If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Insert/HTML Source <img src=internal-attachment-icon> crashes

VERIFIED WORKSFORME

Status

()

Core
Editor
P3
normal
VERIFIED WORKSFORME
18 years ago
16 years ago

People

(Reporter: neil@parkwaycc.co.uk, Assigned: pnunn)

Tracking

({crash})

Trunk
x86
Windows 95
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

18 years ago
From Bugzilla Helper:
BuildID:    2000060820

Null pointer dereference in IMG3250.DLL when Insert/HTML Source is used to 
insert <img src=internal-attachment-icon>

Reproducible: Always
Steps to Reproduce:
1. Edit a page, or open a new blank page to edit.
2. Insert/HTML Source
3. Type <img src=internal-attachment-icon>
4. Click OK.

Actual Results:  Access violation (null pointer) in IMG3250.DLL

Expected Results:  Some sort of indication that an image was inserted.

Comment 1

18 years ago
asigning to cmanske
Assignee: beppe → cmanske
Status: UNCONFIRMED → NEW
Ever confirmed: true
Target Milestone: --- → M17

Comment 2

18 years ago
Adding crash keyword
Keywords: crash

Comment 3

18 years ago
Please explain why "internal-attachment-icon" is supposed to be valid 
value for the src attribute. Also, all attribute values are supposed to be 
quoted. Did you try
<img src="internal-attachment-icon"> ?
If there's any crash, it is in the image loading code.
(Reporter)

Comment 4

18 years ago
I was idly inserting Netscape internal images to see how Mozilla would handle 
them. internal-attachment-icon is a valid image source in Netscape with or 
without quotes. If I open a page with <img src=internal-attachment-icon> it just 
displays nothing, it's the act of inserting the HTML which crashes Mozilla.

Comment 5

18 years ago
The image dialog won't even let me use "internal-attachment-icon" as the 
value in the "Image URL" textfield, since it validates agains ".gif, .jpeg, and 
.jpg, and .png" files extensions only. So I get an error message telling me this
If you can reproduce this, please paste a stack of where it crashes, if you can.
(Reporter)

Comment 6

18 years ago
Which is why I used Insert/HTML Source...

MOZILLA caused an invalid page fault in module IMG3250.DLL at 0157:60ae4332.
Registers:
EAX=00000000 CS=0157 EIP=60ae4332 EFLGS=00010246
EBX=0c758d80 SS=015f ESP=0068b4e8 EBP=0068b510
ECX=0c758d50 DS=015f ESI=00000000 FS=1a1f
EDX=0068b588 ES=015f EDI=0c758de0 GS=0000
Bytes at CS:EIP:
83 78 18 04 75 04 8b 40 58 c3 33 c0 c3 8b 44 24 
Stack dump:
60a63efe 0c758d50 0c758da0 0c758d80 0068b534 60c67bca 0c63353c 60942859
0c758720 00000000 0068b538 60ae6a2d 0c758d50 00000010 0068b558 0c758de0

Microsoft Developer Studio
Unhandled exception in mozilla.exe (IMG3250.DLL): 0xC0000005: Access Violation.

Call Stack
IMG3250! 60ae4332()
IMG3250! 60ae6a2d()
IMG3250! 60ae2fc0()
IMG3250! 60ae38d6()
GKGFXWIN! 60a64126()
GKGFXWIN! 60a623a7()
GKHTML! 601ca6f3()
GKHTML! 601c1f2a()
GKHTML! 601ef62d()
GKHTML! 601ef8ca()
GKHTML! 601e4475()
GKHTML! 601e4500()
GKHTML! 601e60a2()
GKHTML! 601ecddb()
GKHTML! 601ecc7a()
GKHTML! 601ecb65()
GKHTML! 601eca37()
GKHTML! 601ebdf1()
GKHTML! 601eb99c()
GKHTML! 601eacee()
GKHTML! 601f246f()
GKHTML! 601ec6c6()
GKHTML! 601ebbd9()
GKHTML! 601eb99c()
GKHTML! 601eacee()
GKHTML! 601e0af0()
GKHTML! 601cd1af()
GKHTML! 6027b7e4()
GKHTML! 6027b404()
GKHTML! 6028f6a1()
GKHTML! 6027536b()
GKHTML! 60290c0a()
GKHTML! 60290c45()
GKHTML! 6026265c()
GKHTML! 602905bb()
GKHTML! 601e0af0()
GKHTML! 6028f00e()
GKHTML! 601e3fad()
GKHTML! 601dce70()
GKHTML! 601dc198()
GKHTML! 601dad32()
EDITOR! 60131c1c()
EDITOR! 6014da98()
EDITOR! 601223f6()
EDITOR! 60146812()
EDITOR! 6015b3d5()
XPCOM! 60cfdc69()
XPC3250! 609ed848()
XPC3250! 609ee029()
JS3250! 60b24f0a()
JS3250! 60b293bc()
JS3250! 60b24f4a()
JS3250! 60b25148()
JS3250! 60b13c96()
JSDOM! 60b6de09()
JSDOM! 60b81706()
GKHTML! 60284498()
GKHTML! 60284c8a()
RDF! 60712dba()
GKHTML! 601dcb72()
GKHTML! 601dcae6()
GKHTML! 6028837e()
GKHTML! 602876f9()
GKHTML! 601dcbff()
GKHTML! 601dca98()
GKVIEW! 60361c4e()
GKVIEW! 60369c86()
GKVIEW! 603625d3()
GKWIDGET! 60ac5ccf()
GKWIDGET! 60ac85ef()
GKWIDGET! 60ac8925()
GKWIDGET! 60ac612f()
KERNEL32! bff735d9()
KERNEL32! bff9222f()

Disassembly
60AE431C 8B 4C 24 04          mov         ecx,dword ptr [esp+4]
60AE4320 85 C9                test        ecx,ecx
60AE4322 74 0C                je          60AE4330
60AE4324 8B 01                mov         eax,dword ptr [ecx]
60AE4326 85 C0                test        eax,eax
60AE4328 74 06                je          60AE4330
60AE432A 83 78 18 20          cmp         dword ptr [eax+18h],20h
60AE432E 74 08                je          60AE4338
60AE4330 8B 01                mov         eax,dword ptr [ecx]
60AE4332 83 78 18 04          cmp         dword ptr [eax+18h],4
60AE4336 75 04                jne         60AE433C
60AE4338 8B 40 58             mov         eax,dword ptr [eax+58h]
60AE433B C3                   ret
(Reporter)

Comment 7

18 years ago
60AE433C 33 C0                xor         eax,eax
60AE433E C3                   ret

Comment 8

18 years ago
Sorry, I was being dense about where you set the src value.
Pam: This is crashing because image_req->ic is null in IL_GetImagePixmap()
Assignee: cmanske → pnunn
(Assignee)

Comment 9

18 years ago
I'll look into it.
-p
Status: NEW → ASSIGNED
(Assignee)

Updated

17 years ago
Status: ASSIGNED → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → FIXED
(Assignee)

Comment 10

17 years ago
The icon is no longer accessed by "internal-attachment-icon".
Many internal icon names have changed.
The icon you were trying to access is now attachment.gif.

If you are concerned that you can't access the icon by that name,
reopen this bug and assign it to ben@netscape.com. I'm not sure of
the component, but I would start with 'skinability'.

-p
(Assignee)

Comment 11

17 years ago
reopening so I can reclose as wontfix.
-p
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
(Assignee)

Comment 12

17 years ago
Closing as invalid as internal image names have changed.
-p
Status: REOPENED → RESOLVED
Last Resolved: 17 years ago17 years ago
Resolution: --- → WONTFIX
(Reporter)

Comment 13

17 years ago
Reopening so that I can close as WORKSFORME
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
(Reporter)

Comment 14

17 years ago
Mozilla no longer crashes, it just inserts a placeholder.
Status: REOPENED → RESOLVED
Last Resolved: 17 years ago17 years ago
Resolution: --- → WORKSFORME

Comment 15

17 years ago
verified in 7/27 build.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.