Closed
Bug 332704
Opened 19 years ago
Closed 19 years ago
divide by zero crash on intel mac with universal build when viewing SVG app
Categories
(Core Graveyard :: GFX: Mac, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: ahayes, Assigned: mark)
References
()
Details
(Keywords: crash, fixed1.8.1, verified1.8.0.4)
Attachments
(1 file, 2 obsolete files)
1.64 KB,
patch
|
jhpedemonte
:
review+
vlad
:
review+
mark
:
superreview+
mark
:
approval-branch-1.8.1+
dveditz
:
approval1.8.0.4+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/418 (KHTML, like Gecko) Safari/417.9.2 Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.0.2) Gecko/20060403 Firefox/1.5.0.2 Opening a complex SVG/HTML/JS page causes Deer Park to crash when running on an intel mac but not when running the same universal version of Deer Park on a powerPC mac. Both are running OS X 10.4.6. (the site is internal, I may be able to put a copy outside for a developer if the crash report isn't enough to go on) Reproducible: Always Steps to Reproduce: 1. Navigate to page Actual Results: Browser crash Expected Results: Render the content Date/Time: 2006-04-04 11:04:56.841 -0400 OS Version: 10.4.6 (Build 8I1119) Report Version: 4 Command: firefox-bin Path: /Applications/DeerPark.app/Contents/MacOS/firefox-bin Parent: WindowServer [84] Version: 1.5.0.2 (1.5.0.2) PID: 448 Thread: 0 Exception: EXC_ARITHMETIC (0x0003) Codes: EXC_I386_DIV (divide by zero) Thread 0 Crashed: 0 org.mozilla.firefox 0x000ec693 nsImageMac::LockImagePixels(int) + 749 1 org.mozilla.firefox 0x000ed7b1 gfxImageFrame::LockImageData() + 41 2 org.mozilla.firefox 0x00553e5a nsSVGImageFrame::ConvertFrame(gfxIImageFrame*) + 250 3 org.mozilla.firefox 0x00554405 nsSVGImageFrame::PaintSVG(nsISVGRendererCanvas*, nsRect const&) + 229 4 org.mozilla.firefox 0x00509e89 nsSVGGFrame::PaintSVG(nsISVGRendererCanvas*, nsRect const&) + 313 5 org.mozilla.firefox 0x00509e89 nsSVGGFrame::PaintSVG(nsISVGRendererCanvas*, nsRect const&) + 313 6 org.mozilla.firefox 0x00509e89 nsSVGGFrame::PaintSVG(nsISVGRendererCanvas*, nsRect const&) + 313 7 org.mozilla.firefox 0x00509e89 nsSVGGFrame::PaintSVG(nsISVGRendererCanvas*, nsRect const&) + 313 8 org.mozilla.firefox 0x00509e89 nsSVGGFrame::PaintSVG(nsISVGRendererCanvas*, nsRect const&) + 313 9 org.mozilla.firefox 0x00509e89 nsSVGGFrame::PaintSVG(nsISVGRendererCanvas*, nsRect const&) + 313 10 org.mozilla.firefox 0x00588b30 nsSVGOuterSVGFrame::Paint(nsPresContext*, nsIRenderingContext&, nsRect const&, nsFramePaintLayer, unsigned) + 360 11 org.mozilla.firefox 0x0047d50a nsContainerFrame::PaintChild(nsPresContext*, nsIRenderingContext&, nsRect const&, nsIFrame*, nsFramePaintLayer, unsigned) + 206 12 org.mozilla.firefox 0x0047d091 nsContainerFrame::PaintChildren(nsPresContext*, nsIRenderingContext&, nsRect const&, nsFramePaintLayer, unsigned) + 69 13 org.mozilla.firefox 0x004e0758 nsHTMLContainerFrame::Paint(nsPresContext*, nsIRenderingContext&, nsRect const&, nsFramePaintLayer, unsigned) + 68 14 org.mozilla.firefox 0x0052e794 CanvasFrame::Paint(nsPresContext*, nsIRenderingContext&, nsRect const&, nsFramePaintLayer, unsigned) + 130 15 org.mozilla.firefox 0x00111d99 PresShell::Paint(nsIView*, nsIRenderingContext&, nsRect const&) + 245 16 org.mozilla.firefox 0x0048c98d nsView::Paint(nsIRenderingContext&, nsRect const&, unsigned, int&) + 109 17 org.mozilla.firefox 0x001c35c8 nsViewManager::RenderDisplayListElement(DisplayListElement2*, nsIRenderingContext*) + 152 18 org.mozilla.firefox 0x001c7424 nsViewManager::RenderViews(nsView*, nsIRenderingContext&, nsRegion const&, nsIDrawingSurface*, nsVoidArray const&) + 524 19 org.mozilla.firefox 0x001c8a51 nsViewManager::Refresh(nsView*, nsIRenderingContext*, nsIRegion*, unsigned) + 1509 20 org.mozilla.firefox 0x001c9978 nsViewManager::DispatchEvent(nsGUIEvent*, nsEventStatus*) + 3018 21 org.mozilla.firefox 0x0048d53e nsIView::GetViewFor(nsIWidget*) + 78 22 org.mozilla.firefox 0x005f1e65 nsWindow::DispatchEvent(nsGUIEvent*, nsEventStatus&) + 87 23 org.mozilla.firefox 0x005f1efd nsWindow::DispatchWindowEvent(nsGUIEvent&, nsEventStatus&) + 35 24 org.mozilla.firefox 0x005f350d nsWindow::UpdateWidget(nsRect&, nsIRenderingContext*) + 377 25 org.mozilla.firefox 0x005f34f2 nsWindow::UpdateWidget(nsRect&, nsIRenderingContext*) + 350 26 org.mozilla.firefox 0x005f34f2 nsWindow::UpdateWidget(nsRect&, nsIRenderingContext*) + 350 27 org.mozilla.firefox 0x005f34f2 nsWindow::UpdateWidget(nsRect&, nsIRenderingContext*) + 350 28 org.mozilla.firefox 0x005f34f2 nsWindow::UpdateWidget(nsRect&, nsIRenderingContext*) + 350 29 org.mozilla.firefox 0x005f34f2 nsWindow::UpdateWidget(nsRect&, nsIRenderingContext*) + 350 30 org.mozilla.firefox 0x005f34f2 nsWindow::UpdateWidget(nsRect&, nsIRenderingContext*) + 350 31 org.mozilla.firefox 0x005f34f2 nsWindow::UpdateWidget(nsRect&, nsIRenderingContext*) + 350 32 org.mozilla.firefox 0x005f34f2 nsWindow::UpdateWidget(nsRect&, nsIRenderingContext*) + 350 33 org.mozilla.firefox 0x005f3926 nsWindow::PaintUpdateRectProc(unsigned short, OpaqueRgnHandle*, Rect const*, void*) + 200 34 org.mozilla.firefox 0x005f46c1 nsWindow::HandleUpdateEvent(OpaqueRgnHandle*) + 809 35 org.mozilla.firefox 0x005f427b nsWindow::Update() + 293 36 org.mozilla.firefox 0x002a4d99 nsMacWindow::WindowEventHandler(OpaqueEventHandlerCallRef*, OpaqueEventRef*, void*) + 445 37 com.apple.HIToolbox 0x92ef88e3 DispatchEventToHandlers(EventTargetRec*, OpaqueEventRef*, HandlerCallRec*) + 1093 38 com.apple.HIToolbox 0x92ef7f68 SendEventToEventTargetInternal(OpaqueEventRef*, OpaqueEventTargetRef*, HandlerCallRec*) + 304 39 com.apple.HIToolbox 0x92ef7e2d SendEventToEventTargetWithOptions + 55 40 com.apple.HIToolbox 0x92eff235 ToolboxEventDispatcherHandler(OpaqueEventHandlerCallRef*, OpaqueEventRef*, void*) + 357 41 com.apple.HIToolbox 0x92ef8c9a DispatchEventToHandlers(EventTargetRec*, OpaqueEventRef*, HandlerCallRec*) + 2044 42 com.apple.HIToolbox 0x92ef7f68 SendEventToEventTargetInternal(OpaqueEventRef*, OpaqueEventTargetRef*, HandlerCallRec*) + 304 43 com.apple.HIToolbox 0x92eff0c8 SendEventToEventTarget + 56 44 com.apple.HIToolbox 0x92f42d07 ToolboxEventDispatcher + 81 45 com.apple.HIToolbox 0x92fee258 GetOrPeekEvent + 338 46 com.apple.HIToolbox 0x92fee074 GetNextEventMatchingMask + 462 47 com.apple.HIToolbox 0x92fedd35 WNEInternal + 123 48 com.apple.HIToolbox 0x92fedca3 WaitNextEvent + 57 49 org.mozilla.firefox 0x005ea428 nsMacMessagePump::GetEvent(EventRecord&) + 82 50 org.mozilla.firefox 0x005eb18d nsMacMessagePump::DoMessagePump() + 45 51 org.mozilla.firefox 0x002a0c4c nsAppShell::Run() + 38 52 org.mozilla.firefox 0x0033a642 nsAppStartup::Run() + 50 53 org.mozilla.firefox 0x00006254 XRE_main + 5246 54 org.mozilla.firefox 0x000030f8 main + 32 55 org.mozilla.firefox 0x0000307e start + 270 56 org.mozilla.firefox 0x00002f99 start + 41 Thread 1: 0 libSystem.B.dylib 0x9001aa1c select + 12 1 libnspr4.dylib 0x00faf8e8 PR_Poll + 134 2 org.mozilla.firefox 0x003b2f01 nsSocketTransportService::Poll(unsigned*) + 85 3 org.mozilla.firefox 0x003b34e6 nsSocketTransportService::Run() + 480 4 libxpcom_core.dylib 0x00ef1add nsThread::Main(void*) + 41 5 libnspr4.dylib 0x00fb0f29 PR_Select + 813 6 libSystem.B.dylib 0x90024a27 _pthread_body + 84 Thread 2: 0 libSystem.B.dylib 0x90049207 semaphore_timedwait_signal_trap + 7 1 libnspr4.dylib 0x00fac5c0 PR_Lock + 246 2 libnspr4.dylib 0x00fac917 PR_WaitCondVar + 75 3 libxpcom_core.dylib 0x00ef3df0 TimerThread::Run() + 74 4 libxpcom_core.dylib 0x00ef1add nsThread::Main(void*) + 41 5 libnspr4.dylib 0x00fb0f29 PR_Select + 813 6 libSystem.B.dylib 0x90024a27 _pthread_body + 84 Thread 3: 0 libSystem.B.dylib 0x90049207 semaphore_timedwait_signal_trap + 7 1 libnspr4.dylib 0x00fac5c0 PR_Lock + 246 2 libnspr4.dylib 0x00fac917 PR_WaitCondVar + 75 3 org.mozilla.firefox 0x00377d21 nsIOThreadPool::ThreadFunc(void*) + 145 4 libnspr4.dylib 0x00fb0f29 PR_Select + 813 5 libSystem.B.dylib 0x90024a27 _pthread_body + 84 Thread 4: 0 libSystem.B.dylib 0x9002755c kevent + 12 1 ...ple.CoreServices.CarbonCore 0x90ca9c14 PrivateMPEntryPoint + 51 2 libSystem.B.dylib 0x90024a27 _pthread_body + 84 Thread 5: 0 libSystem.B.dylib 0x900250c7 semaphore_wait_signal_trap + 7 1 ...ple.CoreServices.CarbonCore 0x90ca9dba MPWaitOnQueue + 198 2 com.apple.DesktopServices 0x92645fc7 TNodeSyncTask::SyncTaskProc(void*) + 143 3 ...ple.CoreServices.CarbonCore 0x90ca9c14 PrivateMPEntryPoint + 51 4 libSystem.B.dylib 0x90024a27 _pthread_body + 84 Thread 6: 0 libSystem.B.dylib 0x90049207 semaphore_timedwait_signal_trap + 7 1 ...ple.CoreServices.CarbonCore 0x90ca9dba MPWaitOnQueue + 198 2 com.apple.DesktopServices 0x92668263 TPropertyTask::PropertyTaskProc(void*) + 101 3 ...ple.CoreServices.CarbonCore 0x90ca9c14 PrivateMPEntryPoint + 51 4 libSystem.B.dylib 0x90024a27 _pthread_body + 84 Thread 0 crashed with i386 Thread State: eax: 0x00000000 ebx: 0x17df9000 ecx:0x00000000 edx: 0x00000000 edi: 0x17c24000 esi: 0x00000000 ebp:0xbfffdef8 esp: 0xbfffde70 ss: 0x0000002f efl: 0x00010246 eip:0x000ec693 cs: 0x00000027 ds: 0x0000002f es: 0x0000002f fs:0x00000000 gs: 0x00000037 Binary Images Description: 0x1000 - 0x90ffff org.mozilla.firefox 1.5.0.2 /Applications/DeerPark.app/Contents/MacOS/firefox-bin 0xe13000 - 0xe97fff libmozjs.dylib /Applications/DeerPark.app/Contents/MacOS/libmozjs.dylib 0xeae000 - 0xeaefff libxpcom.dylib /Applications/DeerPark.app/Contents/MacOS/libxpcom.dylib 0xeb2000 - 0xf1ffff libxpcom_core.dylib /Applications/DeerPark.app/Contents/MacOS/libxpcom_core.dylib 0xf80000 - 0xf85fff libplds4.dylib /Applications/DeerPark.app/Contents/MacOS/libplds4.dylib 0xf8a000 - 0xf90fff libplc4.dylib /Applications/DeerPark.app/Contents/MacOS/libplc4.dylib 0xf96000 - 0xfbbfff libnspr4.dylib /Applications/DeerPark.app/Contents/MacOS/libnspr4.dylib 0xfcc000 - 0xfe5fff libsmime3.dylib /Applications/DeerPark.app/Contents/MacOS/libsmime3.dylib 0x1808000 - 0x1823fff libssl3.dylib /Applications/DeerPark.app/Contents/MacOS/libssl3.dylib 0x182b000 - 0x1880fff libnss3.dylib /Applications/DeerPark.app/Contents/MacOS/libnss3.dylib 0x189c000 - 0x18abfff libxpcom_compat.dylib /Applications/DeerPark.app/Contents/MacOS/libxpcom_compat.dylib 0x1a05000 - 0x1a88fff libsoftokn3.dylib /Applications/DeerPark.app/Contents/MacOS/libsoftokn3.dylib 0x1eec000 - 0x1eedfff com.apple.textencoding.unicode 2.1 /System/Library/TextEncodings/Unicode Encodings.bundle/Contents/MacOS/Unicode Encodings 0x15129000 - 0x15154fff libnssckbi.dylib /Applications/DeerPark.app/Contents/MacOS/libnssckbi.dylib 0x8fe00000 - 0x8fe4bfff dyld 44.17 /usr/lib/dyld 0x90000000 - 0x9016efff libSystem.B.dylib /usr/lib/libSystem.B.dylib 0x901be000 - 0x901c0fff libmathCommon.A.dylib /usr/lib/system/libmathCommon.A.dylib 0x901c2000 - 0x901fefff com.apple.CoreText 1.1.0 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText 0x90225000 - 0x902fafff ATS /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS 0x9031a000 - 0x9076afff com.apple.CoreGraphics 1.258.27 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics 0x90801000 - 0x908c9fff com.apple.CoreFoundation 6.4.5 (368.26) /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x90907000 - 0x90907fff com.apple.CoreServices 10.4 (???) /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices 0x90909000 - 0x909fcfff libicucore.A.dylib /usr/lib/libicucore.A.dylib 0x90a4c000 - 0x90acbfff libobjc.A.dylib /usr/lib/libobjc.A.dylib 0x90af4000 - 0x90b57fff libstdc++.6.dylib /usr/lib/libstdc++.6.dylib 0x90bc6000 - 0x90bcdfff libgcc_s.1.dylib /usr/lib/libgcc_s.1.dylib 0x90bd2000 - 0x90c42fff com.apple.framework.IOKit 1.4.2 (???) /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 0x90c57000 - 0x90c69fff libauto.dylib /usr/lib/libauto.dylib 0x90c6f000 - 0x90f14fff com.apple.CoreServices.CarbonCore 682.10 (679) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore 0x90f57000 - 0x90fbffff com.apple.CoreServices.OSServices 4.1 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices 0x90ff7000 - 0x91035fff com.apple.CFNetwork 129.13 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork 0x91047000 - 0x91057fff com.apple.WebServices 1.1.3 (1.1.0) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/WebServicesCore.framework/Versions/A/WebServicesCore 0x91062000 - 0x910e0fff com.apple.SearchKit 1.0.5 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit 0x91115000 - 0x91133fff com.apple.Metadata 10.4.4 (121.36) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata 0x9113f000 - 0x9114dfff libz.1.dylib /usr/lib/libz.1.dylib 0x91150000 - 0x91303fff com.apple.security 4.2.1 (24989) /System/Library/Frameworks/Security.framework/Versions/A/Security 0x913f1000 - 0x913f9fff com.apple.DiskArbitration 2.1 /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration 0x91400000 - 0x91426fff com.apple.SystemConfiguration 1.8.5 /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration 0x91438000 - 0x9143ffff libbsm.dylib /usr/lib/libbsm.dylib 0x91443000 - 0x914bcfff com.apple.audio.CoreAudio 3.0.3 /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio 0x9150a000 - 0x9150afff com.apple.ApplicationServices 10.4 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices 0x9150c000 - 0x91537fff com.apple.AE 314 (313) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE 0x9154a000 - 0x9161efff com.apple.ColorSync 4.4.6 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync 0x91657000 - 0x916d4fff com.apple.print.framework.PrintCore 4.5 (177.10) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore 0x91701000 - 0x917abfff com.apple.QD 3.10.8 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD 0x917d1000 - 0x9181cfff com.apple.HIServices 1.5.2 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices 0x9183b000 - 0x91851fff com.apple.LangAnalysis 1.6.3 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis 0x9185d000 - 0x91877fff com.apple.FindByContent 1.5 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/FindByContent.framework/Versions/A/FindByContent 0x91881000 - 0x918befff com.apple.LaunchServices 176 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices 0x918d2000 - 0x918ddfff com.apple.speech.synthesis.framework 3.4 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis 0x918e4000 - 0x9191bfff com.apple.ImageIO.framework 1.4.6 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO 0x9192d000 - 0x919dffff libcrypto.0.9.7.dylib /usr/lib/libcrypto.0.9.7.dylib 0x91a25000 - 0x91a3bfff libcups.2.dylib /usr/lib/libcups.2.dylib 0x91a40000 - 0x91a5cfff libJPEG.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib 0x91a61000 - 0x91abffff libJP2.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJP2.dylib 0x91acf000 - 0x91ad3fff libGIF.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib 0x91ad5000 - 0x91b30fff libRaw.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRaw.dylib 0x91b34000 - 0x91b71fff libTIFF.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib 0x91b77000 - 0x91b91fff libPng.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib 0x91b96000 - 0x91b98fff libRadiance.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib 0x91b9a000 - 0x91b9afff com.apple.Accelerate 1.2.1 (Accelerate 1.2.1) /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate 0x91b9c000 - 0x91c22fff com.apple.vImage 2.3 /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage 0x91c29000 - 0x91c29fff com.apple.Accelerate.vecLib 3.2.1 (vecLib 3.2.1) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib 0x91c2b000 - 0x91c70fff libvMisc.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib 0x91c78000 - 0x91c9dfff libvDSP.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib 0x91ca4000 - 0x92227fff libBLAS.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib 0x92264000 - 0x92616fff libLAPACK.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib 0x92643000 - 0x926c7fff com.apple.DesktopServices 1.3.3 /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv 0x92703000 - 0x92935fff com.apple.Foundation 6.4.5 (567.26) /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation 0x92a41000 - 0x92b1ffff libxml2.2.dylib /usr/lib/libxml2.2.dylib 0x92b3c000 - 0x92c29fff libiconv.2.dylib /usr/lib/libiconv.2.dylib 0x92c39000 - 0x92c50fff libGL.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib 0x92c5b000 - 0x92cb2fff libGLU.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib 0x92cc6000 - 0x92cc6fff com.apple.Carbon 10.4 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon 0x92cc8000 - 0x92cd8fff com.apple.ImageCapture 3.0.3 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture 0x92ce6000 - 0x92ceefff com.apple.speech.recognition.framework 3.5 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition 0x92cf4000 - 0x92cf9fff com.apple.securityhi 2.0.1 (24742) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI 0x92cff000 - 0x92d90fff com.apple.ink.framework 101.2.1 (71) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink 0x92da4000 - 0x92da7fff com.apple.help 1.0.3 (32.1) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help 0x92daa000 - 0x92dc7fff com.apple.openscripting 1.2.5 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting 0x92dd7000 - 0x92dddfff com.apple.print.framework.Print 5.1 (192.3) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print 0x92de3000 - 0x92e46fff com.apple.htmlrendering 66.1 (1.1.3) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering 0x92e6a000 - 0x92eabfff com.apple.NavigationServices 3.4.4 (3.4.3) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices 0x92ed2000 - 0x92edffff com.apple.audio.SoundManager 3.9.1 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound 0x92ee6000 - 0x92eebfff com.apple.CommonPanels 1.2.3 (73) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels 0x92ef0000 - 0x931e2fff com.apple.HIToolbox 1.4.6 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox 0x932e7000 - 0x932f2fff com.apple.opengl 1.4.9 /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL 0x93361000 - 0x93361fff com.apple.Cocoa 6.4 (???) /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa 0x93363000 - 0x93a1cfff com.apple.AppKit 6.4.5 (824.35) /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit 0x93d9d000 - 0x93e17fff com.apple.CoreData 90 /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData 0x93e50000 - 0x93f10fff com.apple.audio.toolbox.AudioToolbox 1.4.2 /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox 0x93f4f000 - 0x93f4ffff com.apple.audio.units.AudioUnit 1.4.2 /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit 0x93f51000 - 0x940fffff com.apple.QuartzCore 1.4.7 /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore 0x9414d000 - 0x9418efff libsqlite3.0.dylib /usr/lib/libsqlite3.0.dylib 0x94196000 - 0x941cffff libGLImage.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib 0x9434a000 - 0x94359fff libCGATS.A.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib 0x94360000 - 0x9436bfff libCSync.A.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib 0x943b7000 - 0x943d1fff libRIP.A.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib 0x943d7000 - 0x94688fff com.apple.QuickTime 7.0.4 /System/Library/Frameworks/QuickTime.framework/Versions/A/QuickTime Model: MacBookPro1,1, BootROM MBP11.0044.B02, 2 processors, Intel Core Duo, 2 GHz, 1 GB Graphics: ATI Radeon X1600, ATY,RadeonX1600, PCIe, 256 MB Memory Module: DIMM1/BANK 1, 1 GB, DDR2 SDRAM, 667 MHz AirPort: spairport_wireless_card_type_airport_extreme (0x168C, 0x86), 0.1.17 Bluetooth: Version 1.7.3f4, 2 service, 0 devices, 1 incoming serial ports Network Service: AirPort, AirPort, en1 Serial ATA Device: FUJITSU MHV2100BH, 93.16 GB Parallel ATA Device: MATSHITADVD-R UJ-857 USB Device: Built-in iSight, Micron, Up to 480 Mb/sec, 500 mA USB Device: Apple Internal Keyboard / Trackpad, Apple Computer, Up to 12 Mb/sec, 500 mA USB Device: Macally Optical iceJr, Macally Peripherals, Up to 1.5 Mb/sec, 500 mA USB Device: Bluetooth HCI, Up to 12 Mb/sec, 500 mA USB Device: IR Receiver, Apple Computer, Inc., Up to 12 Mb/sec, 500 mA
Reporter | ||
Comment 1•19 years ago
|
||
Just some additional info, the version of DeerPark I'm using is the one listed on the Mac:Intel page of the wiki and obtained here: http://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/maya-Test-1.8.0-Uni/firefox-1.5.0.2.en-US.mac.dmg I'm not sure if this bug should be filed under the 1.8 branch or not. Sorry.
Comment 2•19 years ago
|
||
Could you put a copy outside for me? I might to reduce it to a single testcase. But first I need to check if it also crashes on current trunk build.
Comment 3•19 years ago
|
||
Ok, I've tried on Firefox1.5.0.1 and current trunk build. Neither of them are crashing for me. I'm on windows. So I guess this is some sort of issue for Firefox under Intel Mac?
Reporter | ||
Comment 4•19 years ago
|
||
Thanks Martijn. We're working towards an open source release of the atlas framework we are developing but we're not there yet. Our developer is away for some time and I'm unable to reduce this to a simple test case, but I have put up an example of what works and what doesn't so people can reproduce this. http://devel0.gcrc.carleton.ca/~amoshayes/atlas/pages/ I remember reading elsewhere that something about PPC "handles" divide by zero whereas on intel it doesn't and that it was an issue when porting for universal mac binaries. Note that Firefox 1.5.0.1 does not crash on my content on Windows (or on PPC mac)... so I'm guessing it has something to do with some mac specific rendering code in there somewhere that is only now showing its divide by zero bugs thanks to the switch.
Comment 5•19 years ago
|
||
Adjusting Version, cc:ing some Mac folks, requesting a 1.8.0.3 block, confirming based on Phil's reproduction of this crash on another site.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: blocking1.8.0.3?
Version: Trunk → 1.8 Branch
Comment 6•19 years ago
|
||
Reproducer URL -- this will crash your Intel Mac: http://taschenorakel.de/mathias/tmp/evoappmnt-glossy.svg
Comment 7•19 years ago
|
||
At shaver's urging, I tried again with Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2 under Rosetta -- no crash. To recap our findings to date: - The crash does not occur with Universal binaries on PPC Macs - The crash does not occur with PPC binaries running under Rosetta on Intel Macs - The crash occurs with Universal binaries running on Intel Macs
Assignee | ||
Comment 8•19 years ago
|
||
Probably this: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/gfx/src/mac/nsImageMac.cpp&rev=1.79.4.1&mark=582-584#572 Those are the only potentially-evil divides in nsImageMac, unless widths and heights ever find themselves zero. I'll take a look at this later tonight when I'm home and in front of an x86 Mac.
Assignee | ||
Updated•19 years ago
|
Assignee | ||
Comment 9•19 years ago
|
||
This prevents the crash on x86 and makes it match the ppc behavior, but I don't think that the ppc behavior was right in the first place. Matching the ppc behavior is, of course, the safest approach. It seems to me like |alpha| and |255| are reversed here. As it stands now, the assignment overflows (for an 8-bit quantity) and gives useless results when |alpha| != 0 or 255. http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/gfx/src/mac/nsImageMac.cpp&rev=1.79.4.1&mark=582-584#572 Javier, you wrote the code in question (bug 283091), what do you think?
Assignee | ||
Comment 10•19 years ago
|
||
Attachment #217248 -
Flags: review?(jhpedemonte)
Assignee | ||
Updated•19 years ago
|
Attachment #217248 -
Attachment description: What I think it should doo → What I think it should do
Comment 11•19 years ago
|
||
Comment on attachment 217245 [details] [diff] [review] Match PPC behavior on x86 The point of this code is to go from a pre-multiplied value to the separate channels, so this first patch is correct. It should not overflow, since we are first casting to a 32-bit value before doing the operations.
Attachment #217245 -
Flags: review+
Updated•19 years ago
|
Attachment #217248 -
Flags: review?(jhpedemonte) → review-
Assignee | ||
Comment 12•19 years ago
|
||
Comment on attachment 217245 [details] [diff] [review] Match PPC behavior on x86 Oh, I didn't realize that the values were premultiplied, I thought that this was doing the inverse operation. Since they're premultiplied, there's no range problem (but there is a tiny bit of truncation).
