Last Comment Bug 53175 - CRASH caused by PNG image
: CRASH caused by PNG image
Status: VERIFIED DUPLICATE of bug 52275
:
Product: Core
Classification: Components
Component: ImageLib (show other bugs)
: Trunk
: x86 Linux
: P3 critical (vote)
: ---
Assigned To: pnunn
: Paul Wyskoczka
: Milan Sreckovic [:milan]
Mentors:
http://www.gnome.org/gnome-office/
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2000-09-19 05:38 PDT by Marco Bosch
Modified: 2000-09-19 16:22 PDT (History)
2 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
PNG file that crashes Mozilla. Be carefull: might CRASH (58.11 KB, image/png)
2000-09-19 05:40 PDT, Marco Bosch
no flags Details

Description Marco Bosch 2000-09-19 05:38:05 PDT
Every time I ago to www.gnome.org/gnome-office, mozilla crashes.
This is caused by the png image banner.png. 
Saving this file to disk and than loading it directly into mozilla
also crashes it. On linux, the program xv has no problems with the
file. Even in the case the file contains illegal png data chunck,
mozilla still shoudn't crash of course.

Tested with mozilla linux nightly. BuildID 2000-09-17-21
Comment 1 Marco Bosch 2000-09-19 05:40:08 PDT
Created attachment 14992 [details]
PNG file that crashes Mozilla. Be carefull: might CRASH
Comment 2 Marco Bosch 2000-09-19 05:47:02 PDT
The above attachment doesn't directly crash Mozilla (phew...)
However, saving it to disk as attachment.png and than loading
it back does crash mozilla...
Comment 3 Conor Lennon 2000-09-19 05:51:05 PDT
In build 2000091820 under Windows NT, saving the image to disk and loading
doesn't crash Mozilla.
Also visiting www.gnome.org/gnome-office doesn't crash Mozilla in Windows NT.
Comment 4 Marco Bosch 2000-09-19 05:57:17 PDT
Netscape 4.73, pngtopnm and Gimp all have absolutely no problem with this
image. So I guess the problem is unrelated to libpng. 
However, since I don't have a debug build, I cannot provide a backtrace.
Comment 5 Marco Bosch 2000-09-19 06:19:25 PDT
Mozilla M17 with Talkback (build ID 2000-08-07-12) also does NOT crash on
Linux. BTW I'm using RedHat 6.2. So it seems to be a relatively new feature...
Comment 6 Andreas J. Koenig 2000-09-19 12:29:18 PDT
I saw it same way as Marco describes it: no crash on first sight, crash when
loaded from disk. And here's the stack trace:

#0  0x4100fc37 in nsImageGTK::DrawComposited (this=0x41ed0ac8, 
    aContext=@0x423430d8, aSurface=0x4231d858, aX=8, aY=8, aWidth=0, aHeight=0)
    at nsImageGTK.cpp:727
#1  0x4100ed38 in nsImageGTK::Draw (this=0x41ed0ac8, aContext=@0x423430d8, 
    aSurface=0x4231d858, aX=8, aY=8, aWidth=0, aHeight=0) at nsImageGTK.cpp:905
#2  0x41014f7a in nsRenderingContextGTK::DrawImage (this=0x423430d8, 
    aImage=0x41ed0ac8, aX=0, aY=0, aWidth=1, aHeight=1)
    at nsRenderingContextGTK.cpp:1498
#3  0x41014ee8 in nsRenderingContextGTK::DrawImage (this=0x423430d8, 
    aImage=0x41ed0ac8, aRect=@0xbfffe6b8) at nsRenderingContextGTK.cpp:1467
#4  0x415b3d86 in nsImageFrame::Paint (this=0x41ecf4ec, 
    aPresContext=0x4201aa00, aRenderingContext=@0x423430d8, 
    aDirtyRect=@0xbfffe708, aWhichLayer=eFramePaintLayer_Overlay)
    at nsImageFrame.cpp:647
#5  0x41590d57 in nsContainerFrame::PaintChild (this=0x41ecf4a0, 
    aPresContext=0x4201aa00, aRenderingContext=@0x423430d8, 
    aDirtyRect=@0xbfffe9d4, aFrame=0x41ecf4ec, 
    aWhichLayer=eFramePaintLayer_Overlay) at nsContainerFrame.cpp:209
#6  0x4158a5b4 in nsBlockFrame::PaintChildren (this=0x41ecf4a0, 
    aPresContext=0x4201aa00, aRenderingContext=@0x423430d8, 
    aDirtyRect=@0xbfffe9d4, aWhichLayer=eFramePaintLayer_Overlay)
    at nsBlockFrame.cpp:6397
#7  0x4158a2f0 in nsBlockFrame::Paint (this=0x41ecf4a0, 
    aPresContext=0x4201aa00, aRenderingContext=@0x423430d8, 
    aDirtyRect=@0xbfffe9d4, aWhichLayer=eFramePaintLayer_Overlay)
    at nsBlockFrame.cpp:6274
#8  0x41590d57 in nsContainerFrame::PaintChild (this=0x420f12e0, 
    aPresContext=0x4201aa00, aRenderingContext=@0x423430d8, 
    aDirtyRect=@0xbfffeca0, aFrame=0x41ecf4a0, 
    aWhichLayer=eFramePaintLayer_Overlay) at nsContainerFrame.cpp:209
#9  0x4158a5b4 in nsBlockFrame::PaintChildren (this=0x420f12e0, 
    aPresContext=0x4201aa00, aRenderingContext=@0x423430d8, 
    aDirtyRect=@0xbfffeca0, aWhichLayer=eFramePaintLayer_Overlay)
    at nsBlockFrame.cpp:6397
#10 0x4158a2f0 in nsBlockFrame::Paint (this=0x420f12e0, 
    aPresContext=0x4201aa00, aRenderingContext=@0x423430d8, 
    aDirtyRect=@0xbfffeca0, aWhichLayer=eFramePaintLayer_Overlay)
    at nsBlockFrame.cpp:6274
#11 0x41590d57 in nsContainerFrame::PaintChild (this=0x420f1294, 
    aPresContext=0x4201aa00, aRenderingContext=@0x423430d8, 
    aDirtyRect=@0xbfffef6c, aFrame=0x420f12e0, 
    aWhichLayer=eFramePaintLayer_Overlay) at nsContainerFrame.cpp:209
#12 0x4158a5b4 in nsBlockFrame::PaintChildren (this=0x420f1294, 
    aPresContext=0x4201aa00, aRenderingContext=@0x423430d8, 
    aDirtyRect=@0xbfffef6c, aWhichLayer=eFramePaintLayer_Overlay)
    at nsBlockFrame.cpp:6397
#13 0x4158a2f0 in nsBlockFrame::Paint (this=0x420f1294, 
    aPresContext=0x4201aa00, aRenderingContext=@0x423430d8, 
    aDirtyRect=@0xbfffef6c, aWhichLayer=eFramePaintLayer_Overlay)
    at nsBlockFrame.cpp:6274
#14 0x41590d57 in nsContainerFrame::PaintChild (this=0x420f03ac, 
    aPresContext=0x4201aa00, aRenderingContext=@0x423430d8, 
    aDirtyRect=@0xbffff160, aFrame=0x420f1294, 
    aWhichLayer=eFramePaintLayer_Overlay) at nsContainerFrame.cpp:209
#15 0x41590bf6 in nsContainerFrame::PaintChildren (this=0x420f03ac, 
    aPresContext=0x4201aa00, aRenderingContext=@0x423430d8, 
---Type <return> to continue, or q <return> to quit---
    aDirtyRect=@0xbffff160, aWhichLayer=eFramePaintLayer_Overlay)
    at nsContainerFrame.cpp:154
#16 0x415a9fa9 in nsHTMLContainerFrame::Paint (this=0x420f03ac, 
    aPresContext=0x4201aa00, aRenderingContext=@0x423430d8, 
    aDirtyRect=@0xbffff160, aWhichLayer=eFramePaintLayer_Overlay)
    at nsHTMLContainerFrame.cpp:105
#17 0x415d5daa in PresShell::Paint (this=0x420f1d78, aView=0x41ecdce8, 
    aRenderingContext=@0x423430d8, aDirtyRect=@0xbffff160)
    at nsPresShell.cpp:3977
#18 0x41be240c in nsView::Paint (this=0x41ecdce8, rc=@0x423430d8, 
    rect=@0xbffff160, aPaintFlags=128, aResult=@0xbffff178) at nsView.cpp:282
#19 0x41bebad8 in nsViewManager2::RenderDisplayListElement (this=0x420d9dc8, 
    element=0x420d68e0, aRC=@0x423430d8) at nsViewManager2.cpp:847
#20 0x41beb87e in nsViewManager2::RenderViews (this=0x420d9dc8, 
    aRootView=0x41ecd588, aRC=@0x423430d8, aRect=@0xbffff26c, 
    aResult=@0xbffff284) at nsViewManager2.cpp:793
#21 0x41beb3da in nsViewManager2::Refresh (this=0x420d9dc8, aView=0x41ecd588, 
    aContext=0x423430d8, rect=0xbffff304, aUpdateFlags=1)
    at nsViewManager2.cpp:674
#22 0x41bece7d in nsViewManager2::DispatchEvent (this=0x420d9dc8, 
    aEvent=0xbffff428, aStatus=0xbffff348) at nsViewManager2.cpp:1338
#23 0x41be1cd4 in HandleEvent (aEvent=0xbffff428) at nsView.cpp:67
#24 0x40c53798 in nsWidget::DispatchEvent (this=0x41ecd618, aEvent=0xbffff428, 
    aStatus=@0xbffff3e4) at nsWidget.cpp:1475
#25 0x40c533dc in nsWidget::DispatchWindowEvent (this=0x41ecd618, 
    event=0xbffff428) at nsWidget.cpp:1366
#26 0x40c59940 in nsWindow::DoPaint (this=0x41ecd618, aX=8, aY=8, aWidth=1, 
    aHeight=1, aClipRegion=0x41ecd750) at nsWindow.cpp:701
#27 0x40c59bf9 in nsWindow::Update (this=0x41ecd618) at nsWindow.cpp:747
#28 0x40c59687 in nsWindow::UpdateIdle (data=0x0) at nsWindow.cpp:613
#29 0x40e17139 in g_idle_dispatch ()
    at ../../../dist/include/nsIPageSequenceFrame.h:112
#30 0x40e16186 in g_main_dispatch ()
    at ../../../dist/include/nsIPageSequenceFrame.h:112
#31 0x40e16751 in g_main_iterate ()
    at ../../../dist/include/nsIPageSequenceFrame.h:112
#32 0x40e168f1 in g_main_run ()
    at ../../../dist/include/nsIPageSequenceFrame.h:112
#33 0x40d3b5b9 in gtk_main ()
    at ../../../dist/include/nsIPageSequenceFrame.h:112
#34 0x40c401da in nsAppShell::Run (this=0x80ab028) at nsAppShell.cpp:335
#35 0x4069baa4 in nsAppShellService::Run (this=0x80da898)
    at nsAppShellService.cpp:378
#36 0x805554f in main1 (argc=2, argv=0xbffff8d4, nativeApp=0x0)
    at nsAppRunner.cpp:958
#37 0x8055c1e in main (argc=2, argv=0xbffff8d4) at nsAppRunner.cpp:1139
Comment 7 Decklin Foster 2000-09-19 14:07:47 PDT

*** This bug has been marked as a duplicate of 52275 ***
Comment 8 Peter ``jag'' Annema 2000-09-19 16:22:54 PDT
verified dupe

Note You need to log in before you can comment on or make changes to this bug.