Last Comment Bug 391028 - drawImage with broken PNG draws random memory
: drawImage with broken PNG draws random memory
Status: RESOLVED FIXED
[sg:low]
: fixed1.8.0.15, fixed1.8.1.11, verified1.8.1.10, verified1.8.1.12
Product: Core
Classification: Components
Component: Canvas: 2D (show other bugs)
: unspecified
: x86 All
: -- normal with 1 vote (vote)
: ---
Assigned To: Vladimir Vukicevic [:vlad] [:vladv]
:
: Milan Sreckovic [:milan]
Mentors:
Depends on: 405584
Blocks: 405690
  Show dependency treegraph
 
Reported: 2007-08-05 16:36 PDT by Philip Taylor
Modified: 2008-03-20 12:25 PDT (History)
14 users (show)
vladimir: blocking1.9+
dveditz: blocking1.8.1.10+
asac: blocking1.8.0.next+
jwalden+bmo: in‑testsuite?
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
test case (465 bytes, text/html)
2007-08-05 16:37 PDT, Philip Taylor
no flags Details
add a check for completed load status (912 bytes, patch)
2007-09-28 15:54 PDT, Vladimir Vukicevic [:vlad] [:vladv]
pavlov: review+
dveditz: approval1.8.1.10+
pavlov: approval1.9+
Details | Diff | Splinter Review
er. followup. (1.15 KB, patch)
2007-10-11 16:35 PDT, Vladimir Vukicevic [:vlad] [:vladv]
pavlov: review+
dveditz: approval1.8.1.11+
dveditz: approval1.8.1.12+
Details | Diff | Splinter Review
combined for 1.8.0 (1.14 KB, patch)
2008-03-04 08:29 PST, Alexander Sack
caillon: approval1.8.0.next+
Details | Diff | Splinter Review

Description User image Philip Taylor 2007-08-05 16:36:54 PDT
User-Agent:       Opera/9.22 (X11; Linux i686; U; en)
Build Identifier: 

With a broken PNG file (which causes "The image [...] cannot be displayed, because it contains errors." when opened in the browser normally), calling drawImage results in random stuff being drawn onto the canvas each time the page is reloaded.

Reproduced with:
    Mozilla/5.0 (Windows; U; Windows NT 5.2; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6
    Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5
    Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a8pre) Gecko/2007080504 Minefield/3.0a8pre

Couldn't reproduce in
    Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9a8pre) Gecko/2007080505 Minefield/3.0a8pre
(it only ever gave a black rectangle).

HTML 5 says at http://www.whatwg.org/specs/web-apps/current-work/#complete that img.complete should be false if the image wasn't valid, and http://www.whatwg.org/specs/web-apps/current-work/#drawimage says that should cause INVALID_STATE_ERR in drawImage.


Reproducible: Always
Comment 1 User image Philip Taylor 2007-08-05 16:37:59 PDT
Created attachment 275356 [details]
test case
Comment 2 User image Vladimir Vukicevic [:vlad] [:vladv] 2007-09-28 15:54:17 PDT
Created attachment 282781 [details] [diff] [review]
add a check for completed load status

This should fix it; something similar can go in on the branch.
Comment 3 User image Vladimir Vukicevic [:vlad] [:vladv] 2007-10-11 16:35:19 PDT
Created attachment 284556 [details] [diff] [review]
er. followup.

Wrong line in the previous patch, sigh.
Comment 4 User image Daniel Veditz [:dveditz] 2007-11-07 14:26:30 PST
Comment on attachment 282781 [details] [diff] [review]
add a check for completed load status

approved for 1.8.1.10, a=dveditz for release-drivers
Comment 5 User image Daniel Veditz [:dveditz] 2007-11-14 03:35:13 PST
Checked into 1.8 branch
Comment 6 User image Carsten Book [:Tomcat] 2007-11-15 13:35:37 PST
verified fixed 1.8.1.10 using Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.10) Gecko/2007111504 Firefox/2.0.0.10 and the testcase

- adding verified keyword

Comment 7 User image Arthur 2007-11-27 05:53:54 PST
Has this caused bug 405584?
Comment 8 User image Alexander Sack 2007-11-27 06:36:16 PST
(In reply to comment #7)
> Has this caused bug 405584?
> 

yes, the followup attachment 284556 [details] [diff] [review] wasn't checked in. 
Comment 9 User image :Gavin Sharp [email: gavin@gavinsharp.com] 2007-11-27 08:34:29 PST
This is still FIXED on the trunk. Bug 405584  tracks the branch regression.
Comment 10 User image Justin Wood (:Callek) 2007-11-27 16:15:07 PST
Comment on attachment 284556 [details] [diff] [review]
er. followup.

appears to have landed, though without approval. (Granted, I do feel its a safe and needed landing, but I wonder why it skipped approval)
Comment 11 User image Reed Loden [:reed] (use needinfo?) 2007-11-27 16:24:12 PST
(In reply to comment #10)
> (From update of attachment 284556 [details] [diff] [review])
> appears to have landed, though without approval. (Granted, I do feel its a safe
> and needed landing, but I wonder why it skipped approval)

The patch had a=release-drivers to land. The flag just wasn't marked as such on the patch. I'm sure dveditz or somebody will set the flag when they get to it, but it definitely had approval to land. :)
Comment 12 User image Daniel Veditz [:dveditz] 2007-11-28 15:25:35 PST
Sorry for the missing approvals, this one-bugfix release was mostly handled real-time on IRC. Nick had approvals to land on the _RELBRANCH and the mozilla 1.8 branch
Comment 13 User image Al Billings [:abillings] 2008-01-22 16:37:21 PST
Verified for 1.8.1.12 with Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.12pre) Gecko/2008012208 BonEcho/2.0.0.12pre.
Comment 14 User image Alexander Sack 2008-03-04 08:29:34 PST
Created attachment 307242 [details] [diff] [review]
combined for 1.8.0
Comment 15 User image Christopher Aillon (sabbatical, not receiving bugmail) 2008-03-11 07:19:49 PDT
Comment on attachment 307242 [details] [diff] [review]
combined for 1.8.0

a=caillon for 1.8.0.15
Comment 16 User image Christopher Aillon (sabbatical, not receiving bugmail) 2008-03-20 12:25:44 PDT
Attachment 307242 [details] [diff] committed to 1.8.0 branch

Note You need to log in before you can comment on or make changes to this bug.