Prologue: drawImage with broken PNG draws random memory
Prior to the release of Firefox 2.0.0.10 a minor security issue was discovered in the drawImage method in the Canvas API. This particular method takes an image (in the form of an IMG DOM Element), extracts the image data, and puts it into the Canvas at the desired points. If you’re interested in seeing what this method does (and aren’t running 2.0.0.10) then visit the Mozilla developer demo. The issue was that if the image was corrupted in some way, drawImage would still try to read data from it and display random bits of memory instead (oops).
This was fixed and two attachments were uploaded resolving this bug. However, that’s where the issue came in. When it came time to commit the changes, only the first patch landed (by mistake) which caused drawImage to become all wonky. Coupled by the fact that there wasn’t an immediate regression test in place to notice the obvious error. (That being said, we’re getting much better – going from very few automated tests about a year ago, to tens of thousands now.)
Nov. 26: Firefox 2.0.0.10 is released, Canvas.drawImage method is not working
Canvas users (both web applications and Firefox extensions) start to notice the following error pop up:
uncaught exception: [Exception… “Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIDOMCanvasRenderingContext2D.drawImage]” nsresult: “0x80040111 (NS_ERROR_NOT_AVAILABLE)” location: “JS frame :: drawImage.html :: anonymous :: line 12” data: no]
The obvious bug is spotted and the patch is landed. The question then became: How serious is this? In a nutshell: Very serious. A number of critical applications were using this functionality to draw parts of their UIs and having this fail made them unusable. Thus, the new question was: How fast can we get it out? The answer:
Nov. 29: Firefox 2.0.0.11 is released, fastest turnaround for a browser, yet.
So that’s why you’re seeing two browser updates in one week. It was a big mistake, but thankfully it was caught quickly, fixed quickly, and released quickly. And in the end, it’ll be a good thing, as I’m sure it’ll get some more regression tests landed in the suite.
Ralph (December 1, 2007 at 1:14 pm)
Thanks for the feedback…that helps.
Nicky (December 1, 2007 at 1:47 pm)
thanks for providing detail apart from the release notes. :-)
Marc (December 2, 2007 at 2:19 pm)
I was noticing the, “uncaught exception” error in Firefox – glad to know it was fixed so quickly! I love how fast updates can stream through Firefox users. With other browsers it would have taken much, much longer if something similar happened.
Dave Savage (December 2, 2007 at 7:51 pm)
Thanks John; good stuff, I was curious about that.
Scott Johnson (December 2, 2007 at 8:14 pm)
From my perspective, 2.0.0.11 was quite welcome. 2.0.0.10 was the first patch from the 2.x series that failed to install on my laptop. It kept retrying every time I restarted Firefox. 2.0.0.11 somehow worked, though. :)
Jigar Shah (December 3, 2007 at 6:14 am)
Its really good to see quick patch. But it causes lots of in convenience to non-technical user. My brother and uncle asked me “if i can disable such updates?” I told him “its mostly security fix and you should update it. ” But response was not so good. Can we make it little non-obtrusive saying “Update Installed and No need to restart immediately” And It should be non PopUp Way….Something like blink throbber or change color of throbber; something like that.
capital L (December 3, 2007 at 6:51 pm)
Well I’m not at all happy with this development, because now if I try to open a link to an image that’s embedded within an image (i.e. clicking on a thumbnail), Firefox attempts to open the image in an external viewer, as opposed within to the browser. I hope there’s another quick fix coming, because this is just dumb.
capital L (December 3, 2007 at 6:58 pm)
scratch that, problem fixed. heh.
Zardoz (December 5, 2007 at 7:11 am)
Thanks John ;)
This affect me, we were using and Base64 encoded PNG character set to produce vertical text in Firefox, which then broke with 2.0.0.10. Yikes! This quick turn around just goes to prove what a great team we have behind the Firefox project.
Here’s to better and greater accomplishments in 2008.
Keep up all the great work!
Babla Babla (December 6, 2007 at 4:19 am)
Firefox 2.0.0.11 is broken on several machines of mine. windows XP. Firefox will not start up. And it seems some other odd things happened until I installed 2.0.0.10 on top of it. But then the damned auto-update got me before I turned it off, and it seems I’m installing 2.0.0.10 a lot, Grrr. Since the canvas thing is barely fixed in 11 anyway, I guess it’s time to go back to 9 and turn off auto-update for good.
Eric Finley (January 10, 2008 at 1:14 pm)
Hmm… I’m getting the same behaviour which led to this fix on my 2.0.0.11 install, as I begin experimenting with canvas. About every third time (!) I reload-to-test-code on my fairly simple script, the exact same exception occurs and the drawImage does not execute.
FF 2.0.0.11 on XP, exception:
[Exception... "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIDOMCanvasRenderingContext2D.drawImage]" nsresult: "0x80040111 (NS_ERROR_NOT_AVAILABLE)" location: "JS frame :: file:///J:/Harlequin%20Images%20Website/index.htm :: anonymous :: line 86" data: no]