: ImageLib, defect)

Product:
Core
Component:
Graphics: ImageLib
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: kazhik, Assigned: pavlov)

References

Details

(Keywords: crash)

Win32 build crashes on loading <http://www.nta.co.jp/> or <http://www.nta.co.jp/favicon.ico>. Talkback ID: TB8522800Q,TB8522949E
Boris, should I ask you for TB8522800Q, TB8522949E?
Keywords: crash
Crash with 2002072308/trunk/W2K -> TB8652472Q
URL: http://www.nta.co.jp/favicon.ico
xptiInterfaceInfo::Release [c:/builds/seamonkey/mozilla/xpcom/reflect/xptinfo/src/xptiInterfaceInfo.cpp, line 801] nsCOMPtr_base::~nsCOMPtr_base [c:/builds/seamonkey/mozilla/xpcom/glue/nsCOMPtr.cpp, line 65] nsJSIID::`scalar deleting destructor' nsJSIID::Release [c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcjsid.cpp, line 383] XPCJSRuntime::GCCallback [c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcjsruntime.cpp, line 539] 0x03463b60 and nsCOMPtr_base::~nsCOMPtr_base [c:/builds/seamonkey/mozilla/xpcom/glue/nsCOMPtr.cpp, line 64] nsXBLEventHandler::~nsXBLEventHandler [c:/builds/seamonkey/mozilla/content/xbl/src/nsXBLEventHandler.cpp, line 92] nsXBLKeyHandler::Release [c:/builds/seamonkey/mozilla/content/xbl/src/nsXBLKeyHandler.cpp, line 112] nsEventListenerManager::ReleaseListeners [c:/builds/seamonkey/mozilla/content/events/src/nsEventListenerManager.cpp, line 368] nsEventListenerManager::RemoveAllListeners [c:/builds/seamonkey/mozilla/content/events/src/nsEventListenerManager.cpp, line 162] nsEventListenerManager::~nsEventListenerManager [c:/builds/seamonkey/mozilla/content/events/src/nsEventListenerManager.cpp, line 141] nsEventListenerManager::`scalar deleting destructor' nsEventListenerManager::Release [c:/builds/seamonkey/mozilla/content/events/src/nsEventListenerManager.cpp, line 192] nsGenericElement::~nsGenericElement [c:/builds/seamonkey/mozilla/content/base/src/nsGenericElement.cpp, line 745] nsHTMLInputElement::`scalar deleting destructor' nsHTMLIFrameElement::Release [c:/builds/seamonkey/mozilla/content/html/content/src/nsHTMLIFrameElement.cpp, line 177] nsGenericHTMLContainerElement::~nsGenericHTMLContainerElement [c:/builds/seamonkey/mozilla/content/html/content/src/nsGenericHTMLElement.cpp, line 3843] nsHTMLFormElement::`scalar deleting destructor' nsHTMLIFrameElement::Release [c:/builds/seamonkey/mozilla/content/html/content/src/nsHTMLIFrameElement.cpp, line 177] nsGenericHTMLContainerElement::~nsGenericHTMLContainerElement [c:/builds/seamonkey/mozilla/content/html/content/src/nsGenericHTMLElement.cpp, line 3843] nsHTMLBodyElement::`scalar deleting destructor' nsHTMLIFrameElement::Release [c:/builds/seamonkey/mozilla/content/html/content/src/nsHTMLIFrameElement.cpp, line 177] nsGenericHTMLContainerElement::~nsGenericHTMLContainerElement [c:/builds/seamonkey/mozilla/content/html/content/src/nsGenericHTMLElement.cpp, line 3843] nsHTMLHtmlElement::`scalar deleting destructor' nsHTMLIFrameElement::Release [c:/builds/seamonkey/mozilla/content/html/content/src/nsHTMLIFrameElement.cpp, line 177] nsSupportsArray::Clear [c:/builds/seamonkey/mozilla/xpcom/ds/nsSupportsArray.cpp, line 560] nsDocument::~nsDocument [c:/builds/seamonkey/mozilla/content/base/src/nsDocument.cpp, line 579] are the two stacks. Looks like an unbalanced refcount somwhere somehow...
URL: http://www.nta.co.jp/favicon.ico
WFM with 2002072406/1.0branch/W2K
2002080508-trunk/WinXP still crashes. Talkback ID: TB9008903Y
ntdll.dll + 0x3207 (0x77f53207) msvcrt.dll + 0x1ac14 (0x77bdac14) msvcrt.dll + 0x1ac2a (0x77bdac2a) JS_HashTableAdd [c:/builds/seamonkey/mozilla/js/src/jshash.c, line 274] _createJSDObject [c:/builds/seamonkey/mozilla/js/jsd/jsd_obj.c, line 133] jsd_ObjectHook [c:/builds/seamonkey/mozilla/js/jsd/jsd_obj.c, line 171] js_NewObject [c:/builds/seamonkey/mozilla/js/src/jsobj.c, line 1702] js_NewFunction [c:/builds/seamonkey/mozilla/js/src/jsfun.c, line 1915] FunctionDef [c:/builds/seamonkey/mozilla/js/src/jsparse.c, line 659] FunctionStmt [c:/builds/seamonkey/mozilla/js/src/jsparse.c, line 857] Statement [c:/builds/seamonkey/mozilla/js/src/jsparse.c, line 1172] Statements [c:/builds/seamonkey/mozilla/js/src/jsparse.c, line 887] js_CompileTokenStream [c:/builds/seamonkey/mozilla/js/src/jsparse.c, line 394] CompileTokenStream [c:/builds/seamonkey/mozilla/js/src/jsapi.c, line 2848] JS_CompileUCScriptForPrincipals [c:/builds/seamonkey/mozilla/js/src/jsapi.c, line 2928] JS_EvaluateUCScriptForPrincipals [c:/builds/seamonkey/mozilla/js/src/jsapi.c, line 3377] nsJSContext::EvaluateString [c:/builds/seamonkey/mozilla/dom/src/base/nsJSEnvironment.cpp, line 702] nsScriptLoader::EvaluateScript [c:/builds/seamonkey/mozilla/content/base/src/nsScriptLoader.cpp, line 570] nsScriptLoader::ProcessRequest [c:/builds/seamonkey/mozilla/content/base/src/nsScriptLoader.cpp, line 478] nsScriptLoader::OnStreamComplete [c:/builds/seamonkey/mozilla/content/base/src/nsScriptLoader.cpp, line 781] nsStreamLoader::OnStopRequest [c:/builds/seamonkey/mozilla/netwerk/base/src/nsStreamLoader.cpp, line 163] nsHttpChannel::OnStopRequest [c:/builds/seamonkey/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp, line 2931] nsOnStopRequestEvent::HandleEvent [c:/builds/seamonkey/mozilla/netwerk/base/src/nsRequestObserverProxy.cpp, line 213] PL_HandleEvent [c:/builds/seamonkey/mozilla/xpcom/threads/plevent.c, line 597] PL_ProcessPendingEvents [c:/builds/seamonkey/mozilla/xpcom/threads/plevent.c, line 530] _md_EventReceiverProc [c:/builds/seamonkey/mozilla/xpcom/threads/plevent.c, line 1078] USER32.dll + 0x3c076 (0x77d2c076) USER32.dll + 0x3c076 (0x77d2c076) _setargv() kernel32.dll + 0x1eb69 (0x77e3eb69) kernel32.dll + 0x3bb86 (0x77e5bb86)
2002081612-trunk/Win98SE crashes when opening http://www.nta.co.jp/favicon.ico in a new tab and closing the tab. TB9485057Q. But not always, sometimes rather. http://www.nta.co.jp/favicon.ico is 28x32 px. favicon.ico is usually 16x16px or 32x32px. Is this the cause?
It seems that this favicon.ico has invalid preferences in the header -- width or height is zero? I can't read it with an .ico editor; div by zero error.
I tryed to change. http://lxr.mozilla.org/seamonkey/source/modules/libpr0n/decoders/bmp/nsICODecoder.cpp#307 - rv = mFrame->Init(0, 0, mDirEntry.mWidth, mDirEntry.mWidth, GFXFORMATALPHA); + rv = mFrame->Init(0, 0, mDirEntry.mWidth, mDirEntry.mHeight, GFXFORMATALPHA); it seems ro be fixed.
*** Bug 163874 has been marked as a duplicate of this bug. ***
Bug 163874 is caused because the ico file has a 64x64 256 color format inside of it. Using an ico editor to remove that particular format from the ico file fixes the crash.
several square ico files cause crash. xoip.ico includes 16x16, 32x32 and 62x64 picture. the crash is caused in Mozilla1.1b, but is not caused in Mozilla 1.0/1.0.1rc1. after my patch, not crash but not draw picture exactly. but Mozilla 1.0/1.0.1rc1 also not draw picture exactly. there is still another bug.
>several square ico files cause crash. typo... several not square ico files cause crash.
biesi, what do you think of the change in comment 9?
bz, haven't tested it, but looks ok... r=biesi, if you get sr=tor now that I think about it... I think I've seen some other bugs that will get fixed by this one too.
sr=tor
checked in the patch in comment 9. Thanks Hidehiro Kozawa for the patch, and sorry that it took to long that it got fixed.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
ok, so it did not take long :) I had the impression that I had seen this a long time ago and forgotten about it...
*** Bug 151154 has been marked as a duplicate of this bug. ***
You need to log in before you can comment on or make changes to this bug.