Closed Bug 646961 Opened 14 years ago Closed 14 years ago

Solaris10/SPARC: SIGBUS in iccread.c: read_u32 (called from read_tag_XYZType)

Categories

(Core :: Graphics: Color Management, defect)

Product:
Core
Component:
Graphics: Color Management
Platform:
Other
Other
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 629057

People

(Reporter: nicolai.stange, Unassigned)

References

(
URL
)

Details

Attachments

(1 file)

proposed fix (against firefox-3.6.16 sources)
752 bytes, patch
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:2.0b8pre) Gecko/20110315 Firefox/4.0b8pre Build Identifier: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.9.2.16) Gecko/20110331 Firefox/3.6.16 Solaris10/SPARC/gcc-4.5.2 Firefox crashes with a SIGBUS due to violated memory alignment requirements. Backtrace: #0 0xfd928758 in read_u32 (mem=0xffbfc94c, offset=535) at /opt/zmaw/sw/solaris10_new/firefox-3.6.16-debug-gcc45/src/mozilla-1.9.2/gfx/qcms/iccread.c:90 #1 0xfd9292dc in read_tag_XYZType (src=0xffbfc94c, index=..., tag_id=1918392666) at /opt/zmaw/sw/solaris10_new/firefox-3.6.16-debug-gcc45/src/mozilla-1.9.2/gfx/qcms/iccread.c:322 #2 0xfd92a8b8 in qcms_profile_from_memory (mem=0xf1470000, size=7261) at /opt/zmaw/sw/solaris10_new/firefox-3.6.16-debug-gcc45/src/mozilla-1.9.2/gfx/qcms/iccread.c:708 #3 0xfc5e3cc0 in nsJPEGDecoder::ProcessData (this=0xf3365000, data=0xf3156004 "<some bytes presented as string>"..., count=4096, writeCount=0xffbfcc6c) at /opt/zmaw/sw/solaris10_new/firefox-3.6.16-debug-gcc45/src/mozilla-1.9.2/modules/libpr0n/decoders/jpeg/nsJPEGDecoder.cpp:341 #4 0xfc5e3684 in ReadDataOut (in=0xf1055070, closure=0xf3365000, fromRawSegment=0xf3156004 "<some bytes presented as string>"..., toOffset=4096, count=4096, writeCount=0xffbfcc6c) at /opt/zmaw/sw/solaris10_new/firefox-3.6.16-debug-gcc45/src/mozilla-1.9.2/modules/libpr0n/decoders/jpeg/nsJPEGDecoder.cpp:248 [...] (gdb) print/x mem->buf $2 = 0xf1470000 (gdb) print/x offset $3 = 0x217 Alignment requirement: You may only read 32 bit values from addresses divisible by four. Reproducible: Always Steps to Reproduce: 1. Get a firefox 3.6.16 on Solaris10/SPARC with icc enabled (dunno if one can disable it) 2. go to www.climate-service-center.de Actual Results: Crashes immediately with SIGBUS. I don't know which of the images on that site trigger it. Expected Results: Don't crash ;)
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: