Builds 1998-09-12, 1998-09-13, and 1998-09-14 will crash if you go to one of the urls below. The crash infomation was this: MOZILLA caused an invalid page fault in module JPEG3250.DLL at 015f:009ee701. Registers: EAX=00e70c50 CS=015f EIP=009ee701 EFLGS=00210282 EBX=00e6fc8c SS=0167 ESP=00c4f338 EBP=00c4f3bc ECX=00e6fc0c DS=0167 ESI=00e70c48 FS=19bf EDX=00e74ff8 ES=0167 EDI=00e74fb8 GS=0000 Bytes at CS:EIP: 0f 7f 6a 08 0f 7f f3 0f 60 f6 0f 60 f9 0f 60 f1 Stack dump: 00000000 81664020 00b40000 00cb7d54 00e6ea58 00000001 00800080 00800080 00000000 00000000 00e6ea10 00e6e9d0 00e6ea50 00cb7124 00000000 00000000 and MOZILLA caused an invalid page fault in module MSVCRTD.DLL at 015f:102117d5. Registers: EAX=00e6eb60 CS=015f EIP=102117d5 EFLGS=00010206 EBX=81672d74 SS=0167 ESP=0213fb90 EBP=0213fba4 ECX=55ffff21 DS=0167 ESI=5f400000 FS=4e1f EDX=55ffff21 ES=0167 EDI=00000000 GS=0000 Bytes at CS:EIP: 8b 42 14 25 ff ff 00 00 85 c0 7c 66 8b 4d f8 8b Stack dump: 00000000 5f400000 81672d74 55ffff21 00000005 0213fbf0 10211dc2 0213fbbc 00000000 5f400000 81672d74 00e6eb60 00000000 00000000 00000000 00000000 http://developer.netscape.com/images/pixel3.jpg is a 1x1x24bit jpg. Which is in the page for reasons I can only guess. Netscape Communicator 4.5p2 has no problem with it. http://developer.netscape.com/images/pixel3.jpg http://developer.netscape.com/source/intel.html
I believe this is a bug in the Intel MMX JPEG code --- they have a problem with writing past the end of the scanline buffers when the image width is not a multiple of 8. Will install Intel's update when I get time. In the meantime, anyone who really needs to get some work done on an MMX machine may want to disable the test for MMX hardware near the top of jpeg/jdapimin.c. If anyone is seeing this on a machine that does *not* have MMX hardware, please let me know!
The new codebase does not have a problem with it. Marking resolved fix.
Strictly speaking, this bug is not "fixed". It has been patched around until there is time to implement a proper fix. (The patch consists of not invoking the MMX code on images narrower than 8 pixels ... ewwww.) Unfortunately Bugzilla doesn't seem to have a status code for "temporary patch in place"... should we reopen it or leave it as "fixed" when it isn't really?