Closed
Bug 1814774
Opened 2 years ago
Closed 2 years ago
Assertion failure: aAlphaPlane->stride[0] == data->mYStride, at /builds/worker/checkouts/gecko/image/decoders/nsAVIFDecoder.cpp:1027
Categories
(Core :: Graphics: ImageLib, defect)
Core
Graphics: ImageLib
Tracking
()
RESOLVED
FIXED
111 Branch
| Tracking | Status | |
|---|---|---|
| firefox-esr102 | --- | unaffected |
| firefox109 | --- | unaffected |
| firefox110 | --- | unaffected |
| firefox111 | --- | fixed |
People
(Reporter: tsmith, Assigned: Zaggy1024)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, testcase)
Attachments
(2 files)
testcase.avif
Found while fuzzing m-c 20230201-b7f075124503 (--enable-debug --enable-fuzzing)
Requires pref image.avif.sequence.enabled=true
Assertion failure: aAlphaPlane->stride[0] == data->mYStride, at /builds/worker/checkouts/gecko/image/decoders/nsAVIFDecoder.cpp:1027
#0 0x7f825734ac7e in mozilla::image::Dav1dDecoder::Dav1dPictureToDecodedData(Mp4parseNclxColourInformation const*, mozilla::UniquePtr<Dav1dPicture, mozilla::image::Dav1dPictureUnref>, mozilla::UniquePtr<Dav1dPicture, mozilla::image::Dav1dPictureUnref>, bool) /builds/worker/checkouts/gecko/image/decoders/nsAVIFDecoder.cpp:1027:5
#1 0x7f825737804f in mozilla::image::Dav1dDecoder::Decode(bool, Mp4parseAvifInfo const&, mozilla::image::AVIFImage const&) /builds/worker/checkouts/gecko/image/decoders/nsAVIFDecoder.cpp:551:20
#2 0x7f825734cd69 in mozilla::image::nsAVIFDecoder::Decode(mozilla::image::SourceBufferIterator&, mozilla::image::IResumable*) /builds/worker/checkouts/gecko/image/decoders/nsAVIFDecoder.cpp:1491:17
#3 0x7f825734bf61 in mozilla::image::nsAVIFDecoder::DoDecode(mozilla::image::SourceBufferIterator&, mozilla::image::IResumable*) /builds/worker/checkouts/gecko/image/decoders/nsAVIFDecoder.cpp:1181:25
#4 0x7f825728e057 in mozilla::image::Decoder::Decode(mozilla::image::IResumable*) /builds/worker/checkouts/gecko/image/Decoder.cpp:177:19
#5 0x7f825728d9fb in mozilla::image::AnimationSurfaceProvider::Run() /builds/worker/checkouts/gecko/image/AnimationSurfaceProvider.cpp:232:36
#6 0x7f82572b0401 in mozilla::image::DecodingTask::Run() /builds/worker/checkouts/gecko/image/DecodePool.cpp:146:12
#7 0x7f8255be9e03 in mozilla::TaskController::RunPoolThread() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:328:33
#8 0x7f8268aefc86 in _pt_root /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:201:5
#9 0x7f8269870608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477:8
#10 0x7f826941b132 in __clone /build/glibc-SzIz7B/glibc-2.31/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Flags: in-testsuite?
|
||
Comment 1•2 years ago
|
||
This reproduces before bug 1788119 landed.
This assertion can probably be removed thanks to these lines:
|
||
Updated•2 years ago
|
Assignee: nobody → Zaggy1024
Status: NEW → ASSIGNED
Pushed by zaggy1024@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/4a40b28460b4
Error early when a different-sized AVIF alpha plane is decoded. r=tnikkel
|
||
Comment 5•2 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → 111 Branch
|
||
Updated•2 years ago
|
|
||
Updated•2 years ago
|
status-firefox109:
--- → unaffected
status-firefox110:
--- → unaffected
status-firefox-esr102:
--- → unaffected
Flags: in-testsuite? → in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•