Closed Bug 646961 Opened 13 years ago Closed 13 years ago

Solaris10/SPARC: SIGBUS in iccread.c: read_u32 (called from read_tag_XYZType)

Categories

(Core :: Graphics: Color Management, defect)

Product:
Core
Component:
Graphics: Color Management
Platform:
Other
Other
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 629057

People

(Reporter: nicolai.stange, Unassigned)

References

(
URL
)

Details

Attachments

(1 file)

proposed fix (against firefox-3.6.16 sources)
752 bytes, patch
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:2.0b8pre) Gecko/20110315 Firefox/4.0b8pre
Build Identifier: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.9.2.16) Gecko/20110331 Firefox/3.6.16

Solaris10/SPARC/gcc-4.5.2

Firefox crashes with a SIGBUS due to violated memory alignment requirements.

Backtrace:
#0  0xfd928758 in read_u32 (mem=0xffbfc94c, offset=535)
    at /opt/zmaw/sw/solaris10_new/firefox-3.6.16-debug-gcc45/src/mozilla-1.9.2/gfx/qcms/iccread.c:90
#1  0xfd9292dc in read_tag_XYZType (src=0xffbfc94c, index=..., 
    tag_id=1918392666)
    at /opt/zmaw/sw/solaris10_new/firefox-3.6.16-debug-gcc45/src/mozilla-1.9.2/gfx/qcms/iccread.c:322
#2  0xfd92a8b8 in qcms_profile_from_memory (mem=0xf1470000, size=7261)
    at /opt/zmaw/sw/solaris10_new/firefox-3.6.16-debug-gcc45/src/mozilla-1.9.2/gfx/qcms/iccread.c:708
#3  0xfc5e3cc0 in nsJPEGDecoder::ProcessData (this=0xf3365000, 
    data=0xf3156004 "<some bytes presented as string>"..., count=4096, writeCount=0xffbfcc6c)
    at /opt/zmaw/sw/solaris10_new/firefox-3.6.16-debug-gcc45/src/mozilla-1.9.2/modules/libpr0n/decoders/jpeg/nsJPEGDecoder.cpp:341
#4  0xfc5e3684 in ReadDataOut (in=0xf1055070, closure=0xf3365000, 
    fromRawSegment=0xf3156004 "<some bytes presented as string>"..., toOffset=4096, count=4096, writeCount=0xffbfcc6c)
    at /opt/zmaw/sw/solaris10_new/firefox-3.6.16-debug-gcc45/src/mozilla-1.9.2/modules/libpr0n/decoders/jpeg/nsJPEGDecoder.cpp:248
[...]

(gdb) print/x mem->buf
$2 = 0xf1470000
(gdb) print/x offset
$3 = 0x217

Alignment requirement: You may only read 32 bit values from addresses divisible by four.

Reproducible: Always

Steps to Reproduce:
1. Get a firefox 3.6.16 on Solaris10/SPARC with icc enabled (dunno if one can disable it)
2. go to www.climate-service-center.de
Actual Results:  
Crashes immediately with SIGBUS. I don't know which of the images on that site trigger it.

Expected Results:  
Don't crash ;)
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: