Closed
Bug 332611
Opened 19 years ago
Closed 18 years ago
[FIX] Crash when viewing this xbm image
Categories
(Core :: Graphics, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: martijn.martijn, Assigned: MatsPalmgren_bugz)
References
()
Details
(Keywords: crash, regression, testcase)
Attachments
(1 file)
1.54 KB,
patch
|
pavlov
:
review+
pavlov
:
superreview+
|
Details | Diff | Splinter Review |
When visitting that image, I crash.
Talkback ID's: TB17121119W, TB17121340Y
Biesi says likely a regression from bug 331298.
Reporter | ||
Updated•19 years ago
|
Summary: http://www.hevanet.com/acorbin/xul/images/betty_boop.xbm → Crash when viewing thix xbm image
Comment 1•19 years ago
|
||
Yep :)
Regression range 1.9a1_2006032412 - 1.9a1_2006032421.
Updated•19 years ago
|
Summary: Crash when viewing thix xbm image → Crash when viewing this xbm image
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20060407 Firefox/3.0a1
Sort of happens on Linux too. I don't crash, and Talkback doesn't start, but Firefox hangs (with no CPU activity) and I get this in the terminal I started it from:
*** glibc detected *** malloc(): memory corruption: 0x09b79730 ***
OS: Windows XP → All
Comment 3•19 years ago
|
||
==13454== Invalid write of size 4
==13454== at 0x1F09BA8B: nsXBMDecoder::ProcessData(char const*, unsigned) (nsXBMDecoder.cpp:263)
==13454== by 0x1F09BD2A: nsXBMDecoder::ReadSegCb(nsIInputStream*, void*, char const*, unsigned, unsigned, unsigned*) (nsXBMDecoder.cpp:126)
[...]
which is:
263 *ar++ = (val << 24) | 0;
Hm... pavlov's code seems to expect that the image size is a multiple of 8 if I'm reading this right.
http://lxr.mozilla.org/seamonkey/source/modules/libpr0n/decoders/xbm/nsXBMDecoder.cpp#259
Reporter | ||
Updated•18 years ago
|
Flags: blocking1.9a1?
Updated•18 years ago
|
Keywords: helpwanted
Assignee | ||
Updated•18 years ago
|
Assignee: nobody → mats.palmgren
Summary: Crash when viewing this xbm image → [FIX] Crash when viewing this xbm image
Assignee | ||
Comment 4•18 years ago
|
||
Attachment #234778 -
Flags: superreview?(pavlov)
Attachment #234778 -
Flags: review?(pavlov)
Assignee | ||
Comment 5•18 years ago
|
||
*** Bug 349365 has been marked as a duplicate of this bug. ***
No longer depends on: 349365
Updated•18 years ago
|
Attachment #234778 -
Flags: superreview?(pavlov)
Attachment #234778 -
Flags: superreview+
Attachment #234778 -
Flags: review?(pavlov)
Attachment #234778 -
Flags: review+
Assignee | ||
Comment 6•18 years ago
|
||
Checked in to trunk at 2006-08-24 02:31 PDT.
-> FIXED
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Verified - Fixed.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060826 Minefield/3.0a1
Status: RESOLVED → VERIFIED
Updated•18 years ago
|
Keywords: helpwanted
Updated•18 years ago
|
Flags: blocking1.9a1?
You need to log in
before you can comment on or make changes to this bug.
Description
•