United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-4906972 FileDialog - JVM Crashes on XP if Open button is clicked while renaming file
JDK-4906972 : FileDialog - JVM Crashes on XP if Open button is clicked while renaming file

Details
Type:
Bug
Submit Date:
2003-08-14
Status:
Resolved
Updated Date:
2004-09-08
Project Name:
JDK
Resolved Date:
2003-10-08
Component:
client-libs
OS:
windows_xp
Sub-Component:
java.awt
CPU:
x86
Priority:
P2
Resolution:
Fixed
Affected Versions:
1.3.1,1.4.2,5.0
Fixed Versions:
5.0 (b21)

Related Reports
Backport:
Duplicate:
Duplicate:

Sub Tasks

Description
Name: rmT116609			Date: 08/14/2003


FULL PRODUCT VERSION :
java version "1.4.2"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2-b28)
Java HotSpot(TM) Client VM (build 1.4.2-b28, mixed mode)


FULL OS VERSION :
Microsoft Windows XP [Version 5.1.2600]

A DESCRIPTION OF THE PROBLEM :
The JVM crashes when using the class FileDialog. Occurs when a file is selected for renaming, and the open button is clicked. Only happens in XP.
Also tried on earlier version of the JDK (ver 1.3.1) bug was there also.


STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Open a FileDialog.
Goto any directory with some files in it.
Click to highlight one of these files. Click again to rename the file. Leave the filename in edit mode.. click OK

The JVM crashes

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
I would expect the renaming of the file to automatically be cancelled. And that file returned as the file to open by the dialog.

This is the behaviour on Win 2K (only other OS I have tried this on)
ACTUAL -
JVM Crashes

ERROR MESSAGES/STACK TRACES THAT OCCUR :
Unexpected Signal : EXCEPTION_ACCESS_VIOLATION (0xc0000005) occurred at PC=0x807
7CC6
Function=[Unknown.]
Library=c:\j2sdk1.4.2\jre\bin\client\jvm.dll

NOTE: We are unable to locate the function name symbol for the error
      just occurred. Please refer to release documentation for possible
      reason and solutions.


Current Java thread:
        at sun.awt.windows.WToolkit.eventLoop(Native Method)
        at sun.awt.windows.WToolkit.run(WToolkit.java:262)
        at java.lang.Thread.run(Thread.java:534)

