Closed Bug 75417 Opened 24 years ago Closed 24 years ago

<img src="file:///x/"> causes a crash

Categories

(Core :: Graphics: ImageLib, defect)

Product:
Core
Component:
Graphics: ImageLib
Platform:
x86
Windows NT
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: c, Assigned: pavlov)

Details

(Keywords: crash)

<img src="file:///x/"> or something similar causes a crash on Win NT. The protocol must be "file" and the top level directory must consist of only one char to reproduce it. Of course that is no valid URI in Windows, but Mozilla crashes even when you save a page which contains <img src="/i/some.gif"> and view it locally. Probably we make the erroneous assumption that every top level directory within a "file:" URI consists of at least 2 chars (for Windows). Some notes: - No crash if the char is escaped (e.g. "file:///%78/") - No crash if the char is not ASCII (e.g. "file:///ä/") - No crash if you type "file:///x/ in the location bar - No crash if a link is such an URI (e.g. <a href="file:///x/">) I'm not sure about the correct component for this, but the crash is in gklayout.dll, so I try layout. 2001-04-09-04, Win NT.
Keywords: crash
I'm getting an assertion and then the following crash. Reassigning to pavlov, CCing attinasi. nsImageFrame::Paint(nsImageFrame * const 0x00ddd160, nsIPresContext * 0x02a9e180, nsIRenderingContext & {...}, const nsRect & {x=0 y=0 width=15 height=15}, nsFramePaintLayer eFramePaintLayer_Underlay) line 985 + 53 bytes nsContainerFrame::PaintChild(nsIPresContext * 0x02a9e180, nsIRenderingContext & {...}, const nsRect & {x=-120 y=-120 width=9180 height=4470}, nsIFrame * 0x00ddd160, nsFramePaintLayer eFramePaintLayer_Underlay) line 208 nsBlockFrame::PaintChildren(nsIPresContext * 0x02a9e180, nsIRenderingContext & {...}, const nsRect & {x=-120 y=-120 width=9180 height=4470}, nsFramePaintLayer eFramePaintLayer_Underlay) line 6594 nsBlockFrame::Paint(nsBlockFrame * const 0x00ddd0ec, nsIPresContext * 0x02a9e180, nsIRenderingContext & {...}, const nsRect & {x=-120 y=-120 width=9180 height=4470}, nsFramePaintLayer eFramePaintLayer_Underlay) line 6472 nsContainerFrame::PaintChild(nsIPresContext * 0x02a9e180, nsIRenderingContext & {...}, const nsRect & {x=0 y=0 width=9180 height=4470}, nsIFrame * 0x00ddd0ec, nsFramePaintLayer eFramePaintLayer_Underlay) line 208 nsBlockFrame::PaintChildren(nsIPresContext * 0x02a9e180, nsIRenderingContext & {...}, const nsRect & {x=0 y=0 width=9180 height=4470}, nsFramePaintLayer eFramePaintLayer_Underlay) line 6594 nsBlockFrame::Paint(nsBlockFrame * const 0x00ddd0a0, nsIPresContext * 0x02a9e180, nsIRenderingContext & {...}, const nsRect & {x=0 y=0 width=9180 height=4470}, nsFramePaintLayer eFramePaintLayer_Underlay) line 6472 nsContainerFrame::PaintChild(nsIPresContext * 0x02a9e180, nsIRenderingContext & {...}, const nsRect & {x=0 y=0 width=9180 height=4470}, nsIFrame * 0x00ddd0a0, nsFramePaintLayer eFramePaintLayer_Underlay) line 208 nsContainerFrame::PaintChildren(nsIPresContext * 0x02a9e180, nsIRenderingContext & {...}, const nsRect & {x=0 y=0 width=9180 height=4470}, nsFramePaintLayer eFramePaintLayer_Underlay) line 152 nsHTMLContainerFrame::Paint(nsHTMLContainerFrame * const 0x00ddc33c, nsIPresContext * 0x02a9e180, nsIRenderingContext & {...}, const nsRect & {x=0 y=0 width=9180 height=4470}, nsFramePaintLayer eFramePaintLayer_Underlay) line 109 PresShell::Paint(PresShell * const 0x01231c34, nsIView * 0x0125c9d0, nsIRenderingContext & {...}, const nsRect & {x=0 y=0 width=9180 height=4470}) line 4932 + 34 bytes nsView::Paint(nsView * const 0x0125c9d0, nsIRenderingContext & {...}, const nsRect & {x=0 y=0 width=9180 height=4470}, unsigned int 128, int & 2456789) line 277 nsViewManager::RenderDisplayListElement(DisplayListElement2 * 0x012598d0, nsIRenderingContext & {...}) line 1394 nsViewManager::RenderViews(nsIView * 0x0125e100, nsIRenderingContext & {...}, const nsRect & {x=0 y=0 width=9180 height=4470}, int & 0) line 1319 nsViewManager::Refresh(nsIView * 0x0125e100, nsIRenderingContext * 0x012597d0, const nsRect * 0x0012f938 {x=0 y=0 width=9180 height=4470}, unsigned int 1) line 885 nsViewManager::DispatchEvent(nsViewManager * const 0x012349a0, nsGUIEvent * 0x0012fa78, nsEventStatus * 0x0012f97c) line 1909 HandleEvent(nsGUIEvent * 0x0012fa78) line 68 nsWindow::DispatchEvent(nsWindow * const 0x0125cee4, nsGUIEvent * 0x0012fa78, nsEventStatus & nsEventStatus_eIgnore) line 695 + 10 bytes nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012fa78, nsEventStatus & nsEventStatus_eIgnore) line 721 nsWindow::OnPaint() line 3825 + 28 bytes nsWindow::ProcessMessage(unsigned int 15, unsigned int 0, long 0, long * 0x0012fe58) line 2832 + 17 bytes nsWindow::WindowProc(HWND__ * 0x02ea05ec, unsigned int 15, unsigned int 0, long 0) line 950 + 27 bytes USER32! 77e719d0() USER32! 77e71982()
Component: Layout → ImageLib
karnaze didn't actually reassign, so I do.
Assignee: karnaze → pavlov
QA Contact: petersen → tpreston
fixed.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
verified
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.