207553 - Crash occurs when loading BMP image with image resizing enabled

Status: RESOLVED FIXED

(Core :: Graphics: ImageLib, defect)

Description

[Chris Petersen]

Build: 2003-05-28-05 
Platform: OS X 
Expected Results: Image should load and scale in window
What I got: Application crashes

Steps to reproduce:

1) Launch browser and create a new profile. (Automatic image resizing will be
enabled by default)
2) After the browser window opens, paste this address into url field and press
return:
http://mozilla.org/quality/browser/front-end/testcases/imaging/images/Summer.bmp

3) Instead of loading and scaling this image, the application crashes

Comment 1

[Chris Petersen]

Attachment: Stack trace

Comment 2

[Christian :Biesinger (don't email me, ping me on IRC)]

per the stack trace, this is mac-specific GFX code. cc'ing some mac people.

Comment 3

[Chris Petersen]

Agreed. This appears to be a Mac only issue since I can't reproduce using the
2003-05-27-08 Win32 build under WinXP.

Comment 4

[Chris Casciano]

2003052307/OS X [trunk]... New profiles don't have image resizing on by default
(thank god)... however I failed to repro the crash with or without image
resizing... mulitple attempts include different window sizes and resizing the
window with a scaled image.

I'll grab a newer build in a bit and see if its a regression or just something
that WFM

Comment 5

[Chris Petersen]

Ok, it appears this feature isn't enabled by default. However, I can reproduce
this problem with the 2003-05-29-08 Macho trunk build.

Here are my steps:

1) Launch and create a new profile in Mozilla
2) After window opens, go to Mozilla - Preferences. Check on 'Resize large
images to fit in the browser window' under Appearance. Click OK.
3) Now, load the specified url in this report
4) As the image is loading and scaling, resize the window the larger and then
smaller.
5) These steps tend to reproduce the crash (for me)  after resizing this window
multiple times.

Comment 6

[Chris Casciano]

ok... with a bit more steing i am now able to reproduces this semi-regularly in
both 2003052307 and the 1.4rc1 builds. while i had no luck at all getting the
crash resizing the window using the drag handles in the bottom left to the
window during load i can get this crash consistantly if i hit shift-reload on
the image and then use the maximize button to resize the window.

Comment 7

[Samir Gehani]

adt: nsbeta1-

Comment 8

[Jim Dunn]

since I can only create this with automatic image resizing enabled,
I am cc'ing mstolz.  (I wonder if *people* are playing with the bits
at the same time???)

Comment 9

[Tom Graham]

This happens for me on :

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7b) Gecko/20040321
Firefox/0.8.0+

Brings up the download window rather than rendering the image in firofox.

Comment 10

[Bruce Davidson]

Okay, the URL original supplied seems to be serving hosed mime types so it isn't
recognised as a BMP image. Replaced with a google image search for various BMP.

Tried three different images from this search (including one 1912 x 3150 pixels
- 994k) and all scale correctly in the latest nightly (2004033005) on 10.3.2.
Can happily resize the window repeatedly so that images rescale. No problems.

Comment 11

[Alexander Sack]

a debian user reported a file that maybe trying to exploit this crash on windows:
see http://bugs.debian.org/248857 for more info on this issue. Maybe someone can
verify if this is truly an exploit.

Comment 12

[Christian :Biesinger (don't email me, ping me on IRC)]

alexander, you are probably seeing bug 243511. that one was not exploitable, afaik.

Comment 13

[Uri Bernstein]

Bug 275120 might be related to (or even a duplicate of) this one. People CC'ed
here might want to have a look.

Comment 14

[Wevah (Nate Weaver)]

This appears to be fixed by the Quartz image patch (Bug 245407). Confirm?

Comment 15

[Simon Fraser [no longer active]]

Yup.