Closed
Bug 42208
Opened 24 years ago
Closed 24 years ago
Insert/HTML Source <img src=internal-attachment-icon> crashes
Categories
(Core :: DOM: Editor, defect, P3)
Tracking
()
VERIFIED
WORKSFORME
M17
People
(Reporter: neil, Assigned: pnunn)
Details
(Keywords: crash)
From Bugzilla Helper: BuildID: 2000060820 Null pointer dereference in IMG3250.DLL when Insert/HTML Source is used to insert <img src=internal-attachment-icon> Reproducible: Always Steps to Reproduce: 1. Edit a page, or open a new blank page to edit. 2. Insert/HTML Source 3. Type <img src=internal-attachment-icon> 4. Click OK. Actual Results: Access violation (null pointer) in IMG3250.DLL Expected Results: Some sort of indication that an image was inserted.
Comment 1•24 years ago
|
||
asigning to cmanske
Assignee: beppe → cmanske
Status: UNCONFIRMED → NEW
Ever confirmed: true
Target Milestone: --- → M17
Comment 3•24 years ago
|
||
Please explain why "internal-attachment-icon" is supposed to be valid value for the src attribute. Also, all attribute values are supposed to be quoted. Did you try <img src="internal-attachment-icon"> ? If there's any crash, it is in the image loading code.
Reporter | ||
Comment 4•24 years ago
|
||
I was idly inserting Netscape internal images to see how Mozilla would handle them. internal-attachment-icon is a valid image source in Netscape with or without quotes. If I open a page with <img src=internal-attachment-icon> it just displays nothing, it's the act of inserting the HTML which crashes Mozilla.
Comment 5•24 years ago
|
||
The image dialog won't even let me use "internal-attachment-icon" as the value in the "Image URL" textfield, since it validates agains ".gif, .jpeg, and .jpg, and .png" files extensions only. So I get an error message telling me this If you can reproduce this, please paste a stack of where it crashes, if you can.
Reporter | ||
Comment 6•24 years ago
|
||
Which is why I used Insert/HTML Source... MOZILLA caused an invalid page fault in module IMG3250.DLL at 0157:60ae4332. Registers: EAX=00000000 CS=0157 EIP=60ae4332 EFLGS=00010246 EBX=0c758d80 SS=015f ESP=0068b4e8 EBP=0068b510 ECX=0c758d50 DS=015f ESI=00000000 FS=1a1f EDX=0068b588 ES=015f EDI=0c758de0 GS=0000 Bytes at CS:EIP: 83 78 18 04 75 04 8b 40 58 c3 33 c0 c3 8b 44 24 Stack dump: 60a63efe 0c758d50 0c758da0 0c758d80 0068b534 60c67bca 0c63353c 60942859 0c758720 00000000 0068b538 60ae6a2d 0c758d50 00000010 0068b558 0c758de0 Microsoft Developer Studio Unhandled exception in mozilla.exe (IMG3250.DLL): 0xC0000005: Access Violation. Call Stack IMG3250! 60ae4332() IMG3250! 60ae6a2d() IMG3250! 60ae2fc0() IMG3250! 60ae38d6() GKGFXWIN! 60a64126() GKGFXWIN! 60a623a7() GKHTML! 601ca6f3() GKHTML! 601c1f2a() GKHTML! 601ef62d() GKHTML! 601ef8ca() GKHTML! 601e4475() GKHTML! 601e4500() GKHTML! 601e60a2() GKHTML! 601ecddb() GKHTML! 601ecc7a() GKHTML! 601ecb65() GKHTML! 601eca37() GKHTML! 601ebdf1() GKHTML! 601eb99c() GKHTML! 601eacee() GKHTML! 601f246f() GKHTML! 601ec6c6() GKHTML! 601ebbd9() GKHTML! 601eb99c() GKHTML! 601eacee() GKHTML! 601e0af0() GKHTML! 601cd1af() GKHTML! 6027b7e4() GKHTML! 6027b404() GKHTML! 6028f6a1() GKHTML! 6027536b() GKHTML! 60290c0a() GKHTML! 60290c45() GKHTML! 6026265c() GKHTML! 602905bb() GKHTML! 601e0af0() GKHTML! 6028f00e() GKHTML! 601e3fad() GKHTML! 601dce70() GKHTML! 601dc198() GKHTML! 601dad32() EDITOR! 60131c1c() EDITOR! 6014da98() EDITOR! 601223f6() EDITOR! 60146812() EDITOR! 6015b3d5() XPCOM! 60cfdc69() XPC3250! 609ed848() XPC3250! 609ee029() JS3250! 60b24f0a() JS3250! 60b293bc() JS3250! 60b24f4a() JS3250! 60b25148() JS3250! 60b13c96() JSDOM! 60b6de09() JSDOM! 60b81706() GKHTML! 60284498() GKHTML! 60284c8a() RDF! 60712dba() GKHTML! 601dcb72() GKHTML! 601dcae6() GKHTML! 6028837e() GKHTML! 602876f9() GKHTML! 601dcbff() GKHTML! 601dca98() GKVIEW! 60361c4e() GKVIEW! 60369c86() GKVIEW! 603625d3() GKWIDGET! 60ac5ccf() GKWIDGET! 60ac85ef() GKWIDGET! 60ac8925() GKWIDGET! 60ac612f() KERNEL32! bff735d9() KERNEL32! bff9222f() Disassembly 60AE431C 8B 4C 24 04 mov ecx,dword ptr [esp+4] 60AE4320 85 C9 test ecx,ecx 60AE4322 74 0C je 60AE4330 60AE4324 8B 01 mov eax,dword ptr [ecx] 60AE4326 85 C0 test eax,eax 60AE4328 74 06 je 60AE4330 60AE432A 83 78 18 20 cmp dword ptr [eax+18h],20h 60AE432E 74 08 je 60AE4338 60AE4330 8B 01 mov eax,dword ptr [ecx] 60AE4332 83 78 18 04 cmp dword ptr [eax+18h],4 60AE4336 75 04 jne 60AE433C 60AE4338 8B 40 58 mov eax,dword ptr [eax+58h] 60AE433B C3 ret
Reporter | ||
Comment 7•24 years ago
|
||
60AE433C 33 C0 xor eax,eax 60AE433E C3 ret
Comment 8•24 years ago
|
||
Sorry, I was being dense about where you set the src value. Pam: This is crashing because image_req->ic is null in IL_GetImagePixmap()
Assignee: cmanske → pnunn
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 10•24 years ago
|
||
The icon is no longer accessed by "internal-attachment-icon". Many internal icon names have changed. The icon you were trying to access is now attachment.gif. If you are concerned that you can't access the icon by that name, reopen this bug and assign it to ben@netscape.com. I'm not sure of the component, but I would start with 'skinability'. -p
Assignee | ||
Comment 11•24 years ago
|
||
reopening so I can reclose as wontfix. -p
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Assignee | ||
Comment 12•24 years ago
|
||
Closing as invalid as internal image names have changed. -p
Status: REOPENED → RESOLVED
Closed: 24 years ago → 24 years ago
Resolution: --- → WONTFIX
Reporter | ||
Comment 13•24 years ago
|
||
Reopening so that I can close as WORKSFORME
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
Reporter | ||
Comment 14•24 years ago
|
||
Mozilla no longer crashes, it just inserts a placeholder.
Status: REOPENED → RESOLVED
Closed: 24 years ago → 24 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•