Bug ID: JDK-4906972 FileDialog - JVM Crashes on XP if Open button is clicked while renaming file

JDK-4906972 : FileDialog - JVM Crashes on XP if Open button is clicked while renaming file

Type: Bug
Component: client-libs
Sub-Component: java.awt
Affected Version: 1.3.1,1.4.2,5.0

Priority: P2
Status: Resolved
Resolution: Fixed
OS: windows_xp
CPU: x86

Submitted: 2003-08-14
Updated: 2004-09-08
Resolved: 2003-10-08

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

Other
1.4.2_09Fixed

Related Reports

Duplicate :	JDK-5009942 - FileDialog crashes when a name is selected for editing and cancel is pressed
Duplicate :	JDK-4925774 - Renaming file or directory in FileDialog can cause a Runtime error

Description

Name: rmT116609			Date: 08/14/2003


FULL PRODUCT VERSION :
java version "1.4.2"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2-b28)
Java HotSpot(TM) Client VM (build 1.4.2-b28, mixed mode)


FULL OS VERSION :
Microsoft Windows XP [Version 5.1.2600]

A DESCRIPTION OF THE PROBLEM :
The JVM crashes when using the class FileDialog. Occurs when a file is selected for renaming, and the open button is clicked. Only happens in XP.
Also tried on earlier version of the JDK (ver 1.3.1) bug was there also.


STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Open a FileDialog.
Goto any directory with some files in it.
Click to highlight one of these files. Click again to rename the file. Leave the filename in edit mode.. click OK

The JVM crashes

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
I would expect the renaming of the file to automatically be cancelled. And that file returned as the file to open by the dialog.

This is the behaviour on Win 2K (only other OS I have tried this on)
ACTUAL -
JVM Crashes

ERROR MESSAGES/STACK TRACES THAT OCCUR :
Unexpected Signal : EXCEPTION_ACCESS_VIOLATION (0xc0000005) occurred at PC=0x807
7CC6
Function=[Unknown.]
Library=c:\j2sdk1.4.2\jre\bin\client\jvm.dll

NOTE: We are unable to locate the function name symbol for the error
      just occurred. Please refer to release documentation for possible
      reason and solutions.


Current Java thread:
        at sun.awt.windows.WToolkit.eventLoop(Native Method)
        at sun.awt.windows.WToolkit.run(WToolkit.java:262)
        at java.lang.Thread.run(Thread.java:534)