Dynamic libraries:
0x00400000 - 0x00406000         c:\j2sdk1.4.2\bin\java.exe
0x77F50000 - 0x77FF7000         C:\WINDOWS\System32\ntdll.dll
0x77E60000 - 0x77F46000         C:\WINDOWS\system32\kernel32.dll
0x77DD0000 - 0x77E5D000         C:\WINDOWS\system32\ADVAPI32.dll
0x78000000 - 0x7807E000         C:\WINDOWS\system32\RPCRT4.dll
0x77C10000 - 0x77C63000         C:\WINDOWS\system32\MSVCRT.dll
0x08000000 - 0x08136000         c:\j2sdk1.4.2\jre\bin\client\jvm.dll
0x77D40000 - 0x77DC6000         C:\WINDOWS\system32\USER32.dll
0x77C70000 - 0x77CB0000         C:\WINDOWS\system32\GDI32.dll
0x76B40000 - 0x76B6C000         C:\WINDOWS\System32\WINMM.dll
0x5CD70000 - 0x5CD77000         C:\WINDOWS\System32\serwvdrv.dll
0x5B0A0000 - 0x5B0A7000         C:\WINDOWS\System32\umdmxfrm.dll
0x6BD00000 - 0x6BD0D000         C:\WINDOWS\System32\SYNCOR11.DLL
0x10000000 - 0x10007000         c:\j2sdk1.4.2\jre\bin\hpi.dll
0x00390000 - 0x0039E000         c:\j2sdk1.4.2\jre\bin\verify.dll
0x003A0000 - 0x003B8000         c:\j2sdk1.4.2\jre\bin\java.dll
0x003C0000 - 0x003CD000         c:\j2sdk1.4.2\jre\bin\zip.dll
0x02C60000 - 0x02D6A000         C:\j2sdk1.4.2\jre\bin\awt.dll
0x73000000 - 0x73023000         C:\WINDOWS\System32\WINSPOOL.DRV
0x76390000 - 0x763AC000         C:\WINDOWS\System32\IMM32.dll
0x771B0000 - 0x772C7000         C:\WINDOWS\system32\ole32.dll
0x5AD70000 - 0x5ADA4000         C:\WINDOWS\System32\uxtheme.dll
0x02FD0000 - 0x03020000         C:\j2sdk1.4.2\jre\bin\fontmanager.dll
0x73760000 - 0x737A4000         C:\WINDOWS\System32\ddraw.dll
0x73BC0000 - 0x73BC6000         C:\WINDOWS\System32\DCIMAN32.dll
0x73940000 - 0x73A07000         C:\WINDOWS\System32\D3DIM700.DLL
0x74720000 - 0x74764000         C:\WINDOWS\System32\MSCTF.dll
0x773D0000 - 0x77BC2000         C:\WINDOWS\system32\SHELL32.DLL
0x70A70000 - 0x70AD4000         C:\WINDOWS\system32\SHLWAPI.dll
0x71950000 - 0x71A34000         C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-C
ontrols_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
0x77340000 - 0x773CB000         C:\WINDOWS\system32\comctl32.dll
0x763B0000 - 0x763F5000         C:\WINDOWS\system32\COMDLG32.DLL
0x75F40000 - 0x75F5F000         C:\WINDOWS\system32\appHelp.dll
0x76FD0000 - 0x77048000         C:\WINDOWS\System32\CLBCATQ.DLL
0x77120000 - 0x771AB000         C:\WINDOWS\system32\OLEAUT32.dll
0x77050000 - 0x77115000         C:\WINDOWS\System32\COMRes.dll
0x77C00000 - 0x77C07000         C:\WINDOWS\system32\VERSION.dll
0x76620000 - 0x7666E000         C:\WINDOWS\System32\cscui.dll
0x76600000 - 0x7661B000         C:\WINDOWS\System32\CSCDLL.dll
0x75F80000 - 0x7607C000         C:\WINDOWS\System32\browseui.dll
0x76670000 - 0x76757000         C:\WINDOWS\System32\SETUPAPI.dll
0x75A70000 - 0x75B15000         C:\WINDOWS\system32\USERENV.dll
0x76990000 - 0x769B4000         C:\WINDOWS\System32\ntshrui.dll
0x76B20000 - 0x76B35000         C:\WINDOWS\System32\ATL.DLL
0x71C20000 - 0x71C6E000         C:\WINDOWS\System32\NETAPI32.dll
0x71700000 - 0x71849000         C:\WINDOWS\System32\shdocvw.dll
0x075D0000 - 0x075DA000         C:\Program Files\Common Files\Symantec Shared\SS
C\vpshell2.dll
0x76C90000 - 0x76CB2000         C:\WINDOWS\system32\imagehlp.dll
0x6D510000 - 0x6D58D000         C:\WINDOWS\system32\DBGHELP.dll
0x76BF0000 - 0x76BFB000         C:\WINDOWS\System32\PSAPI.DLL

Heap at VM Abort:
Heap
 def new generation   total 576K, used 270K [0x10010000, 0x100b0000, 0x104f0000)

  eden space 512K,  40% used [0x10010000, 0x10043850, 0x10090000)
  from space 64K, 100% used [0x100a0000, 0x100b0000, 0x100b0000)
  to   space 64K,   0% used [0x10090000, 0x10090000, 0x100a0000)
 tenured generation   total 1408K, used 124K [0x104f0000, 0x10650000, 0x14010000
)
   the space 1408K,   8% used [0x104f0000, 0x1050f388, 0x1050f400, 0x10650000)
 compacting perm gen  total 4096K, used 3319K [0x14010000, 0x14410000, 0x1801000
0)
   the space 4096K,  81% used [0x14010000, 0x1434dc38, 0x1434de00, 0x14410000)

