Closed
Bug 421715
Opened 16 years ago
Closed 16 years ago
canvas.2dcontext.putImageData(array[undefined]) causes a crash [@ JS_GetProperty]
Categories
(Core :: Graphics: Canvas2D, defect, P1)
Core
Graphics: Canvas2D
Tracking
()
RESOLVED
FIXED
mozilla1.9beta5
People
(Reporter: msucan, Assigned: Gavin)
References
()
Details
(Keywords: crash, testcase, verified1.8.1.15)
Crash Data
Attachments
(3 files)
486 bytes,
text/html
|
Details | |
974 bytes,
patch
|
vlad
:
review+
dveditz
:
approval1.8.1.15+
vlad
:
approval1.9+
|
Details | Diff | Splinter Review |
3.00 KB,
patch
|
vlad
:
review+
|
Details | Diff | Splinter Review |
User-Agent: Opera/9.26 (X11; Linux i686; U; fr) Build Identifier: 2008030804 Firefox 3 build 2008030804 crashes if you have a canvas 2dcontext to which you want to putImageData() from an undefined array element. The weird part is, it doesn't crash if array[1] or array[0] is used. However, Firefox crashes if array[2] is used. The crasher is reproducible in Firefox 2 as well. Available crash report: http://crash-stats.mozilla.com/report/index/ea8388b5-ed3b-11dc-be10-001a4bd43ef6 (the crash report includes a private URL, please don't make it public ;) ) Reproducible: Always Steps to Reproduce: 1. Load the provided URL 2. Click the paragraph. 3. Crash. Actual Results: Firefox crashes. Expected Results: Firefox should not crash.
Reporter | ||
Comment 1•16 years ago
|
||
Updated•16 years ago
|
Updated•16 years ago
|
Version: Trunk → unspecified
Comment 2•16 years ago
|
||
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5pre) Gecko/2008030806 Minefield/3.0b5pre ID:2008030806 Confirming, bp-8b72f9e8-ed3f-11dc-af24-001a4bd46e84 Signature JS_GetProperty UUID 8b72f9e8-ed3f-11dc-af24-001a4bd46e84 Time 2008-03-08 10:42:55-08:00 Uptime 0 Product Firefox Version 3.0b5pre Build ID 2008030806 OS Windows NT OS Version 5.1.2600 Service Pack 2 CPU x86 CPU Info AuthenticAMD family 6 model 8 stepping 1 Crash Reason EXCEPTION_ACCESS_VIOLATION Crash Address 0x0 Comments Frame Signature Source 0 JS_GetProperty mozilla/js/src/jsapi.c:3464 1 nsCanvasRenderingContext2D::PutImageData() mozilla/content/canvas/src/nsCanvasRenderingContext2D.cpp:2556 2 NS_InvokeByIndex_P mozilla/xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:101 3 XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) mozilla/js/src/xpconnect/src/xpcwrappednative.cpp:2369
Version: unspecified → Trunk
Updated•16 years ago
|
Flags: blocking-firefox3?
Product: Firefox → Core
QA Contact: general → general
Updated•16 years ago
|
Flags: blocking1.9?
Assignee | ||
Updated•16 years ago
|
Component: General → Layout: Canvas
QA Contact: general → layout.canvas
Assignee | ||
Comment 3•16 years ago
|
||
Assignee | ||
Updated•16 years ago
|
OS: Linux → All
Priority: -- → P1
Hardware: PC → All
Target Milestone: --- → mozilla1.9beta5
Assignee | ||
Comment 4•16 years ago
|
||
Attachment #308286 -
Flags: review?
Assignee | ||
Updated•16 years ago
|
Attachment #308286 -
Flags: review? → review?(vladimir)
Attachment #308275 -
Flags: review?(vladimir)
Attachment #308275 -
Flags: review+
Attachment #308275 -
Flags: approval1.9+
Attachment #308286 -
Flags: review?(vladimir) → review+
Assignee | ||
Updated•16 years ago
|
Keywords: checkin-needed
Assignee | ||
Comment 5•16 years ago
|
||
mozilla/content/canvas/crashtests/421715-1.html 1.1 mozilla/content/canvas/crashtests/crashtests.list 1.1 mozilla/content/canvas/src/nsCanvasRenderingContext2D.cpp 1.122 mozilla/testing/crashtest/crashtests.list 1.33
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Flags: in-testsuite+
Keywords: checkin-needed
Resolution: --- → FIXED
Assignee | ||
Comment 6•16 years ago
|
||
Comment on attachment 308275 [details] [diff] [review] throw for invalid objects Simple null check fix that's giving Phillip some trouble as he tests out canvas on the branch.
Attachment #308275 -
Flags: approval1.8.1.15?
Comment 7•16 years ago
|
||
Comment on attachment 308275 [details] [diff] [review] throw for invalid objects approved for 1.8.1.15, a=dveditz for release-drivers
Attachment #308275 -
Flags: approval1.8.1.15? → approval1.8.1.15+
Assignee | ||
Comment 8•16 years ago
|
||
Landed on the branch for Firefox 2.0.0.15. mozilla/content/canvas/src/nsCanvasRenderingContext2D.cpp 1.22.2.33
Flags: blocking1.9?
Keywords: fixed1.8.1.15
Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.15pre) Gecko/20080611 BonEcho/2.0.0.15pre Verified for branch. Crashed on 1.8.1.14 and didn't crash on latest Bon Echo using STR in comment 0.
Keywords: fixed1.8.1.15 → verified1.8.1.15
Updated•13 years ago
|
Crash Signature: [@ JS_GetProperty]
You need to log in
before you can comment on or make changes to this bug.
Description
•