Created attachment 332877 [details] testcase (XBM) Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:220.127.116.11) Gecko/20080702 Firefox/18.104.22.168 Loading this XBM file makes Firefox 2 draw some random pixels. They're different each time the image is reloaded, so it seems like Firefox might be displaying contents of uninitialized memory. In Firefox 3 and trunk, I just see white, but I don't know whether the bug was really fixed (or whether it was fixed intentionally). Billy Hoffman pointed this bug out during his talk at Black Hat today.
Vlad, can you find an owner for this?
It would be nice to plug this in the next FF2 update since it's public. probably a memset() is all it needs.
Presumably this was fixed on trunk by bug 376471?
Created attachment 334923 [details] [diff] [review] potential fix? I can't actually get 1.8.1 to build on my mac any more; this bug is OSX-only, right? This is likely to fix it if so; if someone has a 1.8.1 build they could try this out on, that'd be helpful.
Comment on attachment 334923 [details] [diff] [review] potential fix? Dan, can you test this patch?
Well, yes, I can test the mac-only patch, but this is not a mac-only bug.
Ah, I didn't realize it wasn't Mac-only -- I can test 1.8.1 on linux.
The patch didn't seem to work on the Mac. Did I not clobber enough?
Created attachment 335439 [details] [diff] [review] fix Looks like this buffer isn't being zero'd out if we happen to bail early. Do so.
Comment on attachment 335439 [details] [diff] [review] fix Tested on Mac and Windows, r=dveditz Approved for 22.214.171.124, a=dveditz for release-drivers.
Checking in nsXBMDecoder.cpp; /cvsroot/mozilla/modules/libpr0n/decoders/xbm/nsXBMDecoder.cpp,v <-- nsXBMDecoder.cpp new revision: 126.96.36.199; previous revision: 188.8.131.52 done This doesn't seem to be present on trunk (and indeed, the offending code is gone from trunk -- memory allocation happens in a different spot).
Verified for 184.108.40.206 with Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:220.127.116.11) Gecko/2008082910 Firefox/18.104.22.168.
Comment on attachment 335439 [details] [diff] [review] fix a=asac for 22.214.171.124