Local Time = Thu Aug 14 12:49:44 2003
Elapsed Time = 49
#
# HotSpot Virtual Machine Error : EXCEPTION_ACCESS_VIOLATION
# Error ID : 4F530E43505002EF
# Please report this error at
# http://java.sun.com/cgi-bin/bugreport.cgi
#
# Java VM: Java HotSpot(TM) Client VM (1.4.2-b28 mixed mode)
#
# An error report file has been saved as hs_err_pid612.log.
# Please refer to the file for further information.
#

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
import javax.swing.*;
import java.awt.*;

public class TestFileOpen
{
    private static FileDialog openDlg;
    private static JFrame parentDlg;
    
    public static void main(String [] args)
    {
        parentDlg = new JFrame("parent window");
        parentDlg.show();
        openDlg = new FileDialog(parentDlg, "Test JVM Crash bug", FileDialog.LOAD);
        
        openDlg.show();
        
    }
}

---------- END SOURCE ----------
(Incident Review ID: 199019) 
======================================================================

                                    

Comments
EVALUATION

Name: atR10251			Date: 09/11/2003


The problem is that WFileDialogPeer._show() native method passes 'peer' reference
as a local reference. And this reference is used further in another thread that causes
the crash.
###@###.### 2003-09-11

======================================================================

Name: atR10251			Date: 10/03/2003


Following the steps to reproduce the problem the next Windows feature has been
detected. ::SendMessage() function that is called by InvokeFunction() method
returns earlier than Show() method (which is invoked)! There's an assumption that
it's a result of Windows calls ::ReplyMessage() when ::SendMessage() is being
processed. So mistiming is occured.
In the suggested fix (###@###.### 2003-09-12) it causes that 'peerGlobal' is deleted in 
Java_sun_awt_windows_WFileDialogPeer__1show() but is still used inside
Show() method. So to avoid this problem Show() method duplicates 'peerGlobal' to
use it independently of Java_sun_awt_windows_WFileDialogPeer__1show().
###@###.### 2003-10-02


======================================================================
                                     
2003-10-02
SUGGESTED FIX

Name: atR10251			Date: 09/12/2003


------- awt_FileDialog.cpp -------
*** /tmp/sccs.3Ka4Bl	Thu Sep 11 19:27:36 2003
--- awt_FileDialog.cpp	Thu Sep 11 19:27:29 2003
***************
*** 349,360 ****
  JNIEXPORT void JNICALL
  Java_sun_awt_windows_WFileDialogPeer__1show(JNIEnv *env, jobject peer)
  {
      TRY;
  
!     AwtToolkit::GetInstance().InvokeFunction(AwtFileDialog::Show, peer);
  
      CATCH_BAD_ALLOC;
  }
  
  JNIEXPORT void JNICALL
  Java_sun_awt_windows_WFileDialogPeer__1dispose(JNIEnv *env, jobject peer)
--- 349,368 ----
  JNIEXPORT void JNICALL
  Java_sun_awt_windows_WFileDialogPeer__1show(JNIEnv *env, jobject peer)
  {
      TRY;
  
!     /*
!      * Fix for 4906972.
!      * 'peer' reference has to be global as it's used further in another thread.
!      */
!     jobject peerGlobal = env->NewGlobalRef(peer);
! 
!     AwtToolkit::GetInstance().InvokeFunction(AwtFileDialog::Show, peerGlobal);
  
+     env->DeleteGlobalRef(peerGlobal);
+ 
      CATCH_BAD_ALLOC;
  }
  
  JNIEXPORT void JNICALL
  Java_sun_awt_windows_WFileDialogPeer__1dispose(JNIEnv *env, jobject peer)
---------------------------
###@###.### 2003-09-12

======================================================================

Name: atR10251			Date: 10/03/2003


This fix compensates for the fix above (see evaluation by ###@###.### 2003-10-02).

