United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-5002680 : GPE in com.sun.imageio.plugins.jpeg.JPEGImageReader.resetReader()

Details
Type:
Bug
Submit Date:
2004-02-25
Status:
Resolved
Updated Date:
2004-03-30
Project Name:
JDK
Resolved Date:
2004-03-30
Component:
client-libs
OS:
windows_xp
Sub-Component:
javax.imageio
CPU:
x86
Priority:
P3
Resolution:
Fixed
Affected Versions:
1.4.2
Fixed Versions:
5.0 (b45)

Related Reports
Backport:
Backport:

Sub Tasks

Description

Name: rmT116609			Date: 02/24/2004


FULL PRODUCT VERSION :
java version "1.4.2_03"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_03-b02)
Java HotSpot(TM) Client VM (build 1.4.2_03-b02, mixed mode)

java version "1.5.0-beta"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-beta-b32c)
Java HotSpot(TM) Client VM (build 1.5.0-beta-b32c, mixed mode)



ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]

A DESCRIPTION OF THE PROBLEM :
I get a crash when executing ImageReader.reset() for JPEG files. This is 100% reproducible using the included testcase.

Please try commiting a fix in Tiger as there is no known workaround for this crash.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Run testcase


ERROR MESSAGES/STACK TRACES THAT OCCUR :
An unexpected exception has been detected in native code outside the VM.
Unexpected Signal : EXCEPTION_ACCESS_VIOLATION (0xc0000005) occurred at PC=0xA592A8
Function=[Unknown.]
Library=(N/A)

NOTE: We are unable to locate the function name symbol for the error
      just occurred. Please refer to release documentation for possible
      reason and solutions.


Current Java thread:
        at com.sun.imageio.plugins.jpeg.JPEGImageReader.resetReader(Native Method)
        at com.sun.imageio.plugins.jpeg.JPEGImageReader.reset(JPEGImageReader.java:1297)
        at com.shadowcraft.desktopbeautifier.spider.Mutation.getImageDimension(Mutation.java:706)
        at com.shadowcraft.desktopbeautifier.spider.Mutation.getWallpapers(Mutation.java:332)
        at com.shadowcraft.desktopbeautifier.spider.Mutation.hitPage(Mutation.java:588)
        at com.shadowcraft.desktopbeautifier.spider.Population.main(Population.java:367)

Dynamic libraries:
0x00400000 - 0x00406000         C:\j2sdk1.4.2_03\jre\bin\java.exe
0x77F50000 - 0x77FF7000         C:\WINDOWS\System32\ntdll.dll
0x77E60000 - 0x77F46000         C:\WINDOWS\system32\kernel32.dll
0x77DD0000 - 0x77E5D000         C:\WINDOWS\system32\ADVAPI32.dll
0x78000000 - 0x78086000         C:\WINDOWS\system32\RPCRT4.dll
0x77C10000 - 0x77C63000         C:\WINDOWS\system32\MSVCRT.dll
0x08000000 - 0x08138000         C:\j2sdk1.4.2_03\jre\bin\client\jvm.dll
0x77D40000 - 0x77DCC000         C:\WINDOWS\system32\USER32.dll
0x77C70000 - 0x77CB0000         C:\WINDOWS\system32\GDI32.dll
0x76B40000 - 0x76B6C000         C:\WINDOWS\System32\WINMM.dll
0x76390000 - 0x763AC000         C:\WINDOWS\System32\IMM32.DLL
0x629C0000 - 0x629C8000         C:\WINDOWS\System32\LPK.DLL
0x72FA0000 - 0x72FFA000         C:\WINDOWS\System32\USP10.dll
0x10000000 - 0x10007000         C:\j2sdk1.4.2_03\jre\bin\hpi.dll
0x003A0000 - 0x003AE000         C:\j2sdk1.4.2_03\jre\bin\verify.dll
0x003B0000 - 0x003C9000         C:\j2sdk1.4.2_03\jre\bin\java.dll
0x003D0000 - 0x003DD000         C:\j2sdk1.4.2_03\jre\bin\zip.dll
0x02E60000 - 0x02E6F000         C:\j2sdk1.4.2_03\jre\bin\net.dll
0x71AB0000 - 0x71AC4000         C:\WINDOWS\System32\WS2_32.dll
0x71AA0000 - 0x71AA8000         C:\WINDOWS\System32\WS2HELP.dll
0x71A50000 - 0x71A8B000         C:\WINDOWS\System32\mswsock.dll
0x76F20000 - 0x76F45000         C:\WINDOWS\System32\DNSAPI.dll
0x76FB0000 - 0x76FB7000         C:\WINDOWS\System32\winrnr.dll
0x76F60000 - 0x76F8C000         C:\WINDOWS\system32\WLDAP32.dll
0x76FC0000 - 0x76FC5000         C:\WINDOWS\System32\rasadhlp.dll
0x71A90000 - 0x71A98000         C:\WINDOWS\System32\wshtcpip.dll
0x02F40000 - 0x02F63000         C:\j2sdk1.4.2_03\jre\bin\cmm.dll
0x03070000 - 0x0308E000         C:\j2sdk1.4.2_03\jre\bin\jpeg.dll
0x03090000 - 0x0319F000         C:\j2sdk1.4.2_03\jre\bin\awt.dll
0x73000000 - 0x73023000         C:\WINDOWS\System32\WINSPOOL.DRV
0x771B0000 - 0x772D1000         C:\WINDOWS\system32\ole32.dll
0x76C90000 - 0x76CB2000         C:\WINDOWS\system32\imagehlp.dll
0x6D510000 - 0x6D58D000         C:\WINDOWS\system32\DBGHELP.dll
0x77C00000 - 0x77C07000         C:\WINDOWS\system32\VERSION.dll
0x76BF0000 - 0x76BFB000         C:\WINDOWS\System32\PSAPI.DLL

Heap at VM Abort:
Heap
 def new generation   total 576K, used 448K [0x10010000, 0x100b0000, 0x104f0000)
  eden space 512K,  84% used [0x10010000, 0x1007bf28, 0x10090000)
  from space 64K,  25% used [0x10090000, 0x10094140, 0x100a0000)
  to   space 64K,   0% used [0x100a0000, 0x100a0000, 0x100b0000)
 tenured generation   total 1408K, used 230K [0x104f0000, 0x10650000, 0x14010000)
   the space 1408K,  16% used [0x104f0000, 0x10529830, 0x10529a00, 0x10650000)
 compacting perm gen  total 4096K, used 2211K [0x14010000, 0x14410000, 0x18010000)
   the space 4096K,  53% used [0x14010000, 0x14238cc8, 0x14238e00, 0x14410000)

Local Time = Sun Jan 25 20:41:05 2004
Elapsed Time = 3
#
# The exception above was detected in native code outside the VM
#
# Java VM: Java HotSpot(TM) Client VM (1.4.2_03-b02 mixed mode)
#
# An error report file has been saved as hs_err_pid2688.log.
# Please refer to the file for further information.
#

With 1.5.0-beta-b32:

Image? http://islands.com/downloads/VancouverIsland200.jpg
Image? http://islands.com/downloads/../images/smooth.gif
Image? http://islands.com/downloads/../images/blue_dot.gif
Image? http://islands.com/downloads/BigIslandHawaii200.jpg
#
# An unexpected error has been detected by HotSpot Virtual Machine:
#
#  EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x009d8d00, pid=1412, tid=808
#
# Java VM: Java HotSpot(TM) Client VM (1.5.0-beta-b32c mixed mode)
# Problematic frame:
# C  0x009d8d00
#
# An error report file with more information is saved as hs_err_pid1412.log
#
# If you would like to submit a bug report, please visit:
#   http://java.sun.com/webapps/bugreport/crash.jsp
#


REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
import java.awt.Dimension;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.HashMap;
import java.util.Iterator;
import javax.imageio.ImageIO;
import javax.imageio.ImageReader;
import javax.imageio.stream.ImageInputStream;

public class ImageIOCrash
{
  private HashMap contentTypeReaderMap = new HashMap();
  
  /**
   * Returns dimensions of image at specified URL.
   *
   * @throws IOException
   */
  public Dimension getImageDimension(URL url) throws IOException
  {
    System.out.println("Image? " + url);
    HttpURLConnection connection = (HttpURLConnection) url.openConnection();
    ImageInputStream imageIn = null;
    ImageReader reader = null;
    try
    {
           BufferedInputStream in = new BufferedInputStream(connection.getInputStream());
      String contentType = connection.getContentType();
      if (contentType==null || !contentType.startsWith("image/"))
        throw new IllegalArgumentException(contentType);
      contentType = contentType.substring("image/".length());
      if (contentTypeReaderMap.containsKey(contentType))
      {
        reader = (ImageReader) contentTypeReaderMap.get(contentType);
        reader.reset();
      }
      else
      {
        Iterator iterator = ImageIO.getImageReadersByFormatName(contentType);
        if (!iterator.hasNext())
          throw new IOException("Cannot decode image/" + contentType);
        reader = (ImageReader) iterator.next();
        contentTypeReaderMap.put(contentType, reader);
      }
      imageIn = ImageIO.createImageInputStream(in);
      reader.setInput(imageIn);
      return new Dimension(reader.getWidth(0), reader.getHeight(0));
    }
    finally
    {
      if (imageIn!=null)
        imageIn.close();
      connection.disconnect();
    }
  }
  
  /**
   * @param args the command line arguments
   */
  public static void main(String[] args)
  {
    ImageIOCrash crash = new ImageIOCrash();
    try
    {
      crash.getImageDimension(new URL("http://islands.com/downloads/VancouverIsland200.jpg"));
      crash.getImageDimension(new URL("http://islands.com/downloads/../images/smooth.gif"));
      crash.getImageDimension(new URL("http://islands.com/downloads/../images/blue_dot.gif"));
      crash.getImageDimension(new URL("http://islands.com/downloads/BigIslandHawaii200.jpg"));
    }
    catch (Exception e)
    {
      e.printStackTrace();
    }
  }
}
---------- END SOURCE ----------
(Incident Review ID: 235740) 
======================================================================

                                    

Comments
EVALUATION

Too late for Tiger.
###@###.### 2004-03-01

Name: abR10136			Date: 03/13/2004


 The problem here is what if we call reset() for JPEG image reader after
 image input stream had been closed then it causes VM crash.
 We try to push already read data back as part of the reset()
 procedure and get an IOException as result of operation on already
 closed stream.
 Crash happens because we do not set up error handling in the
 native readerReset() method.

 Solution is to initialize exception handler and in this particular case
 we may want to eat IOexception because we can not distinguish between
 legal and illegal situations (and illegal are unlikely to happen here).

======================================================================
                                     
2004-08-21
CONVERTED DATA

BugTraq+ Release Management Values

COMMIT TO FIX:
tiger-beta2

FIXED IN:
tiger-beta2

INTEGRATED IN:
tiger-b45
tiger-beta2


                                     
2004-08-21



Hardware and Software, Engineered to Work Together