Closed Bug 222293 Opened 22 years ago Closed 22 years ago

browser crashes rendering this animated gif

Categories

(Core :: Graphics: ImageLib, defect)

Product:
Core
Component:
Graphics: ImageLib
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: ryan, Assigned: tor)

References

(
URL
)

Details

(Keywords: crash, fixed1.4.2, qawanted)

Attachments

(1 file)

fix overlay overlap check
604 bytes, patch
paper
: review+
blizzard
: superreview+
mkaply
: approval1.4.2+
asa
: approval1.6a+
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.4b) Gecko/20030516 Mozilla Firebird/0.6 Build Identifier: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.4b) Gecko/20030516 Mozilla Firebird/0.6 In mozilla for FreeBSD, this page hang mozilla as it renders. In mozilla for OSX, this page crashes mozilla when you interact with mozilla after it renders. In mozilla for Windows, this page crases mozilla when closing the page (I don't have a windows box, but a friend reported this...) Reproducible: Always Steps to Reproduce: 1. visit http://music.optimism.cc/ 2. wait for page to load 3. try to do anything with browser - it is now hung (or crashed) Actual Results: browser crashed :) Expected Results: not crash :) (I don't mean to be silly)
Works for me 20031012 PC/Win2000 The build you are testing on is 5 months old. Please reopen bug if you can reproduce this on a current build.
Severity: blocker → critical
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Keywords: crash
OS: All → Linux
Resolution: --- → WORKSFORME
I just downloaded firebird 0.7 for my mac and it still crashes. this time i was able to click to the next page before it died... Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.5) Gecko/20031007 Firebird/0.7
Status: RESOLVED → UNCONFIRMED
Resolution: WORKSFORME → ---
This crashed my browser too. The page loaded fine, but once I clicked a link Firebird was gone. Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007 Firebird/0.7 Same on Mozilla 1.4.1 Gecko/20031008 moving to Browser Adding keyword qawanted because more info on the cause of the crash is needed.
Assignee: blake → general
Status: UNCONFIRMED → NEW
Component: General → Browser-General
Ever confirmed: true
Keywords: qawanted
Product: Firebird → Browser
QA Contact: general
Version: unspecified → 1.0 Branch
I have refined the problem to rendering this particular image file http://music.optimism.cc/images/bg_copper4.gif It is a gif which seems to take quite a while to load. If I pull that up in firebird, it will wait perhaps 5 seconds after the image appears to display the dimensions. Then <30 seconds later (with out any interaction by me) firebird will crash :(
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.6a) Gecko/20031017 Loading http://music.optimism.cc/images/bg_copper4.gif crashes: Crash in MSVCRT.DLL 6.10.8637.0 Mozilla 1.6a 2003101704 SiS6326m.drv 4.11.01.1280 Stack Summary was showing: 3 calls to MSVCRT.DLL .text+ 0xc710, 0xbcf7, 0x26 5 calls JS3250.DLL .text+0x3e379, 0x390f2, 0x38fc6, 0x38c09, 0x3efb 6 calls to GKLAYOUT.DLL call to CHROME.DLL .text+0x563 filed a Talkback record, but Talkback seems to be unable to connect to http://talkback.mozilla.org/spiral-bin/Collector.dll
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.6a) Gecko/20031017 Loaded gif multiple times, crash after about 7 seconds. Did download it with Netscape4.8 :-) and Mozilla crashed, when I opened the local file. Irfanview is showing an animation. I assume this bug could be reduced to the gif, so I´m editing title and URL title was: browser crashes rendering this page URL was: http://music.optimism.cc/ gif properties as seen from irfanview: Compression: GIF - 54 images original size: 30x51 pixels current size: 1600x51 pixels colours: 256 (8 bit/pixel) Disk Size: 94558 bytes Memory Size: 82624 bytes Data from DocWatson: Last stack summary was showing ( loaded locally ) 1 call to MSVCRT.DLL .text + 0x1fa 2 calls to GKGFXWIN.DLL .text + 0xde73, 0x15fff 2 calls to IMGLIB2.DLL .text + 0x54d3, 0x513f 1 call to XPCOM.DLL .text + 0x2a0b3 1 call to APPSHELL.DLL .text + 0x6756 2 calls to MOZILLA.EXE .text + 0x9e7, 0x1f0f Kernel32!ApplicationStartup Summary before was showing same names, with different offsets. 1 call to MSVCRT.DLL .text + 0x1fa 2 calls to GKGFXWIN.DLL .text + 0xe291, 0x16179 2 calls to IMGLIB2.DLL .text + 0x4d4b, 0x49b7 1 call to XPCOM.DLL .text + 0x298da 1 call to APPSHELL.DLL .text + 0x70ee 2 calls to MOZILLA.EXE .text + 0xa02, 0x1f5c Kernel32!ApplicationStartup
Assignee: general → jdunn
URL: http://music.optimism.cchttp://music.optimism.cc/images/bg_co...
Component: Browser-General → ImageLib
OS: Linux → All
Summary: browser crashes rendering this page → browser crashes rendering this animated gif
tested with Mozilla 1.0.2, no crash, gif ok tested with Mozilla 1.3.1, crash Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.3.1) Gecko/20030425 Talkbacks sent to talkback5.netscape.com or something like that. TB24525786E loading the URL TB24525963Q loading the local copy Don´t know, if these Talkbacks from old 1.3.1 are of any use. Talkback in recent windows trunk builds can´t connect to talback.mozilla.org ...
Version: 1.0 Branch → Trunk
a stack isn't going to be particularly useful. this is memory corruption. valgrind says: Invalid memory access of size 1 imgContainerGIF::SetMaskVisibility (imgContainerGIF.cpp:920) imgContainerGIF::BuildCompositeMask (imgContainerGIF.cpp:712) imgContainerGIF::DoComposite (imgContainerGIF.cpp:656) imgContainerGIF::Notify (imgContainerGIF.cpp:434) nsTimerImpl::Fire (nsTimerImpl.cpp:385) Address 0x460C83FF is 3 bytes after a block of size 204 alloc'd malloc (vg_replace_malloc.c:153) operator new (in /usr/lib/libstdc++.so.5.0.5) __builtin_vec_new (nsAppRunner.cpp:160) operator new[] (vg_replace_malloc.c:210) nsImageGTK::Init (nsImageGTK.cpp:193) gfxImageFrame::Init (gfxImageFrame.cpp:122) imgContainerGIF::DoComposite (imgContainerGIF.cpp:562) imgContainerGIF::Notify (imgContainerGIF.cpp:434)
The gif in question has an overlay that it walks off the gif logical screen area. The test for this in SetMaskVisibility wanted it off in both x and y, but this image just walks horizontally.
Attachment #133960 - Flags: review?(paper)
Attachment #133960 - Flags: approval1.6a?
Attachment #133960 - Flags: approval1.4.2?
Taking bug.
Assignee: jdunn → tor
Flags: blocking1.6a?
Flags: blocking1.4.2?
Attachment #133960 - Flags: review?(paper) → review+
Attachment #133960 - Flags: superreview?(blizzard)
Attachment #133960 - Flags: superreview?(blizzard) → superreview+
Comment on attachment 133960 [details] [diff] [review] fix overlay overlap check a=asa (on behalf of drivers) for checkin to 1.6alpha
Attachment #133960 - Flags: approval1.6a? → approval1.6a+
Checked in on trunk.
Status: NEW → RESOLVED
Closed: 22 years ago22 years ago
Resolution: --- → FIXED
Flags: blocking1.6a?
Thanks, works for me now, tested on gif and on URL. Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.6a) Gecko/20031024
Comment on attachment 133960 [details] [diff] [review] fix overlay overlap check a=mkaply for 1.4.2
Attachment #133960 - Flags: approval1.4.2? → approval1.4.2+
Flags: blocking1.4.2? → blocking1.4.2+
Fixed on 1.4.x branch.
Keywords: fixed1.4.2
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: