Why Firefox 2.0.0.11 Happened So Fast


Prologue: drawImage with broken PNG draws random memory

Prior to the release of Firefox 2.0.0.10 a minor security issue was discovered in the drawImage method in the Canvas API. This particular method takes an image (in the form of an IMG DOM Element), extracts the image data, and puts it into the Canvas at the desired points. If you’re interested in seeing what this method does (and aren’t running 2.0.0.10) then visit the Mozilla developer demo. The issue was that if the image was corrupted in some way, drawImage would still try to read data from it and display random bits of memory instead (oops).

This was fixed and two attachments were uploaded resolving this bug. However, that’s where the issue came in. When it came time to commit the changes, only the first patch landed (by mistake) which caused drawImage to become all wonky. Coupled by the fact that there wasn’t an immediate regression test in place to notice the obvious error. (That being said, we’re getting much better – going from very few automated tests about a year ago, to tens of thousands now.)

Nov. 26: Firefox 2.0.0.10 is released, Canvas.drawImage method is not working

Canvas users (both web applications and Firefox extensions) start to notice the following error pop up:

uncaught exception: [Exception... "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIDOMCanvasRenderingContext2D.drawImage]” nsresult: “0×80040111 (NS_ERROR_NOT_AVAILABLE)” location: “JS frame :: drawImage.html :: anonymous :: line 12″ data: no]

The obvious bug is spotted and the patch is landed. The question then became: How serious is this? In a nutshell: Very serious. A number of critical applications were using this functionality to draw parts of their UIs and having this fail made them unusable. Thus, the new question was: How fast can we get it out? The answer:

Nov. 29: Firefox 2.0.0.11 is released, fastest turnaround for a browser, yet.

So that’s why you’re seeing two browser updates in one week. It was a big mistake, but thankfully it was caught quickly, fixed quickly, and released quickly. And in the end, it’ll be a good thing, as I’m sure it’ll get some more regression tests landed in the suite.

Posted: December 1st, 2007


If you particularly enjoy my work, I appreciate donations given with Gittip.

11 Comments (Show Comments)



Comments are closed.
Comments are automatically turned off two weeks after the original post. If you have a question concerning the content of this post, please feel free to contact me.


Secrets of the JavaScript Ninja

Secrets of the JS Ninja

Secret techniques of top JavaScript programmers. Published by Manning.

Ukiyo-e Database and Search

Ukiyo-e.org

Japanese woodblock print database and search engine.


John Resig Twitter Updates

@jeresig

Infrequent, short, updates and links.