OOM crash [@ nsJPEGDecoder::WriteFrom, fill_input_buffer]

RESOLVED FIXED

Status

()

Core
ImageLib
--
critical
RESOLVED FIXED
13 years ago
11 years ago

People

(Reporter: Daniel de Wildt, Assigned: Andrew Schultz)

Tracking

({crash})

Trunk
crash
Points:
---
Bug Flags:
blocking1.9 +
in-testsuite -

Firefox Tracking Flags

(Not tracked)

Details

(crash signature, URL)

Attachments

(1 attachment, 1 obsolete attachment)

2.95 KB, patch
Stuart Parmenter
: review+
Details | Diff | Splinter Review
(Reporter)

Description

13 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

At three locations is memory (re)allocated, but the results are not checked for
out of memory.

Reproducible: Always

Steps to Reproduce:
(Reporter)

Updated

13 years ago
Keywords: crash
OS: Windows 2000 → All
Hardware: PC → All

Comment 1

13 years ago
it should be noted that doing:
198                   mBuffer = (JOCTET *)PR_Realloc(mBuffer, count);
is almost always wrong, because if realloc fails, not only do you have a null
mBuffer, but you've leaked the old mBuffer.
(Assignee)

Comment 2

12 years ago
Created attachment 184902 [details] [diff] [review]
patch

this fixes the OOMs and enables a working (if not ugly) version of the OOM
handler in fill_input_buffer.
Assignee: pavlov → ajschult
Status: NEW → ASSIGNED
(Assignee)

Updated

12 years ago
Attachment #184902 - Flags: review?(pavlov)

Updated

11 years ago
Flags: blocking1.9?
Does the patch still apply?
Flags: blocking1.9? → blocking1.9+
No, unfortunately, there is a hunk that doesn't apply anymore. Not sure how to fix that.
Andrew, are you perhaps able to update the patch?
(Assignee)

Comment 5

11 years ago
Created attachment 260803 [details] [diff] [review]
un-bitrotted patch
Attachment #184902 - Attachment is obsolete: true
Attachment #260803 - Flags: review?(vladimir)
Attachment #184902 - Flags: review?(pavlov)
Comment on attachment 260803 [details] [diff] [review]
un-bitrotted patch

Review -> stuart
Attachment #260803 - Flags: review?(vladimir) → review?(pavlov)

Updated

11 years ago
Attachment #260803 - Flags: review?(pavlov) → review+
(Assignee)

Updated

11 years ago
Attachment #260803 - Flags: superreview?(tor)

Updated

11 years ago
Attachment #260803 - Flags: superreview?(tor) → superreview+

Comment 7

11 years ago
This has all the reviews, so it can be checked in?
Whiteboard: [wanted-1.9][checkin needed]
I went ahead and checked this in (although I think that Andrew has checkin privs).

Checking in nsJPEGDecoder.cpp;
/cvsroot/mozilla/modules/libpr0n/decoders/jpeg/nsJPEGDecoder.cpp,v  <--  nsJPEGD
ecoder.cpp
new revision: 1.71; previous revision: 1.70
done
Status: ASSIGNED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
Whiteboard: [wanted-1.9][checkin needed]
Flags: in-testsuite-
Crash Signature: [@ nsJPEGDecoder::WriteFrom, fill_input_buffer]
You need to log in before you can comment on or make changes to this bug.