Closed
Bug 856616
Opened 12 years ago
Closed 12 years ago
GIF Assertion failure: !IsSizeDecode() (Size decodes shouldn't reach gif_done) [@mozilla::image::nsGIFDecoder2::WriteInternal]
Categories
(Core :: Graphics: ImageLib, defect)
Tracking
()
RESOLVED
FIXED
mozilla27
People
(Reporter: posidron, Assigned: milan)
References
Details
(Keywords: crash, testcase)
Attachments
(4 files, 3 obsolete files)
|
27 bytes,
image/gif
|
Details | |
|
984 bytes,
patch
|
Details | Diff | Splinter Review | |
|
4.18 KB,
text/plain
|
Details | |
|
2.00 KB,
patch
|
milan
:
review+
|
Details | Diff | Splinter Review |
testcase
No description provided.
|
Reporter | |
Comment 1•12 years ago
|
||
|
Assignee | |
Comment 2•12 years ago
|
||
Is there a point of doing PostDecode... if there was no image in the first place?
Assignee: nobody → milan
Attachment #731919 -
Flags: review?(joe)
|
|
Assignee | |
Comment 3•12 years ago
|
||
Before reviewing, see conversation in bug 857623
|
|
Assignee | |
Comment 4•12 years ago
|
||
Comment on attachment 731919 [details] [diff] [review]
We're not covering the scenario where there are no images in the container.
Joe, can you confirm that PostDecodeDone should never be called for the size decode case, thus the assert?
Attachment #731919 -
Flags: review?(joe)
|
|
Assignee | |
Comment 5•12 years ago
|
||
The solution to this and bug 857623 is the same, the test cases are different and trigger different reasons for hitting it.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
|
|
Reporter | |
Comment 6•12 years ago
|
||
The testcase still works after patch in bug 857623 landed.
Assertion failure: !IsSizeDecode() (Size decodes shouldn't reach gif_done), at /Users/cdiehl/dev/repos/mozilla/mozilla-inbound/image/decoders/nsGIFDecoder2.cpp:1038
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
|
|
Reporter | |
Updated•12 years ago
|
Summary: GIF ABORT: Can't be done with decoding with size decode!: '!IsSizeDecode()' [@mozilla::image::Decoder::PostDecodeDone] → GIF Assertion failure: !IsSizeDecode() (Size decodes shouldn't reach gif_done) [@mozilla::image::nsGIFDecoder2::WriteInternal]
|
|
Reporter | |
Comment 7•12 years ago
|
||
Attachment #731872 -
Attachment is obsolete: true
|
|
Reporter | |
Updated•12 years ago
|
See Also: → CVE-2013-1691
|
|
Reporter | |
Comment 8•12 years ago
|
||
This is still reproducible with Nightly.
|
|
Assignee | |
Comment 9•12 years ago
|
||
Right - we're still not covering the case where there are no images in the container. Seth, the assertion we kept from bug 857623 is correct when there is an image to decode; if we go straight from global header/global colormap to GIF_TRAILER/gif_done, we hit this assertion. Now, that assertion is useful in the other scenarios, so I'd rather not just remove it. Seth, Joe, opinions?
Flags: needinfo?(seth)
Flags: needinfo?(joe)
|
||
Comment 10•12 years ago
|
||
The easiest way is to just remove the assert. The more correct way is to PostSize() when we get the gif_global_header, and just return then.
Flags: needinfo?(joe)
|
|
||
Comment 11•12 years ago
|
||
My preference is to fix the code correctly, but I'll accept removing the assert (if we really want that fixed) and filing a follow-up bug to fix the code and restore the assert.
|
|
Assignee | |
Comment 12•12 years ago
|
||
Is this the direction you had in mind?
Attachment #774800 -
Flags: feedback?(joe)
Flags: needinfo?(seth)
|
|
||
Comment 13•12 years ago
|
||
Comment on attachment 774800 [details] [diff] [review]
PostSize in the global header, no need to continue when doing size decode
Yep!
Attachment #774800 -
Flags: feedback?(joe) → feedback+
|
|
Assignee | |
Comment 14•12 years ago
|
||
The code is the same as in the (obsolete) patch f+ by Joe; this one just adds the test.
Attachment #774800 -
Attachment is obsolete: true
Attachment #807415 -
Flags: review?(seth)
|
||
Comment 15•12 years ago
|
||
Comment on attachment 807415 [details] [diff] [review]
PostSize in the global header, no need to continue when doing size decode.
Review of attachment 807415 [details] [diff] [review]:
-----------------------------------------------------------------
Looks good.
Attachment #807415 -
Flags: review?(seth) → review+
|
|
Assignee | |
Comment 16•12 years ago
|
||
Try looks good: https://tbpl.mozilla.org/?tree=Try&rev=424345dcad4e. Will do a trivial rebase and attach the new patch.
|
|
Assignee | |
Comment 17•12 years ago
|
||
Carry Seth's r+, trivial rebase.
Attachment #807415 -
Attachment is obsolete: true
Attachment #810006 -
Flags: review+
|
|
Assignee | |
Updated•12 years ago
|
Keywords: checkin-needed
|
||
Comment 18•12 years ago
|
||
Flags: in-testsuite+
Keywords: checkin-needed
|
|
||
Comment 19•12 years ago
|
||
Status: REOPENED → RESOLVED
Closed: 12 years ago → 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla27
You need to log in
before you can comment on or make changes to this bug.
Description
•