------- awt_FileDialog.cpp -------
*** /tmp/sccs.eHayEj	Wed Sep 26 12:33:08 2003
--- awt_FileDialog.cpp	Wed Sep 26 12:23:22 2003
***************
*** 114,124 ****
  
  void
  AwtFileDialog::Show(void *p)
  {
      JNIEnv *env = (JNIEnv *)JNU_GetEnv(jvm, JNI_VERSION_1_2);
!     jobject peer = (jobject)p;
      WCHAR unicodeChar = L' ';
      LPTSTR fileBuffer = NULL;
      LPTSTR currentDirectory = NULL;
      AWTOPENFILENAME ofn;
      jint mode = 0;
--- 114,124 ----
  
  void
  AwtFileDialog::Show(void *p)
  {
      JNIEnv *env = (JNIEnv *)JNU_GetEnv(jvm, JNI_VERSION_1_2);
!     jobject peer;
      WCHAR unicodeChar = L' ';
      LPTSTR fileBuffer = NULL;
      LPTSTR currentDirectory = NULL;
      AWTOPENFILENAME ofn;
      jint mode = 0;
***************
*** 130,139 ****
--- 130,147 ----
      jobject fileFilter = NULL;
      jobject target = NULL;
      jobject parent = NULL;
      AwtComponent* awtParent = NULL;
  
+     /*
+      * There's a situation (see bug 4906972) when InvokeFunction (by which this 
method is called)
+      * returnes earlier than this method returnes. Probably it's caused due to 
ReplyMessage system call.
+      * So for the avoidance of this mistiming we need to make new global reference 
here
+      * (not local as it's used by the hook) and then manage it independently of the 
calling thread.
+      */
+     peer = env->NewGlobalRef((jobject)p);
+ 
      try {
          DASSERT(peer);
  	target = env->GetObjectField(peer, AwtObject::targetID);
  	parent = env->GetObjectField(peer, AwtFileDialog::parentID); 
  	if (parent != NULL) {
***************
*** 248,257 ****
--- 256,266 ----
          env->DeleteLocalRef(parent);
          env->DeleteLocalRef(title);
          env->DeleteLocalRef(directory);
          env->DeleteLocalRef(file);
          env->DeleteLocalRef(fileFilter);
+         env->DeleteGlobalRef(peer);
  
          delete[] currentDirectory;
  	delete[] fileBuffer;
  	throw;
      }
***************
*** 260,269 ****
--- 269,279 ----
      env->DeleteLocalRef(parent);
      env->DeleteLocalRef(title);
      env->DeleteLocalRef(directory);
      env->DeleteLocalRef(file);
      env->DeleteLocalRef(fileFilter);
+     env->DeleteGlobalRef(peer);
  
      delete[] currentDirectory;
      delete[] fileBuffer;
  }
  
###@###.### 2003-10-03

======================================================================

The fix below combines two fixes introduced above into one .diff file.
So, it is this one which is to be applied.

------- awt_FileDialog.cpp -------
*** /tmp/sccs.YUaiTA    Thu Sep  9 11:34:11 2004
--- awt_FileDialog.cpp  Thu Sep  9 11:31:54 2004
***************
*** 114,124 ****
  
  void
  AwtFileDialog::Show(void *p)
  {
      JNIEnv *env = (JNIEnv *)JNU_GetEnv(jvm, JNI_VERSION_1_2);
!     jobject peer = (jobject)p;
      WCHAR unicodeChar = L' ';
      LPTSTR fileBuffer = NULL;
      LPTSTR currentDirectory = NULL;
      AWTOPENFILENAME ofn;
      jint mode = 0;
--- 114,124 ----
  
