port fix for mac large image crasher to 1.8 branch

VERIFIED FIXED

Status

()

Core
Graphics
P1
critical
VERIFIED FIXED
10 years ago
8 years ago

People

(Reporter: jtd, Assigned: jtd)

Tracking

({verified1.8.1.13})

1.8 Branch
PowerPC
Mac OS X
verified1.8.1.13
Points:
---
Bug Flags:
blocking1.8.1.12 -
blocking1.8.1.13 +
blocking1.8.0.next +
in-testsuite ?

Firefox Tracking Flags

(Not tracked)

Details

([sg:critical?] 1.8 branch)

Attachments

(1 attachment)

(Assignee)

Description

10 years ago
Images with heights larger than 32K cause a crash within Quartz drawing code on the Mac.  The bug has been reported to Apple but in the meantime we need to restrict our code to avoid loading images over 32K in height.  See bug 328258 for testcase and details.
(Assignee)

Updated

9 years ago
Flags: blocking1.8.1.12?
Priority: -- → P1
Ok, here's your blocking, where's our patch? :-)
Flags: blocking1.8.1.12? → blocking1.8.1.12+
(Assignee)

Comment 2

9 years ago
I'll investigate what's needed for a patch by the end of this week

Updated

9 years ago
Whiteboard: 1.8 branch
Whiteboard: 1.8 branch → [sg:critical?] 1.8 branch
John, any update here?
No work done here, pushing out to the next release.
Flags: blocking1.8.1.13+
Flags: blocking1.8.1.12-
Flags: blocking1.8.1.12+
Whiteboard: [sg:critical?] 1.8 branch → [sg:critical?][needs patch] 1.8 branch
(Assignee)

Comment 5

9 years ago
Steps to reproduce:

1. Download testcase-2 from bug xxx:

https://bugzilla.mozilla.org/attachment.cgi?id=213053

2. Open the file bug-328258.html

Result: crash in nsImageMac::Draw
(Assignee)

Comment 6

9 years ago
Created attachment 302990 [details] [diff] [review]
patch, simplified version of the fix for 328258

Wrap all calls to CGContextDrawImage with a width/height check.  Nothing fancy but it will prevent the crash situation.
Attachment #302990 - Flags: superreview?(vladimir)
Attachment #302990 - Flags: review?(vladimir)
Comment on attachment 302990 [details] [diff] [review]
patch, simplified version of the fix for 328258

Looks good to me!
Attachment #302990 - Flags: superreview?(vladimir)
Attachment #302990 - Flags: superreview+
Attachment #302990 - Flags: review?(vladimir)
Attachment #302990 - Flags: review+
(Assignee)

Comment 8

9 years ago
checked in
Status: ASSIGNED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED
(In reply to comment #8)
> checked in

Err... as stated on the tinderbox tree, "Bugs must have approval1.8.1.13+ from the 1.8.1.13 triage team".
Keywords: fixed1.8.1.13
Whiteboard: [sg:critical?][needs patch] 1.8 branch → [sg:critical?] 1.8 branch
Comment on attachment 302990 [details] [diff] [review]
patch, simplified version of the fix for 328258

Retroactively requesting approval for this patch. It's already been checked in.

http://bonsai.mozilla.org/cvsview2.cgi?diff_mode=context&whitespace_mode=show&subdir=mozilla/gfx/src/mac&command=DIFF_FRAMESET&file=nsImageMac.cpp&rev1=1.79.4.3&rev2=1.79.4.4&root=/cvsroot
Attachment #302990 - Flags: approval1.8.1.13?
(Assignee)

Comment 11

9 years ago
(In reply to comment #10)
> Retroactively requesting approval for this patch. It's already been checked in.

argh, sorry about that! had an itchy checkin finger...

Comment on attachment 302990 [details] [diff] [review]
patch, simplified version of the fix for 328258

approved for 1.8.1.13, a=dveditz for release-drivers
Attachment #302990 - Flags: approval1.8.1.13? → approval1.8.1.13+
Could we get an automated testcase for this and land it after the next 1.8 branch release, please?
Flags: in-testsuite?
Blocks: 328258
(Assignee)

Comment 14

9 years ago
Received a mail from Apple stating the underlying bug should be fixed in the next 10.5 release, no mention of a 10.4 fix:

Hi John,

This is a courtesy email regarding Bug ID# 5514949.  We believe this issue has been addressed in Mac OS X Client 10.5.2, build 9C31.  Please verify with this release, and update this report with your results.

Mac OS X Client 10.5.2, build 9C31:
http://www.apple.com/support/downloads/macosx1052comboupdate.html

Bug reports requiring your update will appear under ‘My Originated Problems’.  Please review this bug report and provide the requested information via the Apple Bug Reporter. Once your report has been updated, Engineering will be alerted of the new information.

<http://bugreport.apple.com>

Thank you for your assistance in helping us discover and isolate bugs within our products. 

Best Regards,

Stoney Gamble
Apple Developer Connection 
Worldwide Developer Relations
(Assignee)

Comment 15

9 years ago
Confirmed fixed in Mac OS X Client 10.5.2, build 9C31.
Verified fixed in 10.4.11 with Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.13) Gecko/2008031115 Firefox/2.0.0.13. I repro'd the crash with 2.0.0.12 on the same machine.
Status: RESOLVED → VERIFIED
Keywords: fixed1.8.1.13 → verified1.8.1.13
Hardware: PC → Macintosh

Updated

9 years ago
Flags: blocking1.8.0.15+

Comment 17

9 years ago
Comment on attachment 302990 [details] [diff] [review]
patch, simplified version of the fix for 328258

applies unmodified on 1.8.0
Attachment #302990 - Flags: approval1.8.0.15?
Group: security
Product: Core → Core Graveyard
(Assignee)

Updated

8 years ago
Component: GFX: Mac → GFX: Thebes
Product: Core Graveyard → Core
QA Contact: mac → thebes
You need to log in before you can comment on or make changes to this bug.