Last Comment Bug 391028 - drawImage with broken PNG draws random memory
: drawImage with broken PNG draws random memory
Status: RESOLVED FIXED
[sg:low]
: fixed1.8.0.15, fixed1.8.1.11, verified1.8.1.10, verified1.8.1.12
Product: Core
Classification: Components
Component: Canvas: 2D (show other bugs)
: unspecified
: x86 All
: -- normal with 1 vote (vote)
: ---
Assigned To: Vladimir Vukicevic [:vlad] [:vladv]
:
Mentors:
Depends on: 405584
Blocks: 405690
  Show dependency treegraph
 
Reported: 2007-08-05 16:36 PDT by Philip Taylor
Modified: 2008-03-20 12:25 PDT (History)
14 users (show)
vladimir: blocking1.9+
dveditz: blocking1.8.1.10+
asac: blocking1.8.0.next+
jwalden+bmo: in‑testsuite?
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
test case (465 bytes, text/html)
2007-08-05 16:37 PDT, Philip Taylor
no flags Details
add a check for completed load status (912 bytes, patch)
2007-09-28 15:54 PDT, Vladimir Vukicevic [:vlad] [:vladv]
pavlov: review+
dveditz: approval1.8.1.10+
pavlov: approval1.9+
Details | Diff | Splinter Review
er. followup. (1.15 KB, patch)
2007-10-11 16:35 PDT, Vladimir Vukicevic [:vlad] [:vladv]
pavlov: review+
dveditz: approval1.8.1.11+
dveditz: approval1.8.1.12+
Details | Diff | Splinter Review
combined for 1.8.0 (1.14 KB, patch)
2008-03-04 08:29 PST, Alexander Sack
caillon: approval1.8.0.next+
Details | Diff | Splinter Review

Description Philip Taylor 2007-08-05 16:36:54 PDT
User-Agent:       Opera/9.22 (X11; Linux i686; U; en)
Build Identifier: 

With a broken PNG file (which causes "The image [...] cannot be displayed, because it contains errors." when opened in the browser normally), calling drawImage results in random stuff being drawn onto the canvas each time the page is reloaded.

Reproduced with:
    Mozilla/5.0 (Windows; U; Windows NT 5.2; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6
    Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5
    Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a8pre) Gecko/2007080504 Minefield/3.0a8pre

Couldn't reproduce in
    Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9a8pre) Gecko/2007080505 Minefield/3.0a8pre
(it only ever gave a black rectangle).

HTML 5 says at http://www.whatwg.org/specs/web-apps/current-work/#complete that img.complete should be false if the image wasn't valid, and http://www.whatwg.org/specs/web-apps/current-work/#drawimage says that should cause INVALID_STATE_ERR in drawImage.


Reproducible: Always
Comment 1 Philip Taylor 2007-08-05 16:37:59 PDT
Created attachment 275356 [details]
test case
Comment 2 Vladimir Vukicevic [:vlad] [:vladv] 2007-09-28 15:54:17 PDT
Created attachment 282781 [details] [diff] [review]
add a check for completed load status

This should fix it; something similar can go in on the branch.
Comment 3 Vladimir Vukicevic [:vlad] [:vladv] 2007-10-11 16:35:19 PDT
Created attachment 284556 [details] [diff] [review]
er. followup.

Wrong line in the previous patch, sigh.
Comment 4 Daniel Veditz [:dveditz] 2007-11-07 14:26:30 PST
Comment on attachment 282781 [details] [diff] [review]
add a check for completed load status

approved for 1.8.1.10, a=dveditz for release-drivers
Comment 5 Daniel Veditz [:dveditz] 2007-11-14 03:35:13 PST
Checked into 1.8 branch
Comment 6 Carsten Book [:Tomcat] 2007-11-15 13:35:37 PST
verified fixed 1.8.1.10 using Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.10) Gecko/2007111504 Firefox/2.0.0.10 and the testcase

- adding verified keyword

Comment 7 Arthur 2007-11-27 05:53:54 PST
Has this caused bug 405584?
Comment 8 Alexander Sack 2007-11-27 06:36:16 PST
(In reply to comment #7)
> Has this caused bug 405584?
> 

yes, the followup attachment 284556 [details] [diff] [review] wasn't checked in. 
Comment 9 :Gavin Sharp [email: gavin@gavinsharp.com] 2007-11-27 08:34:29 PST
This is still FIXED on the trunk. Bug 405584  tracks the branch regression.
Comment 10 Justin Wood (:Callek) 2007-11-27 16:15:07 PST
Comment on attachment 284556 [details] [diff] [review]
er. followup.

appears to have landed, though without approval. (Granted, I do feel its a safe and needed landing, but I wonder why it skipped approval)
Comment 11 Reed Loden [:reed] (use needinfo?) 2007-11-27 16:24:12 PST
(In reply to comment #10)
> (From update of attachment 284556 [details] [diff] [review])
> appears to have landed, though without approval. (Granted, I do feel its a safe
> and needed landing, but I wonder why it skipped approval)

The patch had a=release-drivers to land. The flag just wasn't marked as such on the patch. I'm sure dveditz or somebody will set the flag when they get to it, but it definitely had approval to land. :)
Comment 12 Daniel Veditz [:dveditz] 2007-11-28 15:25:35 PST
Sorry for the missing approvals, this one-bugfix release was mostly handled real-time on IRC. Nick had approvals to land on the _RELBRANCH and the mozilla 1.8 branch
Comment 13 Al Billings [:abillings] 2008-01-22 16:37:21 PST
Verified for 1.8.1.12 with Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.12pre) Gecko/2008012208 BonEcho/2.0.0.12pre.
Comment 14 Alexander Sack 2008-03-04 08:29:34 PST
Created attachment 307242 [details] [diff] [review]
combined for 1.8.0
Comment 15 Christopher Aillon (sabbatical, not receiving bugmail) 2008-03-11 07:19:49 PDT
Comment on attachment 307242 [details] [diff] [review]
combined for 1.8.0

a=caillon for 1.8.0.15
Comment 16 Christopher Aillon (sabbatical, not receiving bugmail) 2008-03-20 12:25:44 PDT
Attachment 307242 [details] [diff] committed to 1.8.0 branch

Note You need to log in before you can comment on or make changes to this bug.