Attachment #217245 -
Flags: superreview?(shaver)
Assignee | ||
Comment 13•19 years ago
|
||
(the truncation is a result of working with premultiplied values, and there's nothing we can do about it here. shouldn't matter by the time it hits the display anyway.)
Comment 14•19 years ago
|
||
Crash, important for UB. a=timr for drivers.
Flags: blocking1.8.0.3? → blocking1.8.0.3+
Comment 15•19 years ago
|
||
Do we protect against width and height being zero? It'd be good for an SVG person to weigh in on that.
Comment 16•19 years ago
|
||
Comment on attachment 217245 [details] [diff] [review] Match PPC behavior on x86 sr=shaver, requesting approval
Attachment #217245 -
Flags: superreview?(shaver)
Attachment #217245 -
Flags: superreview+
Attachment #217245 -
Flags: approval1.8.0.3?
Comment 17•19 years ago
|
||
I don't think so: http://lxr.mozilla.org/seamonkey/source/layout/svg/base/src/nsSVGImageFrame.cpp#318 tor? Since SVG scales, and since width/height are floats (not ints), maybe we want to bail out of painting if width or height are less than 1 device pixel. Then again the image should probably be contributing to that one pixel.
Comment 18•19 years ago
|
||
Although maybe this line indicates there must be some sort of check: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/layout/svg/base/src/nsSVGImageFrame.cpp&rev=1.24&mark=413#413 I don't know this code.
Assignee | ||
Comment 19•19 years ago
|
||
Comment on attachment 217245 [details] [diff] [review] Match PPC behavior on x86 This patch is bad too, because it does not advance tmp. The |else| branch needs to do |tmp += 3|.
Attachment #217245 -
Attachment is obsolete: true
Attachment #217245 -
Flags: approval1.8.0.3?
Assignee | ||
Updated•19 years ago
|
Attachment #217248 -
Attachment is obsolete: true
Assignee | ||
Comment 20•19 years ago
|
||
Attachment #217426 -
Flags: review?(jhpedemonte)
Updated•19 years ago
|
Attachment #217426 -
Flags: review?(jhpedemonte) → review+
Assignee | ||
Updated•19 years ago
|
Attachment #217426 -
Flags: superreview?(shaver)
Assignee | ||
Updated•19 years ago
|
Attachment #217426 -
Flags: review?(vladimir)
Comment on attachment 217426 [details] [diff] [review] Include pointer adjustment r=me
Attachment #217426 -
Flags: review?(vladimir) → review+
Assignee | ||
Comment 22•19 years ago
|
||
Comment on attachment 217426 [details] [diff] [review] Include pointer adjustment shaver gave sr+ in an e-mail.
Attachment #217426 -
Flags: superreview?(shaver)
Attachment #217426 -
Flags: superreview+
Attachment #217426 -
Flags: approval1.8.0.3?
Attachment #217426 -
Flags: approval-branch-1.8.1+
Assignee | ||
Comment 23•19 years ago
|
||
Checked in on the trunk.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 24•19 years ago
|
||
*** Bug 333282 has been marked as a duplicate of this bug. ***
Assignee | ||
Comment 25•19 years ago
|
||
Not SVG-only, see duped bug 333282.
Comment 27•19 years ago
|
||
Comment on attachment 217426 [details] [diff] [review] Include pointer adjustment approved for 1.8.0 branch, a=dveditz for drivers
Attachment #217426 -
Flags: approval1.8.0.3? → approval1.8.0.3+
Comment 29•19 years ago
|
||
verified on the Intel Mac using a UB build on the 1.5.0.x branch using Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.0.4) Gecko/20060504 Firefox/1.5.0.4. I do not crash using the URL specified in Comment 6. I did note that the graphic does look different in the UB build then it does running a PPC build (not under Rosetta)
Keywords: fixed1.8.0.4 → verified1.8.0.4
Assignee | ||
Comment 30•19 years ago
|
||
Marcia, is it different in a bad or broken way? (I'm not in front of an x86 Mac now and can't check.)
Comment 31•19 years ago
|
||
*** Bug 338775 has been marked as a duplicate of this bug. ***
Updated•16 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•