Dynamic libraries:
0x00400000 - 0x00406000         c:\j2sdk1.4.2\bin\java.exe
0x77F50000 - 0x77FF7000         C:\WINDOWS\System32\ntdll.dll
0x77E60000 - 0x77F46000         C:\WINDOWS\system32\kernel32.dll
0x77DD0000 - 0x77E5D000         C:\WINDOWS\system32\ADVAPI32.dll
0x78000000 - 0x7807E000         C:\WINDOWS\system32\RPCRT4.dll
0x77C10000 - 0x77C63000         C:\WINDOWS\system32\MSVCRT.dll
0x08000000 - 0x08136000         c:\j2sdk1.4.2\jre\bin\client\jvm.dll
0x77D40000 - 0x77DC6000         C:\WINDOWS\system32\USER32.dll
0x77C70000 - 0x77CB0000         C:\WINDOWS\system32\GDI32.dll
0x76B40000 - 0x76B6C000         C:\WINDOWS\System32\WINMM.dll
0x5CD70000 - 0x5CD77000         C:\WINDOWS\System32\serwvdrv.dll
0x5B0A0000 - 0x5B0A7000         C:\WINDOWS\System32\umdmxfrm.dll
0x6BD00000 - 0x6BD0D000         C:\WINDOWS\System32\SYNCOR11.DLL
0x10000000 - 0x10007000         c:\j2sdk1.4.2\jre\bin\hpi.dll
0x00390000 - 0x0039E000         c:\j2sdk1.4.2\jre\bin\verify.dll
0x003A0000 - 0x003B8000         c:\j2sdk1.4.2\jre\bin\java.dll
0x003C0000 - 0x003CD000         c:\j2sdk1.4.2\jre\bin\zip.dll
0x02C60000 - 0x02D6A000         C:\j2sdk1.4.2\jre\bin\awt.dll
0x73000000 - 0x73023000         C:\WINDOWS\System32\WINSPOOL.DRV
0x76390000 - 0x763AC000         C:\WINDOWS\System32\IMM32.dll
0x771B0000 - 0x772C7000         C:\WINDOWS\system32\ole32.dll
0x5AD70000 - 0x5ADA4000         C:\WINDOWS\System32\uxtheme.dll
0x02FD0000 - 0x03020000         C:\j2sdk1.4.2\jre\bin\fontmanager.dll
0x73760000 - 0x737A4000         C:\WINDOWS\System32\ddraw.dll
0x73BC0000 - 0x73BC6000         C:\WINDOWS\System32\DCIMAN32.dll
0x73940000 - 0x73A07000         C:\WINDOWS\System32\D3DIM700.DLL
0x74720000 - 0x74764000         C:\WINDOWS\System32\MSCTF.dll
0x773D0000 - 0x77BC2000         C:\WINDOWS\system32\SHELL32.DLL
0x70A70000 - 0x70AD4000         C:\WINDOWS\system32\SHLWAPI.dll
0x71950000 - 0x71A34000         C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-C
ontrols_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
0x77340000 - 0x773CB000         C:\WINDOWS\system32\comctl32.dll
0x763B0000 - 0x763F5000         C:\WINDOWS\system32\COMDLG32.DLL
0x75F40000 - 0x75F5F000         C:\WINDOWS\system32\appHelp.dll
0x76FD0000 - 0x77048000         C:\WINDOWS\System32\CLBCATQ.DLL
0x77120000 - 0x771AB000         C:\WINDOWS\system32\OLEAUT32.dll
0x77050000 - 0x77115000         C:\WINDOWS\System32\COMRes.dll
0x77C00000 - 0x77C07000         C:\WINDOWS\system32\VERSION.dll
0x76620000 - 0x7666E000         C:\WINDOWS\System32\cscui.dll
0x76600000 - 0x7661B000         C:\WINDOWS\System32\CSCDLL.dll
0x75F80000 - 0x7607C000         C:\WINDOWS\System32\browseui.dll
0x76670000 - 0x76757000         C:\WINDOWS\System32\SETUPAPI.dll
0x75A70000 - 0x75B15000         C:\WINDOWS\system32\USERENV.dll
0x76990000 - 0x769B4000         C:\WINDOWS\System32\ntshrui.dll
0x76B20000 - 0x76B35000         C:\WINDOWS\System32\ATL.DLL
0x71C20000 - 0x71C6E000         C:\WINDOWS\System32\NETAPI32.dll
0x71700000 - 0x71849000         C:\WINDOWS\System32\shdocvw.dll
0x075D0000 - 0x075DA000         C:\Program Files\Common Files\Symantec Shared\SS
C\vpshell2.dll
0x76C90000 - 0x76CB2000         C:\WINDOWS\system32\imagehlp.dll
0x6D510000 - 0x6D58D000         C:\WINDOWS\system32\DBGHELP.dll
0x76BF0000 - 0x76BFB000         C:\WINDOWS\System32\PSAPI.DLL

Heap at VM Abort:
Heap
 def new generation   total 576K, used 270K [0x10010000, 0x100b0000, 0x104f0000)

  eden space 512K,  40% used [0x10010000, 0x10043850, 0x10090000)
  from space 64K, 100% used [0x100a0000, 0x100b0000, 0x100b0000)
  to   space 64K,   0% used [0x10090000, 0x10090000, 0x100a0000)
 tenured generation   total 1408K, used 124K [0x104f0000, 0x10650000, 0x14010000
)
   the space 1408K,   8% used [0x104f0000, 0x1050f388, 0x1050f400, 0x10650000)
 compacting perm gen  total 4096K, used 3319K [0x14010000, 0x14410000, 0x1801000
0)
   the space 4096K,  81% used [0x14010000, 0x1434dc38, 0x1434de00, 0x14410000)

Local Time = Thu Aug 14 12:49:44 2003
Elapsed Time = 49
#
# HotSpot Virtual Machine Error : EXCEPTION_ACCESS_VIOLATION
# Error ID : 4F530E43505002EF
# Please report this error at
# http://java.sun.com/cgi-bin/bugreport.cgi
#
# Java VM: Java HotSpot(TM) Client VM (1.4.2-b28 mixed mode)
#
# An error report file has been saved as hs_err_pid612.log.
# Please refer to the file for further information.
#

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
import javax.swing.*;
import java.awt.*;

public class TestFileOpen
{
    private static FileDialog openDlg;
    private static JFrame parentDlg;
    
    public static void main(String [] args)
    {
        parentDlg = new JFrame("parent window");
        parentDlg.show();
        openDlg = new FileDialog(parentDlg, "Test JVM Crash bug", FileDialog.LOAD);
        
        openDlg.show();
        