  void
  AwtFileDialog::Show(void *p)
  {
      JNIEnv *env = (JNIEnv *)JNU_GetEnv(jvm, JNI_VERSION_1_2);
!     jobject peer;
      WCHAR unicodeChar = L' ';
      LPTSTR fileBuffer = NULL;
      LPTSTR currentDirectory = NULL;
      AWTOPENFILENAME ofn;
      jint mode = 0;
***************
*** 130,139 ****
--- 130,147 ----
      jobject fileFilter = NULL;
      jobject target = NULL;
      jobject parent = NULL;
      AwtComponent* awtParent = NULL;
  
+     /*
+      * There's a situation (see bug 4906972) when InvokeFunction (by which this method is called)
+      * returnes earlier than this method returnes. Probably it's caused due to ReplyMessage system call.
+      * So for the avoidance of this mistiming we need to make new global reference here
+      * (not local as it's used by the hook) and then manage it independently of the calling thread.
+      */
+     peer = env->NewGlobalRef((jobject)p);
+ 
      try {
          DASSERT(peer);
        target = env->GetObjectField(peer, AwtObject::targetID);
        parent = env->GetObjectField(peer, AwtFileDialog::parentID); 
        if (parent != NULL) {
***************
*** 248,257 ****
--- 256,266 ----
          env->DeleteLocalRef(parent);
          env->DeleteLocalRef(title);
          env->DeleteLocalRef(directory);
          env->DeleteLocalRef(file);
          env->DeleteLocalRef(fileFilter);
+         env->DeleteGlobalRef(peer);
  
          delete[] currentDirectory;
        delete[] fileBuffer;
        throw;
      }
***************
*** 260,269 ****
--- 269,279 ----
      env->DeleteLocalRef(parent);
      env->DeleteLocalRef(title);
      env->DeleteLocalRef(directory);
      env->DeleteLocalRef(file);
      env->DeleteLocalRef(fileFilter);
+     env->DeleteGlobalRef(peer);
  
      delete[] currentDirectory;
      delete[] fileBuffer;
  }
  
***************
*** 349,360 ****
  JNIEXPORT void JNICALL
  Java_sun_awt_windows_WFileDialogPeer__1show(JNIEnv *env, jobject peer)
  {
      TRY;
  
!     AwtToolkit::GetInstance().InvokeFunction(AwtFileDialog::Show, peer);
  
      CATCH_BAD_ALLOC;
  }
  
  JNIEXPORT void JNICALL
  Java_sun_awt_windows_WFileDialogPeer__1dispose(JNIEnv *env, jobject peer)
--- 359,378 ----
  JNIEXPORT void JNICALL
  Java_sun_awt_windows_WFileDialogPeer__1show(JNIEnv *env, jobject peer)
  {
      TRY;
  
!     /*
!      * Fix for 4906972.
!      * 'peer' reference has to be global as it's used further in another thread.
!      */
!     jobject peerGlobal = env->NewGlobalRef(peer);
  
+     AwtToolkit::GetInstance().InvokeFunction(AwtFileDialog::Show, peerGlobal);
+ 
+     env->DeleteGlobalRef(peerGlobal);
+ 
      CATCH_BAD_ALLOC;
  }
  
  JNIEXPORT void JNICALL
  Java_sun_awt_windows_WFileDialogPeer__1dispose(JNIEnv *env, jobject peer)

###@###.###  09/09/2004


======================================================================
###@###.### 2004-09-09
                                     
2004-09-09
PUBLIC COMMENTS

.
                                     
2004-09-10
CONVERTED DATA

BugTraq+ Release Management Values

COMMIT TO FIX:
tiger
tiger-beta

FIXED IN:
tiger
tiger-beta

INTEGRATED IN:
tiger-b21
tiger-b26
tiger-beta


                                     
2004-09-10



Hardware and Software, Engineered to Work Together