Closed Bug 343192 Opened 19 years ago Closed 19 years ago

Crash with huge image - uncaught c++ exception from new (bad_alloc)

Categories

(Core :: Graphics, defect)

Product:
Core
Component:
Graphics
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: polidobj, Unassigned)

References

(
URL
)

Details

(Keywords: crash)

Attachments

(1 file)

avoid super large images
1.10 KB, patch
vlad
: review+
Details | Diff | Splinter Review
My cairo build crashes trying to view this huge image. Non-cairo does not display the image but doesn't crash. I found this out from a talkback I came across: http://talkback-public.mozilla.org/search/start.jsp?search=2&type=iid&id=19827038 When I crash I get less useful talkbacks: http://talkback-public.mozilla.org/search/start.jsp?search=2&type=iid&id=TB20422529W I can't tell much about this to know if there's already a bug that covers this. And I'm assuming this isn't a regression. I'm assuming this is a problem that hasn't been encountered yet. Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060629 Minefield/3.0a1 ID:2006062910 [cairo]
The more useful talkback: Stack Signature kernel32.dll + 0x1eb33 (0x7c81eb33) 3b8e5560 Product ID FirefoxTrunk Build ID 2006061205 Trigger Time 2006-06-13 08:29:58.0 Platform Win32 Operating System Windows NT 5.1 build 2600 Module kernel32.dll + (0001eb33) URL visited http://veimages.gsfc.nasa.gov/1438/nightearth.gif User Comments Since Last Crash 47631 sec Total Uptime 75322 sec Trigger Reason Microsoft C++ exception Source File, Line No. N/A Stack Trace kernel32.dll + 0x1eb33 (0x7c81eb33) MSVCR80.dll + 0x28dd3 (0x78158dd3) MSVCR80.dll + 0x30e59 (0x78160e59) gfxImageSurface::gfxImageSurface nsThebesImage::Init nsJPEGDecoder::WriteFrom imgRequest::OnDataAvailable g_TOKEN_Directories 0x0012fbd0
this is our general "we crash when new fails to alloc because we switched from new.h to new and from compilers that could return null [vc6..71] to vc8 which wants to throw unless you ask it very nicely"
Severity: normal → critical
Keywords: crash
Summary: Crash with huge image → Crash with huge image - uncaught c++ exception from new (bad_alloc)
Whiteboard: DUPEME
*** Bug 341322 has been marked as a duplicate of this bug. ***
this won't really fix it in all cases but will avoid the potential overflow. we have similar code in old gfx
Attachment #230017 - Flags: review?(vladimir)
Comment on attachment 230017 [details] [diff] [review] avoid super large images Do the > k64KLimit checks first before the multiply/divide checks
Attachment #230017 - Flags: review?(vladimir) → review+
checked in. i think we should mark this fixed and open another bug on the whole exceptions thing as that is more tree-wide.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
we've already got at least bug 324005 on the new exceptions, but I'm fairly sure we must have an older bug on it. At one point biesi replaced most of the 'new' calls in the GIF decoder with mallocs just to work around this problem (which didn't help anywhere else, of course).
Would TB26555683X be related to this or a similar issue?
Whiteboard: DUPEME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: