Closed
Bug 41360
Opened 24 years ago
Closed 24 years ago
crash bug using tmpfile() on mac -- MSL bug
Categories
(Core :: Graphics: ImageLib, defect, P3)
Tracking
()
VERIFIED
FIXED
People
(Reporter: pnunn, Assigned: sfraser_bugs)
References
Details
(Keywords: crash)
Attachments
(2 files)
I have a crash bug that only shows up on the mac when 2 progressive huffman jpg's are displayed one after the other. A nsStdLib function, tmpfile(), is used to store data until header info is available. This code is in the IJG jpeg library code. The function tmpfile() is implemented in file_io.c. The crash occurs when a linked list is walked through in find_temp_info() in file_io.mac.c. When the second jpeg file is decoded, the next pointer in the temp file linked list is garbage. It is dereferenced and the browser, os and everything crashes. To save time, a good breakpoint is in file_io.mac.c line 89. thanks for the mac help. -P
Assignee | ||
Comment 3•24 years ago
|
||
I'm pretty sure this is an MSL bug. Even a very simple program: #include <stdio.h> void main(void) { FILE *firstFile; firstFile = tmpfile(); fclose(firstFile); } throws up errors in Spotlight in the fsclose call.
Status: NEW → ASSIGNED
Assignee | ||
Comment 4•24 years ago
|
||
This is certainly an MSL bug; a more recent MSL has the bug fixed. Here's the patch: at line 166 of file_io.mac.c, add the lines preceded by '+': info->next_struct = temp_info_anchor; /* mm 981009 */ + if (temp_info_anchor) + temp_info_anchor->prev_struct = info; temp_info_anchor = info; /* mm 981009 */ Should we get everyone to apply this patch?
Summary: crash bug using tmpfile() on mac. Possibly a stdlib bug. → crash bug using tmpfile() on mac -- MSL bug
Comment 6•24 years ago
|
||
patch applied to file_io.mac.c on the Release Build Mac (bassman)
Assignee | ||
Comment 8•24 years ago
|
||
I'll post and update the build instructions.
Assignee | ||
Comment 9•24 years ago
|
||
The files on the MacOS development server have been updated, and I posted to the newsgroup. And this bug should now be fixed in release builds.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Comment 10•24 years ago
|
||
pnunn (or anyone else), if this is in fact fixed, could you please verify it as such? Otherwise, I can rubber-stamp it without inspection. Thanks!
You need to log in
before you can comment on or make changes to this bug.
Description
•