    }
}

---------- END SOURCE ----------
(Incident Review ID: 199019) 
======================================================================

Comments

CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: tiger tiger-beta FIXED IN: tiger tiger-beta INTEGRATED IN: tiger-b21 tiger-b26 tiger-beta
10-09-2004
PUBLIC COMMENTS .
10-09-2004
SUGGESTED FIX Name: atR10251 Date: 09/12/2003 ------- awt_FileDialog.cpp ------- * /tmp/sccs.3Ka4Bl Thu Sep 11 19:27:36 2003 --- awt_FileDialog.cpp Thu Sep 11 19:27:29 2003 *********** * 349,360 **** JNIEXPORT void JNICALL Java_sun_awt_windows_WFileDialogPeer__1show(JNIEnv env, jobject peer) { TRY; ! AwtToolkit::GetInstance().InvokeFunction(AwtFileDialog::Show, peer); CATCH_BAD_ALLOC; } JNIEXPORT void JNICALL Java_sun_awt_windows_WFileDialogPeer__1dispose(JNIEnv env, jobject peer) --- 349,368 ---- JNIEXPORT void JNICALL Java_sun_awt_windows_WFileDialogPeer__1show(JNIEnv env, jobject peer) { TRY; ! / ! * Fix for 4906972. ! * 'peer' reference has to be global as it's used further in another thread. ! / ! jobject peerGlobal = env->NewGlobalRef(peer); ! ! AwtToolkit::GetInstance().InvokeFunction(AwtFileDialog::Show, peerGlobal); + env->DeleteGlobalRef(peerGlobal); + CATCH_BAD_ALLOC; } JNIEXPORT void JNICALL Java_sun_awt_windows_WFileDialogPeer__1dispose(JNIEnv env, jobject peer) --------------------------- ###@###.### 2003-09-12 ====================================================================== Name: atR10251 Date: 10/03/2003 This fix compensates for the fix above (see evaluation by ###@###.### 2003-10-02). ------- awt_FileDialog.cpp ------- * /tmp/sccs.eHayEj Wed Sep 26 12:33:08 2003 --- awt_FileDialog.cpp Wed Sep 26 12:23:22 2003 *********** * 114,124 **** void AwtFileDialog::Show(void p) { JNIEnv env = (JNIEnv )JNU_GetEnv(jvm, JNI_VERSION_1_2); ! jobject peer = (jobject)p; WCHAR unicodeChar = L' '; LPTSTR fileBuffer = NULL; LPTSTR currentDirectory = NULL; AWTOPENFILENAME ofn; jint mode = 0; --- 114,124 ---- void AwtFileDialog::Show(void p) { JNIEnv env = (JNIEnv )JNU_GetEnv(jvm, JNI_VERSION_1_2); ! jobject peer; WCHAR unicodeChar = L' '; LPTSTR fileBuffer = NULL; LPTSTR currentDirectory = NULL; AWTOPENFILENAME ofn; jint mode = 0; ************* * 130,139 **** --- 130,147 ---- jobject fileFilter = NULL; jobject target = NULL; jobject parent = NULL; AwtComponent* awtParent = NULL; + /* + * There's a situation (see bug 4906972) when InvokeFunction (by which this method is called) + * returnes earlier than this method returnes. Probably it's caused due to ReplyMessage system call. + * So for the avoidance of this mistiming we need to make new global reference here + * (not local as it's used by the hook) and then manage it independently of the calling thread. + / + peer = env->NewGlobalRef((jobject)p); + try { DASSERT(peer); target = env->GetObjectField(peer, AwtObject::targetID); parent = env->GetObjectField(peer, AwtFileDialog::parentID); if (parent != NULL) { ************ * 248,257 ** --- 256,266 ---- env->DeleteLocalRef(parent); env->DeleteLocalRef(title); env->DeleteLocalRef(directory); env->DeleteLocalRef(file); env->DeleteLocalRef(fileFilter); + env->DeleteGlobalRef(peer); delete[] currentDirectory; delete[] fileBuffer; throw; } *********** * 260,269 ** --- 269,279 ---- env->DeleteLocalRef(parent); env->DeleteLocalRef(title); env->DeleteLocalRef(directory); env->DeleteLocalRef(file); env->DeleteLocalRef(fileFilter); + env->DeleteGlobalRef(peer); delete[] currentDirectory; delete[] fileBuffer; } ###@###.### 2003-10-03 ====================================================================== The fix below combines two fixes introduced above into one .diff file. So, it is this one which is to be applied. ------- awt_FileDialog.cpp ------- * /tmp/sccs.YUaiTA Thu Sep 9 11:34:11 2004 --- awt_FileDialog.cpp Thu Sep 9 11:31:54 2004 ************* * 114,124 **** void AwtFileDialog::Show(void p) { JNIEnv env = (JNIEnv )JNU_GetEnv(jvm, JNI_VERSION_1_2); ! jobject peer = (jobject)p; WCHAR unicodeChar = L' '; LPTSTR fileBuffer = NULL; LPTSTR currentDirectory = NULL; AWTOPENFILENAME ofn; jint mode = 0; --- 114,124 ---- void AwtFileDialog::Show(void p) { JNIEnv env = (JNIEnv )JNU_GetEnv(jvm, JNI_VERSION_1_2); ! jobject peer; WCHAR unicodeChar = L' '; LPTSTR fileBuffer = NULL; LPTSTR currentDirectory = NULL; AWTOPENFILENAME ofn; jint mode = 0; ************* * 130,139 **** --- 130,147 ---- jobject fileFilter = NULL; jobject target = NULL; jobject parent = NULL; AwtComponent* awtParent = NULL; + /* + * There's a situation (see bug 4906972) when InvokeFunction (by which this method is called) + * returnes earlier than this method returnes. Probably it's caused due to ReplyMessage system call. + * So for the avoidance of this mistiming we need to make new global reference here + * (not local as it's used by the hook) and then manage it independently of the calling thread. + / + peer = env->NewGlobalRef((jobject)p); + try { DASSERT(peer); target = env->GetObjectField(peer, AwtObject::targetID); parent = env->GetObjectField(peer, AwtFileDialog::parentID); if (parent != NULL) { ************ * 248,257 ** --- 256,266 ---- env->DeleteLocalRef(parent); env->DeleteLocalRef(title); env->DeleteLocalRef(directory); env->DeleteLocalRef(file); env->DeleteLocalRef(fileFilter); + env->DeleteGlobalRef(peer); delete[] currentDirectory; delete[] fileBuffer; throw; } *********** * 260,269 ** --- 269,279 ---- env->DeleteLocalRef(parent); env->DeleteLocalRef(title); env->DeleteLocalRef(directory); env->DeleteLocalRef(file); env->DeleteLocalRef(fileFilter); + env->DeleteGlobalRef(peer); delete[] currentDirectory; delete[] fileBuffer; } *********** * 349,360 **** JNIEXPORT void JNICALL Java_sun_awt_windows_WFileDialogPeer__1show(JNIEnv env, jobject peer) { TRY; ! AwtToolkit::GetInstance().InvokeFunction(AwtFileDialog::Show, peer); CATCH_BAD_ALLOC; } JNIEXPORT void JNICALL Java_sun_awt_windows_WFileDialogPeer__1dispose(JNIEnv env, jobject peer) --- 359,378 ---- JNIEXPORT void JNICALL Java_sun_awt_windows_WFileDialogPeer__1show(JNIEnv env, jobject peer) { TRY; ! / ! * Fix for 4906972. ! * 'peer' reference has to be global as it's used further in another thread. ! / ! jobject peerGlobal = env->NewGlobalRef(peer); + AwtToolkit::GetInstance().InvokeFunction(AwtFileDialog::Show, peerGlobal); + + env->DeleteGlobalRef(peerGlobal); + CATCH_BAD_ALLOC; } JNIEXPORT void JNICALL Java_sun_awt_windows_WFileDialogPeer__1dispose(JNIEnv env, jobject peer) ###@###.### 09/09/2004 ====================================================================== ###@###.### 2004-09-09
09-09-2004
EVALUATION Name: atR10251 Date: 09/11/2003 The problem is that WFileDialogPeer._show() native method passes 'peer' reference as a local reference. And this reference is used further in another thread that causes the crash. ###@###.### 2003-09-11 ====================================================================== Name: atR10251 Date: 10/03/2003 Following the steps to reproduce the problem the next Windows feature has been detected. ::SendMessage() function that is called by InvokeFunction() method returns earlier than Show() method (which is invoked)! There's an assumption that it's a result of Windows calls ::ReplyMessage() when ::SendMessage() is being processed. So mistiming is occured. In the suggested fix (###@###.### 2003-09-12) it causes that 'peerGlobal' is deleted in Java_sun_awt_windows_WFileDialogPeer__1show() but is still used inside Show() method. So to avoid this problem Show() method duplicates 'peerGlobal' to use it independently of Java_sun_awt_windows_WFileDialogPeer__1show(). ###@###.### 2003-10-02 ======================================================================
02-10-2003