crash if source contains IMG tag with invalid file name, ALT=" " and certain WIDTH and HEIGHT values

RESOLVED DUPLICATE of bug 175108

Status

Core Graveyard
GFX: Gtk
--
critical
RESOLVED DUPLICATE of bug 175108
15 years ago
9 years ago

People

(Reporter: Simon Anders, Assigned: blizzard)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

15 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3b) Gecko/20030211
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3b) Gecko/20030211

The following line in an HTML source Mozilla to crash:
  <img src="does_not_exist"  height=60 width=234 alt=" ">

The file does_not_exist is of course meant to be non-existant.

Reproducible: Always

Steps to Reproduce:
1. Store the following file on your disk:
---8<---Begin Test File---
<html>
<head><title>Test</title></head>
<body>

   <img src="does_not_exist"  height=60 width=234 alt=" ">

</body>
</html>
---8<---End Test File---

2. View the File with Mozilla (by typing in the filename in the file:/// form)
Actual Results:  
Mozilla crashes instantly.


I get the follwing message in my shell:

[sanders@merlot tmp]$ mozilla file:///home/sanders/tmp/eis_.html
/usr/share/themes/Sunhouse/gtk-2.0/gtkrc:51: error: unexpected identifier
`make_tab_labels_bold', expected character `}'
Xlib:  extension "RENDER" missing on display ":0.0".
The program '<unknown>' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadValue (integer parameter out of range for operation)'.
  (Details: serial 1448 error_code 2 request_code 53 minor_code 0)
  (Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the --sync command line
   option to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)

Expected Results:  
Show a box for the missing image with the ALT text inside (which is only white
space here).

The values for WIDTH and HEIGHT in the IMG tag in the above test file seem to be
relevant. If I change them Mozilla does not crash. Also, if I replace the ALT
text with 'ALT="ABS"' Mozilla does not crash either.
Why are we looking for RENDER?  Is this a xft build or some other non-standard
build?
(Reporter)

Comment 2

15 years ago
The bug occured with the mozilla from the RPM package 
http://ftp.mozilla.org/pub/mozilla/releases/mozilla1.3b/Red_Hat_8x_RPMS/gtk2/SRPMS/mozilla-1.3b-0_gtk2_xft.src.rpm

I found this package following the link to RedHat packages on
http://www.mozilla.org/releases/

I have just changed (for other reasons) to the Mozilla as it gets installed by 
http://ftp.mozilla.org/pub/mozilla/releases/mozilla1.3b/mozilla-i686-pc-linux-gnu-1.3b-sea.tar.gz

That's the link on the enty page of www.mozilla.org.

And now, the bug disappeared!

Therefore, it must be something special of the build in the above mentioned RPM. 
Note that it is the PRM for "gtk2" not for "xft" (although I, being quite
ignorant about X11 development, don't know what this means).

HTH.
->gtk2
Assignee: jdunn → blizzard
Component: Image: GFX → GFX: Gtk
QA Contact: tpreston → ian
Blocks: 92033
(Assignee)

Comment 4

15 years ago
I'm not getting any kind of crash here.  Can you start that build with --sync
and get me a stack trace?
(Reporter)

Comment 5

15 years ago
Created attachment 115198 [details]
Stack Trace of the described bug

blizzard, this is the stack trace you asked for.

As I'm not too experienced with this kind of stuff, I put the full terminal log
into the file. So you can see what I have done.

After giving gdb the cont command I switched to the browser window and entered
the 'file:' URL pointing to the test file of my initial description.

HTH.
(Assignee)

Comment 6

15 years ago
dup.  This is an upstream Xft bug.

*** This bug has been marked as a duplicate of 175108 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → DUPLICATE
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.