Open
Bug 1819785
Opened 2 years ago
Updated 2 years ago
Assertion failure: yuv_type == YV24 (Identity (aka RGB) with chroma subsampling is unsupported), at /builds/worker/checkouts/gecko/gfx/ycbcr/yuv_convert.cpp:118
Categories
(Core :: Graphics: ImageLib, defect)
Core
Graphics: ImageLib
Tracking
()
NEW
| Tracking | Status | |
|---|---|---|
| firefox112 | --- | disabled |
People
(Reporter: tsmith, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, testcase)
Attachments
(1 file)
|
2.05 KB,
image/avif
|
Details |
testcase.avif
Found while fuzzing m-c 20230207-61a5e77067ce (--enable-debug --enable-fuzzing)
To reproduce via Grizzly Replay:
$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch -d --fuzzing -n firefox
$ python -m grizzly.replay ./firefox/firefox testcase.avif
Assertion failure: yuv_type == YV24 (Identity (aka RGB) with chroma subsampling is unsupported), at /builds/worker/checkouts/gecko/gfx/ycbcr/yuv_convert.cpp:118
#0 0x7fdd440e6dae in mozilla::gfx::ConvertYCbCrToRGB32(unsigned char const*, unsigned char const*, unsigned char const*, unsigned char*, int, int, int, int, int, int, int, mozilla::gfx::YUVType, mozilla::gfx::YUVColorSpace, mozilla::gfx::ColorRange) /builds/worker/checkouts/gecko/gfx/ycbcr/yuv_convert.cpp:118:7
#1 0x7fdd440e6793 in mozilla::gfx::ConvertYCbCrToRGBInternal(mozilla::layers::PlanarYCbCrData const&, mozilla::gfx::SurfaceFormat const&, mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, unsigned char*, int) /builds/worker/checkouts/gecko/gfx/ycbcr/YCbCrUtils.cpp:242:7
#2 0x7fdd4475852c in mozilla::image::nsAVIFDecoder::Decode(mozilla::image::SourceBufferIterator&, mozilla::image::IResumable*) /builds/worker/checkouts/gecko/image/decoders/nsAVIFDecoder.cpp:1719:5
#3 0x7fdd44756571 in mozilla::image::nsAVIFDecoder::DoDecode(mozilla::image::SourceBufferIterator&, mozilla::image::IResumable*) /builds/worker/checkouts/gecko/image/decoders/nsAVIFDecoder.cpp:1195:25
#4 0x7fdd446987c7 in mozilla::image::Decoder::Decode(mozilla::image::IResumable*) /builds/worker/checkouts/gecko/image/Decoder.cpp:177:19
#5 0x7fdd4469816b in mozilla::image::AnimationSurfaceProvider::Run() /builds/worker/checkouts/gecko/image/AnimationSurfaceProvider.cpp:232:36
#6 0x7fdd446babc1 in mozilla::image::DecodingTask::Run() /builds/worker/checkouts/gecko/image/DecodePool.cpp:146:12
#7 0x7fdd42f5b993 in mozilla::TaskController::RunPoolThread() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:328:33
#8 0x7fdd56570c86 in _pt_root /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:201:5
#9 0x7fdd56e19b42 in start_thread nptl/pthread_create.c:442:8
#10 0x7fdd56eab9ff misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
Flags: in-testsuite?
|
Reporter | |
Comment 1•2 years ago
|
||
Oh looks like this does require image.avif.sequence.enabled=true.
|
||
Updated•2 years ago
|
Severity: -- → S3
|
||
Comment 2•2 years ago
|
||
Unable to reproduce bug 1819785 using build mozilla-central 20230207214329-61a5e77067ce. Without a baseline, bugmon is unable to analyze this bug.
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.
Keywords: bugmon
|
|
||
Comment 3•2 years ago
|
||
Looks like we will just use different constants to convert the pixel values, so at worst we'll just display pixels of the image wrong.
You need to log in
before you can comment on or make changes to this bug.
Description
•