Closed Bug 1960856 Opened 6 months ago Closed 6 months ago

i.ibb.co - PNG file is rendered broken. And sometimes Crash in [@ mozilla::gfx::UnpackRowRGB24]

Categories

(Core :: Graphics: ImageLib, defect)

Product:
Core
Component:
Graphics: ImageLib
Platform:
Desktop
All
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
139 Branch
Tracking Flags:
Tracking Status
firefox-esr128 --- unaffected
firefox137 --- wontfix
firefox138 --- verified
firefox139 --- verified

People

(Reporter: rbucata, Assigned: tnikkel)

References

(Regression,
URL
)

Details

(Keywords: crash, regression, Whiteboard: [webcompat-source:web-bugs])

Crash Data

Attachments

(2 files)

Bug 1960856. Grayscale PNGs with cicp chunk need to convert to RGB before qcms color manages it. r?#gfx-reviewers
48 bytes, text/x-phabricator-request
Details | Review
Bug 1960856. Grayscale PNGs with cicp chunk need to convert to RGB before qcms color manages it. r?#gfx-reviewers
48 bytes, text/x-phabricator-request
phab-bot
: approval-mozilla-beta+
Details | Review

Environment:
Operating system: Linux
Firefox version: Firefox 137.0

Steps to reproduce:

  1. Navigate to: https://i.ibb.co/CBRBHZm/c90cae660320.png
  2. Observe

Expected Behavior:
The page renders the PNG file

Actual Behavior:
The PNG file is rendered broken

Notes:

  • Reproduces regardless of the status of ETP
  • Reproduces in firefox-nightly, and firefox-release
  • Does not reproduce in chrome

Created from https://github.com/webcompat/web-bugs/issues/153138

I can reproduce the issue on Nightly139.0a1 Windows11.

Regression window:
https://hg-edge.mozilla.org/integration/autoland/pushloghtml?fromchange=4852824f5ae35b46951ffe0ec3e814ac5c2a97f3&tochange=8599fc020cd6cc2f18ea36ced2f3427f979e3c78

And sometimes tab crashes when repeatedly reload or resize browser.
Crash report: https://crash-stats.mozilla.org/report/index/e8f36b1d-fd01-49cd-81cf-7bc7f0250416

Reason:

EXCEPTION_ACCESS_VIOLATION_READ

Top 10 frames:

0  xul.dll  mozilla::gfx::UnpackRowRGB24(unsigned char const*, unsigned char*, int)  gfx/2d/Swizzle.cpp:1049
0  xul.dll  mozilla::gfx::UnpackRowRGB24_SSSE3(unsigned char const*, unsigned char*, int)  gfx/2d/SwizzleSSSE3.cpp:37
0  xul.dll  mozilla::gfx::UnpackRowRGB24_AVX2<1>(unsigned char const*, unsigned char*, int)  gfx/2d/SwizzleAVX2.cpp:37
1  xul.dll  mozilla::image::SwizzleFilter<mozilla::image::DownscalingFilter<mozilla::imag...  image/SurfaceFilters.h:97
2  xul.dll  mozilla::image::SurfaceFilter::AdvanceRow(unsigned char const*)  image/SurfacePipe.h:141
2  xul.dll  mozilla::image::SurfaceFilter::WriteBuffer(unsigned int const*)  image/SurfacePipe.h:300
2  xul.dll  mozilla::image::SurfacePipe::WriteBuffer(unsigned int const*)  image/SurfacePipe.h:705
2  xul.dll  mozilla::image::nsPNGDecoder::WriteRow(unsigned char*)  image/decoders/nsPNGDecoder.cpp:862
2  xul.dll  mozilla::image::nsPNGDecoder::row_callback(png_struct_def*, unsigned char*, u...  image/decoders/nsPNGDecoder.cpp:843
3  xul.dll  MOZ_PNG_push_have_row(png_struct_def*, unsigned char*)  media/libpng/pngpread.c:1050
Crash Signature: [@ mozilla::gfx::UnpackRowRGB24]
status-firefox137: --- → affected
Keywords: crash, regression
OS: Linux → All
Regressed by: 1862245
Summary: i.ibb.co - PNG file is rendered broken → i.ibb.co - PNG file is rendered broken. And sometimes Crash in [@ mozilla::gfx::UnpackRowRGB24]
Flags: needinfo?(tnikkel)
Component: Site Reports → Graphics
Keywords: webcompat:site-report
Product: Web Compatibility → Core
Crash Signature: [@ mozilla::gfx::UnpackRowRGB24] → [@ mozilla::gfx::UnpackRowRGB24] [@ mozilla::gfx::UnpackRowRGB24_AVX2<T> ]

I get a crash just by clicking on the image to zoom it. (The image is zoomed-out by default at my monitors res and screen-size)

This is a valid PNG file:

chris@SuperNomad:/mnt/c/Users/chris/Documents/PNG$ pngcheck -c -v c90cae660320.png
File: c90cae660320.png (3220141 bytes)
chunk IHDR at offset 0x0000c, length 13
3840 x 2160 image, 8-bit grayscale, non-interlaced
chunk pHYs at offset 0x00025, length 9: 1x1 pixels/unit (1:1)
chunk cICP at offset 0x0003a, length 4
Rec. ITU-R BT.2100-2 perceptual quantization (PQ) system
White x = 0.3127 y = 0.329, Red x = 0.708 y = 0.292
Green x = 0.17 y = 0.797, Blue x = 0.131 y = 0.046
Full range
chunk cHRM at offset 0x0004a, length 32
White x = 0.3127 y = 0.329, Red x = 0.708 y = 0.292
Green x = 0.17 y = 0.797, Blue x = 0.131 y = 0.046
chunk IDAT at offset 0x00076, length 3220003
zlib: deflated, 32K window, maximum compression
chunk IEND at offset 0x3122a5, length 0
No errors detected in c90cae660320.png (6 chunks, 61.2% compression).

I can't explain the Firefox rendering, because this is a greyscale image so should render in shades of grey. But I see vertical stripes of color. Is the Firefox code expanding from greyscale to RGB before applying the cICP handling?

Thanks for all the info. I'm looking into this now.

Component: Graphics → Graphics: ImageLib

qcms expects rgb data for profiles created from cicp info. This mirrors what we do for icc profiles below.

Assignee: nobody → tnikkel
Status: NEW → ASSIGNED
Flags: needinfo?(tnikkel)
Pushed by tnikkel@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/51acdcbc70b2 Grayscale PNGs with cicp chunk need to convert to RGB before qcms color manages it. r=gfx-reviewers,lsalzman

https://hg.mozilla.org/mozilla-central/rev/51acdcbc70b2

Status: ASSIGNED → RESOLVED
Closed: 6 months ago
status-firefox139: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 139 Branch

qcms expects rgb data for profiles created from cicp info. This mirrors what we do for icc profiles below.

Original Revision: https://phabricator.services.mozilla.com/D245887

Attachment #9479887 - Flags: approval-mozilla-beta?

beta Uplift Approval Request

  • User impact if declined: some pngs won't show or crash
  • Code covered by automated testing: no
  • Fix verified in Nightly: no
  • Needs manual QE test: no
  • Steps to reproduce for manual QE testing: no
  • Risk associated with taking this patch: low
  • Explanation of risk level: apply the same approach icc color profiles use to cicp chunks
  • String changes made/needed: none
  • Is Android affected?: yes

Note that even after this fix the linked image will appear very dark because we don't tone map the PQ transfer function very well. See bug 1805278 and bug 1793091.

See Also: → 1805278
See Also: → 1793091
Attachment #9479887 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Flags: qe-verify+
QA Whiteboard: [qa-triaged]

I was able to reproduce the issue with an affected Firefox Nightly 139.0a1 build from 2025-04-16, using Ubuntu 22.04, macOS 14 and Windows 11, as described in Comment 0, Comment 1 and Comment 2.
Verified as fixed using Firefox 138.0 RC1 and Firefox 139.0a1 (2025-04-21), on the previous mentioned OSes. The PNG file rendering issue is resolved and the tab no longer crashes when resizing the browser or when clicking the image to zoom it.
Please note that the issue regarding the image appearing very dark still persists (almost completely black - depending on the type of monitor/display), as mentioned in Comment 11.

Status: RESOLVED → VERIFIED
QA Whiteboard: [qa-triaged]
status-firefox138: fixedverified
status-firefox139: fixedverified
Flags: qe-verify+
Blocks: 1966780

A test will be landed in bug 1966780.

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: