Closed Bug 750983 Opened 13 years ago Closed 13 years ago

ICO crash [mozilla::image::Decoder::Write]

Categories

(Core :: Graphics: ImageLib, defect)

Product:
Core
Component:
Graphics: ImageLib
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla15
Tracking Flags:
Tracking Status
firefox12 --- unaffected
firefox13 --- affected
firefox14 --- affected
firefox15 --- verified

People

(Reporter: posidron, Assigned: bbondy)

Details

(Keywords: crash, testcase)

Crash Data

Attachments

(3 files)

testcase
1.37 KB, image/x-icon
Details
callstack
16.51 KB, text/plain
Details
Patch v1.
5.38 KB, patch
joe
: review+
Details | Diff | Splinter Review
Attached image testcase
No description provided.
Attached file callstack
Crash Signature: [@ mozilla::image::Decoder::Write]
Component: Graphics → ImageLib
Keywords: regressionwindow-wanted
QA Contact: thebes → imagelib
Browser does not crash in Windows build. However, the following error message appears in Error console without showing image. Error: Image corrupt or truncated: https://bugzilla.mozilla.org/attachment.cgi?id=620160 Source file: https://bugzilla.mozilla.org/attachment.cgi?id=620160 FYI, this starts from the following range. (central) Something image displayed: http://hg.mozilla.org/mozilla-central/rev/e6893e6c883f Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0a1) Gecko/20111104 Firefox/10.0a1 ID:20111104020439 Error message appears in Error console without showing image: http://hg.mozilla.org/mozilla-central/rev/5ebd59b5a94a Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0a1) Gecko/20111104 Firefox/10.0a1 ID:20111104112939 Pushlog: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=e6893e6c883f&tochange=5ebd59b5a94a (inbound) Something image displayed: http://hg.mozilla.org/integration/mozilla-inbound/rev/c535d936df7f Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0a1) Gecko/20111103 Firefox/10.0a1 ID:20111104035242 Error message appears in Error console without showing image: http://hg.mozilla.org/integration/mozilla-inbound/rev/dd25b9224c76 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0a1) Gecko/20111104 Firefox/10.0a1 ID:20111104070042 Pushlog: http://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=c535d936df7f&tochange=dd25b9224c76
The error message on Windows is bug 704421, but the crash on Mac is a different issue.
Assignee: nobody → netzen
Attached patch Patch v1.Splinter Review
Basically we were not carrying over the decoder errors, only the data errors
Attachment #620555 - Flags: review?(joe)
The testcase doesn't crash on osx by the way, but I can see from the callstack that the problem is with us not carrying over the decoder error. The error message found for the regression range is not a bug but an invalid icon file that we shouldn't handle. The test case icon doesn't work in IE nor Chrome.
The testcase works on osx. It's the platform on which I have tested it.
Keywords: testcase
I loaded the test case there and could not reproduce, but the problem seems pretty clear from the callstack. Once this lands maybe you could verify it since I can't reproduce the crash myself.
Applied the patch to my trunk build but shows no affect.
Still crashes after building image? Could you attach a new callstack?
Comment on attachment 620555 [details] [diff] [review] Patch v1. Cancelling review for now since it still crashes.
Attachment #620555 - Flags: review?(joe)
The callstack is the same.
I reproduced this on OSX with a debug build; however... I then applied the fix and I could no longer reproduce. I then popped off the fix and I could reproduce again. I then pushed the fix and could not reproduce again. I then just for good measure popped one last time and could reproduce again. It also would not make any logical sense to me how the error could happen with the fix applied. Are you sure that you applied the fix and built properly?
Hmm, $ hg qapplied 4 A bug746891.patch Applied without errors, compiled without errors (make -sf client.mk build) but still can reproduce it.
Ops, wrong patch!
Yes, fixed! Sorry for the trouble and confusion.
no problem, it happens :)
Attachment #620555 - Flags: review?(joe)
Comment on attachment 620555 [details] [diff] [review] Patch v1. Review of attachment 620555 [details] [diff] [review]: ----------------------------------------------------------------- lovely
Attachment #620555 - Flags: review?(joe) → review+
https://hg.mozilla.org/mozilla-central/rev/4eda2c7b640c
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Keywords: verifyme
Not able to reproduce the crash on FF 13.0.1, FF 14.0.1 and Nightly 2012-05-01 on Mac OS X 10.6.8. Is there something qa can do to verify this fix ?
I think you have to use a debug build and then load the test case image attached to this bug. Any platform should be fine.
Thanks Brian. Able to see the crash on 2012-05-01-mozilla-central-debug on Win 7, Ubuntu 12.04 and Mac OS X 10.6. No crashes on 2012-08-18-mozilla-beta-debug. Verified fixed.
Status: RESOLVED → VERIFIED
status-firefox15: fixedverified
Keywords: verifyme
OS: Mac OS X → All
QA Contact: paul.silaghi
Hardware: x86_64 → All
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: