Closed Bug 214191 Opened 21 years ago Closed 21 years ago

Crash when trying to print a certain page.

Categories

(Core :: Printing: Output, defect)

Product:
Core
Component:
Printing: Output
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: merolish, Assigned: tor)

References

(
URL
)

Details

(Keywords: crash, fixed1.4.1)

Attachments

(1 file, 1 obsolete file)

postscript and xprint fix
2.86 KB, patch
roland.mainz
: review+
bzbarsky
: superreview+
mkaply
: approval1.4.1+
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5b) Gecko/20030718
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5b) Gecko/20030718

Printing http://www.clorders.com/otterboxwatertight.htm
crashes Mozilla on several platforms and releases I've tried.

Reproducible: Always

Steps to Reproduce:
1. Go to the web page.
2. Control-P or File -> Print...
3. Click on the Print button.

Actual Results:  
Mozilla crashed.

Expected Results:  
Printed the page.
Keywords: stackwanted
#0  0x42d29186 in nsPostScriptObj::colorimage(nsIImage*, int, int, int, int) (
    this=0x897be90, aImage=0x88bb4e0, aX=4410, aY=410, aWidth=220, aHeight=220)
    at /home/bzbarsky/mozilla/xlib/mozilla/gfx/src/ps/nsPostScriptObj.cpp:2700
#1  0x42d1e432 in nsRenderingContextPS::DrawScaledImage(imgIContainer*, nsRect
const*, nsRect const*) (this=0x87fcca0, aImage=0x88b4570, aSrcRect=0xbfffaf30,
aDestRect=0xbfffaf20)
    at /home/bzbarsky/mozilla/xlib/mozilla/gfx/src/ps/nsRenderingContextPS.cpp:1327
#2  0x4126d618 in nsImageFrame::Paint(nsIPresContext*, nsIRenderingContext&,
nsRect const&, nsFramePaintLayer, unsigned) (this=0x89d28bc,
aPresContext=0x87ff8c0, 
    aRenderingContext=@0x87fcca0, aDirtyRect=@0xbfffb090, 
    aWhichLayer=eFramePaintLayer_Overlay, aFlags=0)
    at
/home/bzbarsky/mozilla/xlib/mozilla/layout/html/base/src/nsImageFrame.cpp:1352

(gdb) frame 0
#0  0x42d29186 in nsPostScriptObj::colorimage(nsIImage*, int, int, int, int) (
    this=0x897be90, aImage=0x88bb4e0, aX=4410, aY=410, aWidth=220, aHeight=220)
    at /home/bzbarsky/mozilla/xlib/mozilla/gfx/src/ps/nsPostScriptObj.cpp:2700
2700          fprintf(f, "%02x", (int) (0xff & *curline++));
(gdb) p curline
$41 = (PRUint8 *) 0xba0 <Address 0xba0 out of bounds>
(gdb) p theBits
$42 = (PRUint8 *) 0x0
(gdb) p *(class nsImageGTK*)aImage
$44 = {<nsIImage> = {<nsISupports> = {
      _vptr.nsISupports = 0x41ff6f08}, <No data fields>}, mRefCnt = {mValue = 2}, 
  _mOwningThread = {mThread = 0x80a9438}, static scaled6 = {3, 7, 11, 15, 19,
23, 27, 
    31, 35, 39, 43, 47, 51, 55, 59, 63, 67, 71, 75, 79, 83, 87, 91, 95, 99, 103,
107, 
    111, 115, 119, 123, 127, 131, 135, 139, 143, 147, 151, 155, 159, 163, 167,
171, 175, 
    179, 183, 187, 191, 195, 199, 203, 207, 211, 215, 219, 223, 227, 231, 235,
239, 243, 
    247, 251, 255}, static scaled5 = {7, 15, 23, 31, 39, 47, 55, 63, 71, 79, 87,
95, 
    103, 111, 119, 127, 135, 143, 151, 159, 167, 175, 183, 191, 199, 207, 215,
223, 231, 
    239, 247, 255}, mImageBits = 0x0, mImagePixmap = 0x0, mTrueAlphaBits = 0x0, 
  mAlphaBits = 0x0, mAlphaPixmap = 0x0, mAlphaXImage = 0x0, mWidth = 32, mHeight
= 32, 
  mRowBytes = 96, mSizeImage = 3072, mDecodedX1 = 2147483647, mDecodedY1 =
2147483647, 
  mDecodedX2 = 0, mDecodedY2 = 0, mUpdateRegion = {mRectCount = 0, mCurRect =
0x88bb52c, 
    mRectListHead = {<nsRectFast> = {<nsRect> = {x = 0, y = 0, width = 0, 
          height = 0}, <No data fields>}, prev = 0x88bb52c, next = 0x88bb52c}, 
    mBoundRect = {<nsRect> = {x = 0, y = 0, width = 0, height = 0}, <No data
fields>}}, 
  mAlphaRowBytes = 4, mTrueAlphaRowBytes = 0, mAlphaDepth = 1 '\001', 
  mTrueAlphaDepth = 0 '\0', mIsSpacer = 1 '\001', mPendingUpdate = 0 '\0', 
  mNumBytesPixel = 3 '\003', mFlags = 2 '\002', mDepth = 24 '\030', 
  mOptimized = 1 '\001'}

The problem is that nsImageGTK has mImageBits == 0 for this image.

The image in question is http://www.clorders.com/pics/emailbox5.gif -- a fully
transparent 32x32 gif.

Over to tor, per pav.  On the other hand, pav says that the caller in this case
should just skip painting if the bits are null.
Assignee: printing → tor
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: crash, stackwanted
Attachment #128736 - Flags: superreview?(bzbarsky)
Attachment #128736 - Flags: review?(tor)
Attachment #128736 - Attachment is obsolete: true

    
    

    
  
Comment on attachment 128737 [details] [diff] [review]
postscript and xprint fix

r=roland.mainz@informatik.med.uni-giessen.de

        Attachment #128737 -
        Flags: superreview?(bzbarsky)

        Attachment #128737 -
        Flags: review+

        Attachment #128736 -
        Flags: superreview?(bzbarsky)

        Attachment #128736 -
        Flags: review?(tor)

    
    

    
  
Comment on attachment 128737 [details] [diff] [review]
postscript and xprint fix

sr=bzbarsky

        Attachment #128737 -
        Flags: superreview?(bzbarsky) → superreview+

    
    

    
  
Checked in.

Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED

    
    

    
  
Requesting a= for 1.4.x-branch...

Simple, painless and likely riskless NULL-pointer check to avoid a crash.
Flags: blocking1.4.x?

    
  
Flags: blocking1.4.x?

    
  

        Attachment #128737 -
        Flags: approval1.4.x?

    
  

        Attachment #128737 -
        Flags: approval1.4.x? → approval1.4.x+

    
    

    
  
Checked in to 1.4 branch

    
  
Keywords: crash

    
  
Keywords: fixed1.4.1

    
  
Blocks: 224532

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: