CRASH caused by PNG image

VERIFIED DUPLICATE of bug 52275

Status

()

Core
ImageLib
P3
critical
VERIFIED DUPLICATE of bug 52275
17 years ago
17 years ago

People

(Reporter: Marco Bosch, Assigned: pnunn)

Tracking

Trunk
x86
Linux
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

17 years ago
Every time I ago to www.gnome.org/gnome-office, mozilla crashes.
This is caused by the png image banner.png. 
Saving this file to disk and than loading it directly into mozilla
also crashes it. On linux, the program xv has no problems with the
file. Even in the case the file contains illegal png data chunck,
mozilla still shoudn't crash of course.

Tested with mozilla linux nightly. BuildID 2000-09-17-21
(Reporter)

Comment 1

17 years ago
Created attachment 14992 [details]
PNG file that crashes Mozilla. Be carefull: might CRASH
(Reporter)

Comment 2

17 years ago
The above attachment doesn't directly crash Mozilla (phew...)
However, saving it to disk as attachment.png and than loading
it back does crash mozilla...

Comment 3

17 years ago
In build 2000091820 under Windows NT, saving the image to disk and loading
doesn't crash Mozilla.
Also visiting www.gnome.org/gnome-office doesn't crash Mozilla in Windows NT.
(Reporter)

Comment 4

17 years ago
Netscape 4.73, pngtopnm and Gimp all have absolutely no problem with this
image. So I guess the problem is unrelated to libpng. 
However, since I don't have a debug build, I cannot provide a backtrace.
(Reporter)

Comment 5

17 years ago
Mozilla M17 with Talkback (build ID 2000-08-07-12) also does NOT crash on
Linux. BTW I'm using RedHat 6.2. So it seems to be a relatively new feature...

Comment 6

17 years ago
I saw it same way as Marco describes it: no crash on first sight, crash when
loaded from disk. And here's the stack trace:

#0  0x4100fc37 in nsImageGTK::DrawComposited (this=0x41ed0ac8, 
    aContext=@0x423430d8, aSurface=0x4231d858, aX=8, aY=8, aWidth=0, aHeight=0)
    at nsImageGTK.cpp:727
#1  0x4100ed38 in nsImageGTK::Draw (this=0x41ed0ac8, aContext=@0x423430d8, 
    aSurface=0x4231d858, aX=8, aY=8, aWidth=0, aHeight=0) at nsImageGTK.cpp:905
#2  0x41014f7a in nsRenderingContextGTK::DrawImage (this=0x423430d8, 
    aImage=0x41ed0ac8, aX=0, aY=0, aWidth=1, aHeight=1)
    at nsRenderingContextGTK.cpp:1498
#3  0x41014ee8 in nsRenderingContextGTK::DrawImage (this=0x423430d8, 
    aImage=0x41ed0ac8, aRect=@0xbfffe6b8) at nsRenderingContextGTK.cpp:1467
#4  0x415b3d86 in nsImageFrame::Paint (this=0x41ecf4ec, 
    aPresContext=0x4201aa00, aRenderingContext=@0x423430d8, 
    aDirtyRect=@0xbfffe708, aWhichLayer=eFramePaintLayer_Overlay)
    at nsImageFrame.cpp:647
#5  0x41590d57 in nsContainerFrame::PaintChild (this=0x41ecf4a0, 
    aPresContext=0x4201aa00, aRenderingContext=@0x423430d8, 
    aDirtyRect=@0xbfffe9d4, aFrame=0x41ecf4ec, 
    aWhichLayer=eFramePaintLayer_Overlay) at nsContainerFrame.cpp:209
#6  0x4158a5b4 in nsBlockFrame::PaintChildren (this=0x41ecf4a0, 
    aPresContext=0x4201aa00, aRenderingContext=@0x423430d8, 
    aDirtyRect=@0xbfffe9d4, aWhichLayer=eFramePaintLayer_Overlay)
    at nsBlockFrame.cpp:6397
#7  0x4158a2f0 in nsBlockFrame::Paint (this=0x41ecf4a0, 
    aPresContext=0x4201aa00, aRenderingContext=@0x423430d8, 
    aDirtyRect=@0xbfffe9d4, aWhichLayer=eFramePaintLayer_Overlay)
    at nsBlockFrame.cpp:6274
#8  0x41590d57 in nsContainerFrame::PaintChild (this=0x420f12e0, 
    aPresContext=0x4201aa00, aRenderingContext=@0x423430d8, 
    aDirtyRect=@0xbfffeca0, aFrame=0x41ecf4a0, 
    aWhichLayer=eFramePaintLayer_Overlay) at nsContainerFrame.cpp:209
#9  0x4158a5b4 in nsBlockFrame::PaintChildren (this=0x420f12e0, 
    aPresContext=0x4201aa00, aRenderingContext=@0x423430d8, 
    aDirtyRect=@0xbfffeca0, aWhichLayer=eFramePaintLayer_Overlay)
    at nsBlockFrame.cpp:6397
#10 0x4158a2f0 in nsBlockFrame::Paint (this=0x420f12e0, 
    aPresContext=0x4201aa00, aRenderingContext=@0x423430d8, 
    aDirtyRect=@0xbfffeca0, aWhichLayer=eFramePaintLayer_Overlay)
    at nsBlockFrame.cpp:6274
#11 0x41590d57 in nsContainerFrame::PaintChild (this=0x420f1294, 
    aPresContext=0x4201aa00, aRenderingContext=@0x423430d8, 
    aDirtyRect=@0xbfffef6c, aFrame=0x420f12e0, 
    aWhichLayer=eFramePaintLayer_Overlay) at nsContainerFrame.cpp:209
#12 0x4158a5b4 in nsBlockFrame::PaintChildren (this=0x420f1294, 
    aPresContext=0x4201aa00, aRenderingContext=@0x423430d8, 
    aDirtyRect=@0xbfffef6c, aWhichLayer=eFramePaintLayer_Overlay)
    at nsBlockFrame.cpp:6397
#13 0x4158a2f0 in nsBlockFrame::Paint (this=0x420f1294, 
    aPresContext=0x4201aa00, aRenderingContext=@0x423430d8, 
    aDirtyRect=@0xbfffef6c, aWhichLayer=eFramePaintLayer_Overlay)
    at nsBlockFrame.cpp:6274
#14 0x41590d57 in nsContainerFrame::PaintChild (this=0x420f03ac, 
    aPresContext=0x4201aa00, aRenderingContext=@0x423430d8, 
    aDirtyRect=@0xbffff160, aFrame=0x420f1294, 
    aWhichLayer=eFramePaintLayer_Overlay) at nsContainerFrame.cpp:209
#15 0x41590bf6 in nsContainerFrame::PaintChildren (this=0x420f03ac, 
    aPresContext=0x4201aa00, aRenderingContext=@0x423430d8, 
---Type <return> to continue, or q <return> to quit---
    aDirtyRect=@0xbffff160, aWhichLayer=eFramePaintLayer_Overlay)
    at nsContainerFrame.cpp:154
#16 0x415a9fa9 in nsHTMLContainerFrame::Paint (this=0x420f03ac, 
    aPresContext=0x4201aa00, aRenderingContext=@0x423430d8, 
    aDirtyRect=@0xbffff160, aWhichLayer=eFramePaintLayer_Overlay)
    at nsHTMLContainerFrame.cpp:105
#17 0x415d5daa in PresShell::Paint (this=0x420f1d78, aView=0x41ecdce8, 
    aRenderingContext=@0x423430d8, aDirtyRect=@0xbffff160)
    at nsPresShell.cpp:3977
#18 0x41be240c in nsView::Paint (this=0x41ecdce8, rc=@0x423430d8, 
    rect=@0xbffff160, aPaintFlags=128, aResult=@0xbffff178) at nsView.cpp:282
#19 0x41bebad8 in nsViewManager2::RenderDisplayListElement (this=0x420d9dc8, 
    element=0x420d68e0, aRC=@0x423430d8) at nsViewManager2.cpp:847
#20 0x41beb87e in nsViewManager2::RenderViews (this=0x420d9dc8, 
    aRootView=0x41ecd588, aRC=@0x423430d8, aRect=@0xbffff26c, 
    aResult=@0xbffff284) at nsViewManager2.cpp:793
#21 0x41beb3da in nsViewManager2::Refresh (this=0x420d9dc8, aView=0x41ecd588, 
    aContext=0x423430d8, rect=0xbffff304, aUpdateFlags=1)
    at nsViewManager2.cpp:674
#22 0x41bece7d in nsViewManager2::DispatchEvent (this=0x420d9dc8, 
    aEvent=0xbffff428, aStatus=0xbffff348) at nsViewManager2.cpp:1338
#23 0x41be1cd4 in HandleEvent (aEvent=0xbffff428) at nsView.cpp:67
#24 0x40c53798 in nsWidget::DispatchEvent (this=0x41ecd618, aEvent=0xbffff428, 
    aStatus=@0xbffff3e4) at nsWidget.cpp:1475
#25 0x40c533dc in nsWidget::DispatchWindowEvent (this=0x41ecd618, 
    event=0xbffff428) at nsWidget.cpp:1366
#26 0x40c59940 in nsWindow::DoPaint (this=0x41ecd618, aX=8, aY=8, aWidth=1, 
    aHeight=1, aClipRegion=0x41ecd750) at nsWindow.cpp:701
#27 0x40c59bf9 in nsWindow::Update (this=0x41ecd618) at nsWindow.cpp:747
#28 0x40c59687 in nsWindow::UpdateIdle (data=0x0) at nsWindow.cpp:613
#29 0x40e17139 in g_idle_dispatch ()
    at ../../../dist/include/nsIPageSequenceFrame.h:112
#30 0x40e16186 in g_main_dispatch ()
    at ../../../dist/include/nsIPageSequenceFrame.h:112
#31 0x40e16751 in g_main_iterate ()
    at ../../../dist/include/nsIPageSequenceFrame.h:112
#32 0x40e168f1 in g_main_run ()
    at ../../../dist/include/nsIPageSequenceFrame.h:112
#33 0x40d3b5b9 in gtk_main ()
    at ../../../dist/include/nsIPageSequenceFrame.h:112
#34 0x40c401da in nsAppShell::Run (this=0x80ab028) at nsAppShell.cpp:335
#35 0x4069baa4 in nsAppShellService::Run (this=0x80da898)
    at nsAppShellService.cpp:378
#36 0x805554f in main1 (argc=2, argv=0xbffff8d4, nativeApp=0x0)
    at nsAppRunner.cpp:958
#37 0x8055c1e in main (argc=2, argv=0xbffff8d4) at nsAppRunner.cpp:1139

Comment 7

17 years ago

*** This bug has been marked as a duplicate of 52275 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → DUPLICATE

Comment 8

17 years ago
verified dupe
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.