If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

ImageLib failure to load JNG image crashes Mozilla [@ memmove]

VERIFIED DUPLICATE of bug 156540

Status

()

Core
ImageLib
--
critical
VERIFIED DUPLICATE of bug 156540
15 years ago
12 years ago

People

(Reporter: Greg K., Assigned: Jim Dunn)

Tracking

({crash})

Trunk
PowerPC
Mac OS X
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

Attachments

(2 attachments)

(Reporter)

Description

15 years ago
The known problem with libmng v1.0.4 (bug 181676) which causes some MNG and JNG
images to fail to load also seems to cause FizzillaMach/2003020303 to crash.
(Reporter)

Comment 1

15 years ago
Created attachment 113778 [details]
HTML testcase that, when shift+reloaded no more than twice, crashes FizzillaMach/2003020303 at memmove
(Reporter)

Comment 2

15 years ago
Created attachment 113779 [details]
Crash report generated by FizzillaMach/2003020303 showing crash at memmove after shift+reloading the HTML testcase
(Reporter)

Updated

15 years ago
Summary: ImageLib failure to load JNG image crashes Mozilla → ImageLib failure to load JNG image crashes Mozilla [@ memmove]
(Reporter)

Updated

15 years ago
Attachment #113778 - Attachment mime type: text/plain → text/html
(Reporter)

Comment 3

15 years ago
Crash also reproduced using the more-recent FizzillaMach/2003020603.
(Reporter)

Comment 4

15 years ago
Mac only? Doesn't appear to crash Win32/2003010408.
(Assignee)

Comment 5

15 years ago
I am crashing with a 2003012810 build on win2k
Looks like we are writing to invalid memory.  
Debuging I see: 
imgContainerMNG::WriteMNG(...) {
  mBuffer = (PRUint8 *) nsMemory::Realloc(mBuffer, mBufferEnd+count);
  inStr->Read((char *)mBuffer+mBufferEnd, count, _retval);
mBuffer is 0
mBufferEnd is 50520
count is 2728
So mBuffer is hosed... 
NOTE: the mng file is tagged as being "bad/invalid" so maybe we just
aren't initializing something and then expect the stream to just stop.

looking...
(Assignee)

Comment 6

15 years ago
I knew I had seen this before...
Marking this as a dup of bug 156540
which is in essence a bug that is fixed with bug 181676
(libmng to 1.0.5)

*** This bug has been marked as a duplicate of 156540 ***
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → DUPLICATE
(Reporter)

Updated

12 years ago
Status: RESOLVED → VERIFIED
Crash Signature: [@ memmove]
You need to log in before you can comment on or make changes to this bug.