If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Mozilla crashing bug in jpeg handling dll

VERIFIED FIXED

Status

MozillaClassic
JPEG Image Handling
P2
normal
VERIFIED FIXED
19 years ago
19 years ago

People

(Reporter: ngrennan, Assigned: Tom Lane)

Tracking

Details

(Reporter)

Description

19 years ago
Builds 1998-09-12, 1998-09-13, and 1998-09-14 will crash if you go to one of the
urls below. The crash infomation was this:

MOZILLA caused an invalid page fault in
module JPEG3250.DLL at 015f:009ee701.
Registers:
EAX=00e70c50 CS=015f EIP=009ee701 EFLGS=00210282
EBX=00e6fc8c SS=0167 ESP=00c4f338 EBP=00c4f3bc
ECX=00e6fc0c DS=0167 ESI=00e70c48 FS=19bf
EDX=00e74ff8 ES=0167 EDI=00e74fb8 GS=0000
Bytes at CS:EIP:
0f 7f 6a 08 0f 7f f3 0f 60 f6 0f 60 f9 0f 60 f1
Stack dump:
00000000 81664020 00b40000 00cb7d54 00e6ea58 00000001 00800080 00800080 00000000
00000000 00e6ea10 00e6e9d0 00e6ea50 00cb7124 00000000 00000000

and

MOZILLA caused an invalid page fault in
module MSVCRTD.DLL at 015f:102117d5.
Registers:
EAX=00e6eb60 CS=015f EIP=102117d5 EFLGS=00010206
EBX=81672d74 SS=0167 ESP=0213fb90 EBP=0213fba4
ECX=55ffff21 DS=0167 ESI=5f400000 FS=4e1f
EDX=55ffff21 ES=0167 EDI=00000000 GS=0000
Bytes at CS:EIP:
8b 42 14 25 ff ff 00 00 85 c0 7c 66 8b 4d f8 8b
Stack dump:
00000000 5f400000 81672d74 55ffff21 00000005 0213fbf0 10211dc2 0213fbbc 00000000
5f400000 81672d74 00e6eb60 00000000 00000000 00000000 00000000

http://developer.netscape.com/images/pixel3.jpg is a 1x1x24bit jpg. Which is in
the page for reasons I can only guess. Netscape Communicator 4.5p2 has no
problem with it.

http://developer.netscape.com/images/pixel3.jpg
http://developer.netscape.com/source/intel.html
(Reporter)

Updated

19 years ago
Summary: Mozilla crashing hug in jpeg handling dll → Mozilla crashing bug in jpeg handling dll
(Assignee)

Updated

19 years ago
Status: NEW → ASSIGNED
(Assignee)

Comment 1

19 years ago
I believe this is a bug in the Intel MMX JPEG code --- they have a problem
with writing past the end of the scanline buffers when the image width is
not a multiple of 8.  Will install Intel's update when I get time.
In the meantime, anyone who really needs to get some work done on an MMX
machine may want to disable the test for MMX hardware near the top of
jpeg/jdapimin.c.

If anyone is seeing this on a machine that does *not* have MMX hardware,
please let me know!

Updated

19 years ago
Status: ASSIGNED → RESOLVED
Last Resolved: 19 years ago
Resolution: --- → FIXED

Updated

19 years ago
Status: RESOLVED → VERIFIED

Comment 2

19 years ago
The new codebase does not have a problem with it. Marking resolved fix.
(Assignee)

Comment 3

19 years ago
Strictly speaking, this bug is not "fixed".  It has been patched around
until there is time to implement a proper fix.  (The patch consists of
not invoking the MMX code on images narrower than 8 pixels ... ewwww.)
Unfortunately Bugzilla doesn't seem to have a status code for "temporary
patch in place"... should we reopen it or leave it as "fixed" when it
isn't really?
You need to log in before you can comment on or make changes to this bug.