Closed Bug 1697787 Opened 3 years ago Closed 3 years ago

startup crash in [@ qcms::transform_util::lut_interp_linear_float]

Categories

(Core :: Graphics: Color Management, defect)

Product:
Core
Component:
Graphics: Color Management
Platform:
Unspecified
Windows 10
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
88 Branch
Tracking Flags:
Tracking Status
firefox-esr78 --- unaffected
firefox86 --- unaffected
firefox87 --- unaffected
firefox88 --- fixed

People

(Reporter: aryx, Assigned: emilio)

References

(Regression)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

Bug 1697787 - Only call qcms_enable_iccv4 after parsing the device profile. r=jrmuizel
48 bytes, text/x-phabricator-request
Details | Review

59 crashes on 3+ installations, all on Windows 10, oldest affected build ID is 20210309094921 (we had 3 crashes maximum for previous versions)

Crash report: https://crash-stats.mozilla.org/report/index/0a3a8103-cc67-4150-ba41-b6ce50210309

MOZ_CRASH Reason: index out of bounds: the len is 256 but the index is 256

Top 10 frames of crashing thread:

0 xul.dll RustMozCrash mozglue/static/rust/wrappers.cpp:16
1 xul.dll mozglue_static::panic_hook mozglue/static/rust/lib.rs:89
2 xul.dll core::ops::function::Fn::call<fn ../cb75ad5db02783e8b0222fee363c5f63f7e2cf5b/library/core/src/ops/function.rs:227
3 xul.dll std::panicking::rust_panic_with_hook ../cb75ad5db02783e8b0222fee363c5f63f7e2cf5b//library/std/src/panicking.rs:595
4 xul.dll std::panicking::begin_panic_handler::{{closure}} ../cb75ad5db02783e8b0222fee363c5f63f7e2cf5b//library/std/src/panicking.rs:497
5 xul.dll std::sys_common::backtrace::__rust_end_short_backtrace<closure-0, !> ../cb75ad5db02783e8b0222fee363c5f63f7e2cf5b//library/std/src/sys_common/backtrace.rs:141
6 xul.dll std::panicking::begin_panic_handler ../cb75ad5db02783e8b0222fee363c5f63f7e2cf5b//library/std/src/panicking.rs:493
7 xul.dll core::panicking::panic_fmt ../cb75ad5db02783e8b0222fee363c5f63f7e2cf5b//library/core/src/panicking.rs:92
8 xul.dll core::panicking::panic_bounds_check ../cb75ad5db02783e8b0222fee363c5f63f7e2cf5b//library/core/src/panicking.rs:69
9 xul.dll qcms::transform_util::lut_interp_linear_float gfx/qcms/src/transform_util.rs:120
Flags: needinfo?(emilio)
Component: Widget → GFX: Color Management

Does this ring a bell Jeff? From the URLS I can get some (NSFW) jpeg images which are tagged with ICC sRGB color-space (as in, identify -verbose image.jpg returns icc:description: sRGB IEC61966-2.1. I'm not sure if they embed the profile data, I guess they do?

But I can see the image just fine so presumably something is not right in the output profile somehow... I don't know how my patch could've conceivably changed anything but I'll look closer.

Flags: needinfo?(emilio) → needinfo?(jmuizelaar)
Depends on: 1697858
Flags: needinfo?(jmuizelaar)

This is what was happening before bug 1697787, and it's technically a
bug.

Assignee: nobody → emilio
Status: NEW → ASSIGNED
Attachment #9208488 - Attachment description: Bug 1697787 - Only call qcms_enable_iccv4 after parsing the device transform. r=jrmuizel → Bug 1697787 - Only call qcms_enable_iccv4 after parsing the device profile. r=jrmuizel
Pushed by ealvarez@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/54b0a8d23a18
Only call qcms_enable_iccv4 after parsing the device profile. r=jrmuizel

https://hg.mozilla.org/mozilla-central/rev/54b0a8d23a18

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox88: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 88 Branch

Thanks to the additional coverage added in bug 1697858, this crash has now been found by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32711

Has Regression Range: --- → yes
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: