United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-6385867 : JVM crash when mouse enter area of a native components embed using JNI

Details
Type:
Bug
Submit Date:
2006-02-15
Status:
Resolved
Updated Date:
2011-02-16
Project Name:
JDK
Resolved Date:
2006-04-15
Component:
client-libs
OS:
windows_xp,windows_2000
Sub-Component:
java.awt
CPU:
x86
Priority:
P2
Resolution:
Fixed
Affected Versions:
1.4.2,1.4.2_12,6
Fixed Versions:

Related Reports
Backport:
Backport:
Duplicate:
Duplicate:
Relates:

Sub Tasks

Description
FULL PRODUCT VERSION :
java version "1.6.0-rc"
Java(TM) 2 Runtime Environmnent, Standard Edition (build 1.6.0-rc-b70)
Java HotSpot(TM) Client VM (build 1.6.0-rc-b70, mixed mode, sharing)

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows 2000 [Version 5.00.2195]
Microsoft Windows Xp
All Windows platforms

EXTRA RELEVANT SYSTEM CONFIGURATION :
Sound API's used :
- NativeFmodEx (http://jerome.jouvie.free.fr/Fmod/NativeFmodEx/index.php)
- FMOD Ex (http://www.fmod.org/)

A DESCRIPTION OF THE PROBLEM :
The goal is to include native 'panel' (will be called native window in the following) in a java Canvas (java.awt.Canvas).

The native window is added in the Canvas using JNI (Java Native Interface) by getting the hwnd of the canvas and adding the native window in it.

The problem occure after the native window is added and displayed in the Canvas. This problem is :
When the mouse goes over the area in which the native window is displayed, the Mustang JVM crash somewhere in awt.dll library.


STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
- Creating a new Canvas with the height and depth of the native window to be shown in.
- Get the HWND of a Canvas using JNI.
- Adding in the HWND target the native window from a native code (c++).
- Adding the java.awt.Canvas to java.awt.Frame (or a javax.swing.JFrame).
- Move the mouse over the native window area.


EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The native window is displayed in the java.awt.Canvas and is interactive. This means that all components (buttons, menus  ...) can be used using mouse or keyboard.

Some demonstration screenshots are available here :
 http://jerome.jouvie.free.fr/Fmod/Mustang/Screenshot1.png
 http://jerome.jouvie.free.fr/Fmod/Mustang/Screenshot2.png
ACTUAL -
The native windows is well displayed but is not interactive (can't use buttons, menus ...).
When the mouse enter on the native window area, the (Mustang) JVM crash.


All is working well with actual Java 1.4 and 1.5 JRE/JDK.


ERROR MESSAGES/STACK TRACES THAT OCCUR :
#
# An unexpected error has been detected by Java Runtime Environment:
#
#  EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x6d105469, pid=2024, tid=2272
#
# Java VM: Java HotSpot(TM) Client VM (1.6.0-rc-b70 mixed mode, sharing)
# Problematic frame:
# C  [awt.dll+0x105469]
#
# If you would like to submit a bug report, please visit:
#   http://java.sun.com/webapps/bugreport/crash.jsp
#

---------------  T H R E A D  ---------------

Current thread (0x03003800):  JavaThread "AWT-Windows" daemon [_thread_in_native, id=2272]

siginfo: ExceptionCode=0xc0000005, reading address 0x00000004

Registers:
EAX=0x00000000, EBX=0x00000020, ECX=0x03003800, EDX=0x6d963250
ESP=0x0348f984, EBP=0x00450204, ESI=0x030038e4, EDI=0x00000000
EIP=0x6d105469, EFLAGS=0x00010246

  Top of Stack: (sp=0x0348f984)
0x0348f984:   77e8eb3a 00000020 02ff7ac8 6d1039ab
0x0348f994:   00000000 00450204 00000102 006801e6
0x0348f9a4:   0348f9fc 00000000 00000001 00000000
0x0348f9b4:   0348f9f0 0348f9a8 00000000 030038e4
0x0348f9c4:   0348f9f0 6d13b568 00000000 6d0fb6c8
0x0348f9d4:   00000020 00450204 02000001 00000102
0x0348f9e4:   0348fb0c 00000000 0348f9e0 0348fb5c
0x0348f9f4:   6d13b2f0 00000000 0348fa1c 77e02ca8

Instructions: (pc=0x6d105469)
0x6d105459:   51 68 85 c0 0f 8c b2 00 00 00 53 57 8b 7c 24 10
0x6d105469:   8b 47 04 85 c0 74 15 8b 0d d4 34 18 6d 8b 16 51


Stack: [0x03440000,0x03490000),  sp=0x0348f984,  free space=318k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C  [awt.dll+0x105469]

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j  sun.awt.windows.WToolkit.eventLoop()V+0
j  sun.awt.windows.WToolkit.run()V+69
j  java.lang.Thread.run()V+11
v  ~StubRoutines::call_stub

---------------  P R O C E S S  ---------------

Java Threads: ( => current thread )
  0x03053400 JavaThread "TimerQueue" daemon [_thread_blocked, id=2676]
  0x00245c00 JavaThread "DestroyJavaVM" [_thread_blocked, id=2716]
  0x03013c00 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=2260]
=>0x03003800 JavaThread "AWT-Windows" daemon [_thread_in_native, id=2272]
  0x03003000 JavaThread "AWT-Shutdown" [_thread_blocked, id=936]
  0x03002000 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=2408]
  0x02a50000 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=2704]
  0x02a4ec00 JavaThread "CompilerThread0" daemon [_thread_blocked, id=2448]
  0x02a4c800 JavaThread "Attach Listener" daemon [_thread_blocked, id=2648]
  0x02a4b800 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=2736]
  0x02a11800 JavaThread "Finalizer" daemon [_thread_blocked, id=2600]
  0x02a0d400 JavaThread "Reference Handler" daemon [_thread_blocked, id=2688]

Other Threads:
  0x02a0c000 VMThread [id=1908]
  0x02a51800 WatcherThread [id=2100]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap
 def new generation   total 960K, used 799K [0x228c0000, 0x229c0000, 0x22da0000)
  eden space 896K,  82% used [0x228c0000, 0x22977e20, 0x229a0000)
  from space 64K, 100% used [0x229a0000, 0x229b0000, 0x229b0000)
  to   space 64K,   0% used [0x229b0000, 0x229b0000, 0x229c0000)
 tenured generation   total 4096K, used 666K [0x22da0000, 0x231a0000, 0x268c0000)
   the space 4096K,  16% used [0x22da0000, 0x22e46810, 0x22e46a00, 0x231a0000)
 compacting perm gen  total 12288K, used 969K [0x268c0000, 0x274c0000, 0x2a8c0000)
   the space 12288K,   7% used [0x268c0000, 0x269b2428, 0x269b2600, 0x274c0000)
    ro space 8192K,  67% used [0x2a8c0000, 0x2ae1c9c8, 0x2ae1ca00, 0x2b0c0000)
    rw space 12288K,  56% used [0x2b0c0000, 0x2b77a450, 0x2b77a600, 0x2bcc0000)

Dynamic libraries:
0x00400000 - 0x00411000 	C:\Java\jdk1.6.0_b70\jre\bin\javaw.exe
0x78460000 - 0x784e1000 	C:\WINNT\system32\ntdll.dll
0x6d400000 - 0x6d40a000 	C:\Java\jdk1.6.0_b70\jre\bin\jli.dll
0x7c340000 - 0x7c396000 	C:\Java\jdk1.6.0_b70\jre\bin\MSVCR71.dll
0x77e70000 - 0x77f34000 	C:\WINNT\system32\KERNEL32.dll
0x78ed0000 - 0x78f32000 	C:\WINNT\system32\ADVAPI32.dll
0x770c0000 - 0x77131000 	C:\WINNT\system32\RPCRT4.DLL
0x77e00000 - 0x77e65000 	C:\WINNT\system32\USER32.dll
0x77f40000 - 0x77f7c000 	C:\WINNT\system32\GDI32.DLL
0x6d780000 - 0x6d9ba000 	C:\Java\jdk1.6.0_b70\jre\bin\client\jvm.dll
0x77540000 - 0x77571000 	C:\WINNT\system32\WINMM.dll
0x6d2f0000 - 0x6d2f8000 	C:\Java\jdk1.6.0_b70\jre\bin\hpi.dll
0x68ea0000 - 0x68eab000 	C:\WINNT\system32\PSAPI.DLL
0x6d730000 - 0x6d73c000 	C:\Java\jdk1.6.0_b70\jre\bin\verify.dll
0x6d380000 - 0x6d39f000 	C:\Java\jdk1.6.0_b70\jre\bin\java.dll
0x6d770000 - 0x6d77f000 	C:\Java\jdk1.6.0_b70\jre\bin\zip.dll
0x6d000000 - 0x6d1bf000 	C:\Java\jdk1.6.0_b70\jre\bin\awt.dll
0x777f0000 - 0x7780e000 	C:\WINNT\system32\WINSPOOL.DRV
0x793c0000 - 0x793d1000 	C:\WINNT\system32\MPR.DLL
0x75e00000 - 0x75e1a000 	C:\WINNT\system32\IMM32.dll
0x77a40000 - 0x77b37000 	C:\WINNT\system32\ole32.dll
0x10000000 - 0x10132000 	D:\Mes Documents\Mes Programmes\Music\Export\Mustang Crash\TestCase\lib\fmodex.dll
0x773e0000 - 0x773f3000 	C:\WINNT\system32\MSACM32.dll
0x78000000 - 0x78045000 	C:\WINNT\system32\MSVCRT.dll
0x74fd0000 - 0x74fd9000 	C:\WINNT\system32\WSOCK32.dll
0x74fb0000 - 0x74fc4000 	C:\WINNT\system32\WS2_32.DLL
0x74fa0000 - 0x74fa8000 	C:\WINNT\system32\WS2HELP.DLL
0x03350000 - 0x03386000 	D:\Mes Documents\Mes Programmes\Music\Export\Mustang Crash\TestCase\lib\NativeFmodEx.dll
0x51000000 - 0x51050000 	C:\WINNT\system32\ddraw.dll
0x72810000 - 0x72816000 	C:\WINNT\system32\DCIMAN32.dll
0x6d290000 - 0x6d2e2000 	C:\Java\jdk1.6.0_b70\jre\bin\fontmanager.dll
0x77580000 - 0x777cf000 	C:\WINNT\system32\shell32.dll
0x70bd0000 - 0x70c35000 	C:\WINNT\system32\SHLWAPI.DLL
0x71710000 - 0x71794000 	C:\WINNT\system32\COMCTL32.DLL
0x51080000 - 0x510e1000 	C:\WINNT\system32\dsound.dll
0x77810000 - 0x77817000 	C:\WINNT\system32\VERSION.dll
0x75950000 - 0x75956000 	C:\WINNT\system32\LZ32.DLL
0x77530000 - 0x77538000 	C:\WINNT\system32\wdmaud.drv
0x773d0000 - 0x773d8000 	C:\WINNT\system32\msacm32.drv
0x5ef80000 - 0x5ef84000 	C:\WINNT\system32\KsUser.dll
0x038d0000 - 0x039b8000 	D:\Mes Documents\Mes Programmes\Music\Export\Mustang Crash\TestCase\lib\VoxengoBeeper.dll
0x76b00000 - 0x76b3e000 	C:\WINNT\system32\comdlg32.dll
0x779a0000 - 0x77a3b000 	C:\WINNT\system32\oleaut32.dll
0x6d530000 - 0x6d543000 	C:\Java\jdk1.6.0_b70\jre\bin\net.dll
0x6d550000 - 0x6d559000 	C:\Java\jdk1.6.0_b70\jre\bin\nio.dll
0x6d3b0000 - 0x6d3b6000 	C:\Java\jdk1.6.0_b70\jre\bin\jawt.dll

VM Arguments:
jvm_args: -Djava.library.path=lib
java_command: org.jouvieje.FmodEx.Test.PluginViewer
Launcher Type: SUN_STANDARD

Environment Variables:
CLASSPATH=C:\Program Files\QuickTime 7.0.3\QTSystem\QTJava.zip
PATH=C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\Program Files\QuickTime 7.0.3\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Java\jdk1.5.0_06\bin;C:\Java\jdk1.5.0_06\jre\bin;C:\Internet\EasyPHP1-8\mysql\bin;C:\Program Files\WinRAR 3.51USERNAME=Jerome
OS=Windows_NT
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel



---------------  S Y S T E M  ---------------

OS: Windows 2000 Build 2195 Service Pack 4

CPU:total 2 family 15, cmov, cx8, fxsr, mmx, sse, sse2, ht

Memory: 4k page, physical 523756k(133164k free), swap 2027752k(1415152k free)

vm_info: Java HotSpot(TM) Client VM (1.6.0-rc-b70) for windows-x86, built on Feb  2 2006 00:31:52 by "java_re" with unknown MS VC++:1310


REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
Source code of the demonstration code is available here :
  http://jerome.jouvie.free.fr/Fmod/Mustang/TestCase.zip
File size : TestCase.zip [870 ko]

Source code for the NativeFmodEx API is available here :
  http://jerome.jouvie.free.fr/Fmod/Mustang/NativeFmodEx-src.zip
File size : NativeFmodEx-src.zip [352 ko]


For more informations, contact me at ###@###.###
---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
No way found to bypass this bug.

                                    

Comments
EVALUATION

We got the problem. Seems it's about to update a cursor on NULL component here:
awt_Component.cpp:
      case WM_SETCURSOR:
          if (LOWORD(lParam) == HTCLIENT) {
              AwtCursor::UpdateCursor(AwtComponent::GetComponent((HWND)wParam));
              mr = mrConsume;
          } else {
              mr = mrDoDefault;
          }
          break;

Don't know for now why this happens but perhaps jawt somehow affects it. Should decide if simple workaround is a good choice. Anyway we should find why wParam is 0x00000000


Here is a debug stack:
 	awt.dll!AwtCursor::UpdateCursor(AwtComponent * comp=0x00000000)  Line 192 + 0x4	C++
>	awt.dll!AwtComponent::WindowProc(unsigned int message=32, unsigned int wParam=460946, long lParam=33554433)  Line 1645 + 0x10	C++
 	awt.dll!AwtComponent::WndProc(HWND__ * hWnd=0x0005089c, unsigned int message=32, unsigned int wParam=460946, long lParam=33554433)  Line 363	C++
 	USER32.DLL!77e3a3d0() 	
 	USER32.DLL!77e14750() 	
 	USER32.DLL!77e155b0() 	
 	NTDLL.DLL!77f9ff57() 	
 	USER32.DLL!77e1480f() 	
 	USER32.DLL!77e1a877() 	
 	awt.dll!AwtToolkit::CommonPeekMessageFunc(tagMSG & msg={...})  Line 1135	C++
 	awt.dll!AwtToolkit::PumpWaitingMessages(int (tagMSG &)* lpPeekMessageFunc=0x0b5857d0)  Line 1097 + 0x23	C++
 	awt.dll!AwtToolkit::MessageLoop(void (void)* lpIdleFunc=0x0b5857a0, int (tagMSG &)* lpPeekMessageFunc=0x0b5857d0)  Line 1007	C++
 	awt.dll!Java_sun_awt_windows_WToolkit_eventLoop(JNIEnv_ * env=0x0b18d9e4, _jobject * self=0x0f8df9b4)  Line 1834	C++
 	009c9fac()	
 	jvm.dll!ThreadStateTransition::transition(JavaThread * thread=0x0b18d900, JavaThreadState from=260963152, JavaThreadState to=186177792)  Line 95 + 0x5	C++
 	jvm.dll!JavaCallWrapper::JavaCallWrapper(methodHandle callee_method={...}, Handle receiver={...}, JavaValue * result=0x0f8dfb50, Thread * __the_thread__=0x009c91e0)  Line 42	C++
 	jvm.dll!os::os_exception_wrapper(void (JavaValue *, methodHandle *, JavaCallArguments *, Thread *)* f=, JavaValue * value=, methodHandle * method=, JavaCallArguments * args=, Thread * thread=)  Line 53 + 0x10	C++
                                     
2006-02-17
WORK AROUND

Processing WM_SETCURSOR on a child so that the parent doesn't get it would probably also fix the problem.
                                     
2006-02-20
EVALUATION

It's not wParam==NULL, wParam is correct. It is GetComponent returning NULL due to a window on a different (non-toolkit) thread. This place should have a NULL check, it was missed in a cursor bug fix integrated around b08.
                                     
2006-02-20



Hardware and Software, Engineered to Work Together