Closed Bug 42208 Opened 24 years ago Closed 24 years ago

Insert/HTML Source <img src=internal-attachment-icon> crashes

Categories

(Core :: DOM: Editor, defect, P3)

x86
Windows 95
defect

Tracking

()

VERIFIED WORKSFORME

People

(Reporter: neil, Assigned: pnunn)

Details

(Keywords: crash)

From Bugzilla Helper:
BuildID:    2000060820

Null pointer dereference in IMG3250.DLL when Insert/HTML Source is used to 
insert <img src=internal-attachment-icon>

Reproducible: Always
Steps to Reproduce:
1. Edit a page, or open a new blank page to edit.
2. Insert/HTML Source
3. Type <img src=internal-attachment-icon>
4. Click OK.

Actual Results:  Access violation (null pointer) in IMG3250.DLL

Expected Results:  Some sort of indication that an image was inserted.
asigning to cmanske
Assignee: beppe → cmanske
Status: UNCONFIRMED → NEW
Ever confirmed: true
Target Milestone: --- → M17
Adding crash keyword
Keywords: crash
Please explain why "internal-attachment-icon" is supposed to be valid 
value for the src attribute. Also, all attribute values are supposed to be 
quoted. Did you try
<img src="internal-attachment-icon"> ?
If there's any crash, it is in the image loading code.
I was idly inserting Netscape internal images to see how Mozilla would handle 
them. internal-attachment-icon is a valid image source in Netscape with or 
without quotes. If I open a page with <img src=internal-attachment-icon> it just 
displays nothing, it's the act of inserting the HTML which crashes Mozilla.
The image dialog won't even let me use "internal-attachment-icon" as the 
value in the "Image URL" textfield, since it validates agains ".gif, .jpeg, and 
.jpg, and .png" files extensions only. So I get an error message telling me this
If you can reproduce this, please paste a stack of where it crashes, if you can.
Which is why I used Insert/HTML Source...

MOZILLA caused an invalid page fault in module IMG3250.DLL at 0157:60ae4332.
Registers:
EAX=00000000 CS=0157 EIP=60ae4332 EFLGS=00010246
EBX=0c758d80 SS=015f ESP=0068b4e8 EBP=0068b510
ECX=0c758d50 DS=015f ESI=00000000 FS=1a1f
EDX=0068b588 ES=015f EDI=0c758de0 GS=0000
Bytes at CS:EIP:
83 78 18 04 75 04 8b 40 58 c3 33 c0 c3 8b 44 24 
Stack dump:
60a63efe 0c758d50 0c758da0 0c758d80 0068b534 60c67bca 0c63353c 60942859
0c758720 00000000 0068b538 60ae6a2d 0c758d50 00000010 0068b558 0c758de0

Microsoft Developer Studio
Unhandled exception in mozilla.exe (IMG3250.DLL): 0xC0000005: Access Violation.

Call Stack
IMG3250! 60ae4332()
IMG3250! 60ae6a2d()
IMG3250! 60ae2fc0()
IMG3250! 60ae38d6()
GKGFXWIN! 60a64126()
GKGFXWIN! 60a623a7()
GKHTML! 601ca6f3()
GKHTML! 601c1f2a()
GKHTML! 601ef62d()
GKHTML! 601ef8ca()
GKHTML! 601e4475()
GKHTML! 601e4500()
GKHTML! 601e60a2()
GKHTML! 601ecddb()
GKHTML! 601ecc7a()
GKHTML! 601ecb65()
GKHTML! 601eca37()
GKHTML! 601ebdf1()
GKHTML! 601eb99c()
GKHTML! 601eacee()
GKHTML! 601f246f()
GKHTML! 601ec6c6()
GKHTML! 601ebbd9()
GKHTML! 601eb99c()
GKHTML! 601eacee()
GKHTML! 601e0af0()
GKHTML! 601cd1af()
GKHTML! 6027b7e4()
GKHTML! 6027b404()
GKHTML! 6028f6a1()
GKHTML! 6027536b()
GKHTML! 60290c0a()
GKHTML! 60290c45()
GKHTML! 6026265c()
GKHTML! 602905bb()
GKHTML! 601e0af0()
GKHTML! 6028f00e()
GKHTML! 601e3fad()
GKHTML! 601dce70()
GKHTML! 601dc198()
GKHTML! 601dad32()
EDITOR! 60131c1c()
EDITOR! 6014da98()
EDITOR! 601223f6()
EDITOR! 60146812()
EDITOR! 6015b3d5()
XPCOM! 60cfdc69()
XPC3250! 609ed848()
XPC3250! 609ee029()
JS3250! 60b24f0a()
JS3250! 60b293bc()
JS3250! 60b24f4a()
JS3250! 60b25148()
JS3250! 60b13c96()
JSDOM! 60b6de09()
JSDOM! 60b81706()
GKHTML! 60284498()
GKHTML! 60284c8a()
RDF! 60712dba()
GKHTML! 601dcb72()
GKHTML! 601dcae6()
GKHTML! 6028837e()
GKHTML! 602876f9()
GKHTML! 601dcbff()
GKHTML! 601dca98()
GKVIEW! 60361c4e()
GKVIEW! 60369c86()
GKVIEW! 603625d3()
GKWIDGET! 60ac5ccf()
GKWIDGET! 60ac85ef()
GKWIDGET! 60ac8925()
GKWIDGET! 60ac612f()
KERNEL32! bff735d9()
KERNEL32! bff9222f()

Disassembly
60AE431C 8B 4C 24 04          mov         ecx,dword ptr [esp+4]
60AE4320 85 C9                test        ecx,ecx
60AE4322 74 0C                je          60AE4330
60AE4324 8B 01                mov         eax,dword ptr [ecx]
60AE4326 85 C0                test        eax,eax
60AE4328 74 06                je          60AE4330
60AE432A 83 78 18 20          cmp         dword ptr [eax+18h],20h
60AE432E 74 08                je          60AE4338
60AE4330 8B 01                mov         eax,dword ptr [ecx]
60AE4332 83 78 18 04          cmp         dword ptr [eax+18h],4
60AE4336 75 04                jne         60AE433C
60AE4338 8B 40 58             mov         eax,dword ptr [eax+58h]
60AE433B C3                   ret
60AE433C 33 C0                xor         eax,eax
60AE433E C3                   ret
Sorry, I was being dense about where you set the src value.
Pam: This is crashing because image_req->ic is null in IL_GetImagePixmap()
Assignee: cmanske → pnunn
I'll look into it.
-p
Status: NEW → ASSIGNED
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
The icon is no longer accessed by "internal-attachment-icon".
Many internal icon names have changed.
The icon you were trying to access is now attachment.gif.

If you are concerned that you can't access the icon by that name,
reopen this bug and assign it to ben@netscape.com. I'm not sure of
the component, but I would start with 'skinability'.

-p
reopening so I can reclose as wontfix.
-p
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Closing as invalid as internal image names have changed.
-p
Status: REOPENED → RESOLVED
Closed: 24 years ago24 years ago
Resolution: --- → WONTFIX
Reopening so that I can close as WORKSFORME
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
Mozilla no longer crashes, it just inserts a placeholder.
Status: REOPENED → RESOLVED
Closed: 24 years ago24 years ago
Resolution: --- → WORKSFORME
verified in 7/27 build.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.