[DOGFOOD] divide by zero in nsProgressMeterFrame::PaintBarSolid()

VERIFIED FIXED in M12

Status

()

Core
Layout
P1
major
VERIFIED FIXED
19 years ago
19 years ago

People

(Reporter: edburns, Assigned: edburns)

Tracking

Trunk
Sun
Solaris
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [PDT+] 12/3 completion 12/6: Requested verification by reporter)

(Assignee)

Description

19 years ago
If the rect argument passed into this method has a 0 height, the following
lines will cause a divide by zero and core dump:

500 nsProgressMeterFrame::PaintBarSolid(nsIPresContext* aPresContext,
                                        nsIRenderingContext& aRenderingContext,
501                                     const nsRect& rect, nscolor color,
                                        float skew)
502 {

...

509     // how many pixel lines will fit?
510     int segments = (rect.height/2) / onePixel;

...

532     // we need to figure out how bright we can get.
533     PRUint8 units = (255 - brightness)/segments;
534

It so happens that rect.height is zero when runnig mozilla after building --
with-xlib --enable-toolkit=xlib.

Here's a partial stack trace:

#0  0xef1a83a4 in .div ()
#1  0xed1d75b4 in nsProgressMeterFrame::PaintBarSolid ()
    at ./nsProgressMeterFrame.cpp:536
#2  0xed1d7170 in nsProgressMeterFrame::PaintBar ()
    at ./nsProgressMeterFrame.cpp:450
#3  0xed1d6f84 in nsProgressMeterFrame::Paint ()
    at ./nsProgressMeterFrame.cpp:411
#4  0xecf45668 in nsContainerFrame::PaintChild (this=0x708558,
    aPresContext=@0x4a0e50, aRenderingContext=@0x72a7a0,
    aDirtyRect=@0xefffb340, aFrame=0x708e60,
    aWhichLayer=eFramePaintLayer_Underlay) at ./nsContainerFrame.cpp:253
#5  0xed1d2e1c in nsBoxFrame::PaintChild (this=0x708558,
    aPresContext=@0x4a0e50, aRenderingContext=@0x72a7a0,
    aDirtyRect=@0xefffb340, aFrame=0x708e60,
    aWhichLayer=eFramePaintLayer_Underlay) at ./nsBoxFrame.cpp:1874
#6  0xecf4539c in nsContainerFrame::PaintChildren (this=0x708558,
    aPresContext=@0x4a0e50, aRenderingContext=@0x72a7a0,
    aDirtyRect=@0xefffb340, aWhichLayer=eFramePaintLayer_Underlay)
    at ./nsContainerFrame.cpp:193
#7  0xecf67878 in nsHTMLContainerFrame::Paint (this=0x708558,
    aPresContext=@0x4a0e50, aRenderingContext=@0x72a7a0,
    aDirtyRect=@0xefffb340, aWhichLayer=eFramePaintLayer_Underlay)
    at ./nsHTMLContainerFrame.cpp:88
---Type <return> to continue, or q <return> to quit---
#8  0xed1d2d30 in nsBoxFrame::Paint (this=0x708558, aPresContext=@0x4a0e50,
    aRenderingContext=@0x72a7a0, aDirtyRect=@0xefffb340,
    aWhichLayer=eFramePaintLayer_Underlay) at ./nsBoxFrame.cpp:1846
#9  0xecf45668 in nsContainerFrame::PaintChild (this=0x7080b8,
    aPresContext=@0x4a0e50, aRenderingContext=@0x72a7a0,
    aDirtyRect=@0xefffb610, aFrame=0x708558,
    aWhichLayer=eFramePaintLayer_Underlay) at ./nsContainerFrame.cpp:253
(More stack frames follow...)

Updated

19 years ago
Assignee: travis → evaughan

Comment 1

19 years ago
Reassigning to Eric.  Looks like he wrote this code.  Not sure why I got this
bug in the first place.

Updated

19 years ago
Whiteboard: [PDT+]
Target Milestone: M12

Comment 2

19 years ago
Putting on PDT+ radar.

Updated

19 years ago
Status: NEW → ASSIGNED
Whiteboard: [PDT+] → [PDT+] 12/03/1999

Updated

19 years ago
Assignee: evaughan → mcafee
Status: ASSIGNED → NEW

Comment 3

19 years ago
stole this from evauhan

Updated

19 years ago
Priority: P3 → P1
Summary: DOGFOOD: divide by zero in nsProgressMeterFrame::PaintBarSolid() → [DOGFOOD] divide by zero in nsProgressMeterFrame::PaintBarSolid()
Whiteboard: [PDT+] 12/03/1999 → [PDT+] 12/3 completion

Comment 4

19 years ago
Approved.  Upgrading to P1.

Updated

19 years ago
Status: NEW → RESOLVED
Last Resolved: 19 years ago
Resolution: --- → FIXED

Comment 5

19 years ago
This code now bails if divide-by-zero case shows up.
evaughan says this painting code will be rewritten soon,
"Just make this so it doesn't crash"  -- done.

Comment 6

19 years ago
I'm not sure what I should do to verify this fix. Is there a test case I
could use to help me ? If not, could the engineer please mark this as verified
fixed.

Comment 7

19 years ago
Ed, can you verify this?  Let's give Ed some time, otherwise
I will verify.  This just a bandaid fix, no reproduceable case,
hard for QA to verify.  You can give me verification honor if you want.
(Assignee)

Comment 8

19 years ago
You can assign the bug to me so I'll remember to test it.

Updated

19 years ago
Status: RESOLVED → REOPENED

Updated

19 years ago
Assignee: mcafee → edburns
Status: REOPENED → NEW

Updated

19 years ago
Status: NEW → RESOLVED
Last Resolved: 19 years ago19 years ago

Comment 9

19 years ago
over to edburns

Updated

19 years ago
Whiteboard: [PDT+] 12/3 completion → [PDT+] 12/3 completion 12/6: Requested verification by reporter

Comment 10

19 years ago
edburns@acm.org: I need to get this verified today if possible. Can you take a
look and, if you agree that it is fixed, verify it so? Thanks
(Assignee)

Updated

19 years ago
Status: RESOLVED → VERIFIED
(Assignee)

Comment 11

19 years ago
This fix works.
You need to log in before you can comment on or make changes to this bug.