Closed
Bug 1814708
Opened 2 years ago
Closed 2 years ago
Assertion failure: hasNext == mAlphaSampleIter->HasNext(), at /builds/worker/checkouts/gecko/image/decoders/nsAVIFDecoder.cpp:243
Categories
(Core :: Graphics: ImageLib, defect)
Core
Graphics: ImageLib
Tracking
()
RESOLVED
FIXED
111 Branch
| Tracking | Status | |
|---|---|---|
| firefox-esr102 | --- | unaffected |
| firefox109 | --- | unaffected |
| firefox110 | --- | unaffected |
| firefox111 | --- | fixed |
People
(Reporter: tsmith, Assigned: Zaggy1024)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, testcase)
Attachments
(2 files)
testcase.avif
Found while fuzzing m-c 20230201-b7f075124503 (--enable-debug --enable-fuzzing)
Requires pref image.avif.sequence.enabled=true
Assertion failure: hasNext == mAlphaSampleIter->HasNext(), at /builds/worker/checkouts/gecko/image/decoders/nsAVIFDecoder.cpp:243
#0 0x7f38b090e5b0 in mozilla::image::AVIFParser::GetImage(mozilla::image::AVIFImage&) /builds/worker/checkouts/gecko/image/decoders/nsAVIFDecoder.cpp:243:5
#1 0x7f38b09118fb in mozilla::image::nsAVIFDecoder::Decode(mozilla::image::SourceBufferIterator&, mozilla::image::IResumable*) /builds/worker/checkouts/gecko/image/decoders/nsAVIFDecoder.cpp:1445:29
#2 0x7f38b0910f61 in mozilla::image::nsAVIFDecoder::DoDecode(mozilla::image::SourceBufferIterator&, mozilla::image::IResumable*) /builds/worker/checkouts/gecko/image/decoders/nsAVIFDecoder.cpp:1181:25
#3 0x7f38b0853057 in mozilla::image::Decoder::Decode(mozilla::image::IResumable*) /builds/worker/checkouts/gecko/image/Decoder.cpp:177:19
#4 0x7f38b08529fb in mozilla::image::AnimationSurfaceProvider::Run() /builds/worker/checkouts/gecko/image/AnimationSurfaceProvider.cpp:232:36
#5 0x7f38b0875401 in mozilla::image::DecodingTask::Run() /builds/worker/checkouts/gecko/image/DecodePool.cpp:146:12
#6 0x7f38af1aee03 in mozilla::TaskController::RunPoolThread() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:328:33
#7 0x7f38c2935c86 in _pt_root /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:201:5
#8 0x7f38c36b6608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477:8
#9 0x7f38c3261132 in __clone /build/glibc-SzIz7B/glibc-2.31/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Flags: in-testsuite?
|
||
Comment 1•2 years ago
|
||
I required image.avif.sequence.enabled=true in order to reproduce this.
|
|
||
Updated•2 years ago
|
Severity: -- → S3
|
||
Updated•2 years ago
|
Assignee: nobody → Zaggy1024
Status: NEW → ASSIGNED
Pushed by tnikkel@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/b6a3b24b90c4
Error when the length of AVIF color or alpha sequences mismatch. r=tnikkel
|
||
Comment 4•2 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → 111 Branch
|
||
Updated•2 years ago
|
status-firefox109:
--- → unaffected
status-firefox110:
--- → unaffected
status-firefox-esr102:
--- → unaffected
You need to log in
before you can comment on or make changes to this bug.
Description
•