Closed Bug 41360 Opened 24 years ago Closed 24 years ago

crash bug using tmpfile() on mac -- MSL bug

Categories

(Core :: Graphics: ImageLib, defect, P3)

Product:
Core
Component:
Graphics: ImageLib
Platform:
PowerPC
Mac System 8.5
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: pnunn, Assigned: sfraser_bugs)

References

Details

(Keywords: crash)

Attachments

(2 files)

progressive huffman jpeg test file
129.41 KB, image/jpeg
Details
progressive huffman jpeg test file#2
140.39 KB, image/jpeg
Details 
I have a crash bug that only shows up on the mac when
2 progressive huffman jpg's are displayed one after the
other.

A nsStdLib function, tmpfile(), is used to store
data until header info is available. This code is in the IJG
jpeg library code. The function tmpfile() is implemented in
file_io.c. The crash occurs when a linked list is walked through
in find_temp_info() in file_io.mac.c.

When the second jpeg file is decoded, the next pointer in the
temp file linked list is garbage. It is dereferenced and the
browser, os and everything crashes.

To save time, a good breakpoint is in file_io.mac.c line 89.

thanks for the mac help.
-P

    
    

    
  


  

    
  
Blocks: 35316

    
    

    
  
I'm pretty sure this is an MSL bug. Even a very simple program:


#include <stdio.h>

void main(void)
{
  FILE *firstFile;
  firstFile = tmpfile();
  fclose(firstFile);
}

throws up errors in Spotlight in the fsclose call.

Status: NEW → ASSIGNED

    
    

    
  
This is certainly an MSL bug; a more recent MSL has the bug fixed. Here's the 
patch: at line 166 of file_io.mac.c, add the lines preceded by '+':

   info->next_struct = temp_info_anchor;        /* mm 981009 */
+  if (temp_info_anchor)
+    temp_info_anchor->prev_struct = info;
   temp_info_anchor  = info;                    /* mm 981009 */

Should we get everyone to apply this patch?

Summary: crash bug using tmpfile() on mac. Possibly a stdlib bug. → crash bug using tmpfile() on mac -- MSL bug

    
    

    
  
Adding crash to keyword field.
Keywords: crash

    
    

    
  
patch applied to file_io.mac.c on the Release Build Mac (bassman)


    
    

    
  
How will this patch be migrated into developers builds?
-P

    
    

    
  
I'll post and update the build instructions.


    
    

    
  
The files on the MacOS development server have been updated, and I posted to the 
newsgroup. And this bug should now be fixed in release builds.

Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED

    
    

    
  
pnunn (or anyone else), if this is in fact fixed, could you please verify it as 
such?

Otherwise, I can rubber-stamp it without inspection. Thanks!


    
    

    
  
I declare this as VERIFIED.
tah-dah!
Status: RESOLVED → VERIFIED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: