United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6795060 VM crash on Linux in ICU layout library when processing \u0DDD (Sinhalese)
JDK-6795060 : VM crash on Linux in ICU layout library when processing \u0DDD (Sinhalese)

Details
Type:
Bug
Submit Date:
2009-01-16
Status:
Resolved
Updated Date:
2010-08-03
Project Name:
JDK
Resolved Date:
2009-10-07
Component:
client-libs
OS:
linux
Sub-Component:
2d
CPU:
generic
Priority:
P3
Resolution:
Fixed
Affected Versions:
6u10
Fixed Versions:

Related Reports
Backport:
Backport:
Relates:

Sub Tasks

Description
Reported on the OpenJDK 2d-dev list :
In trying to render a table of characters using their Unicode
identifiers, I found that the character \u0DDD crashes my JVM as soon
as it is rendered to a Swing component. I'm not particularly
interested in that character--I am just trying to print out different
characters in different fonts to easily track which glyphs are
available per font. I found this by accident. I'm writing to this list
as I suspect (but don't know) that it may be an issue with the font
system.

java -version
java version "1.6.0_10"
Java(TM) SE Runtime Environment (build 1.6.0_10-b33)
Java HotSpot(TM) Client VM (build 11.0-b15, mixed mode, sharing)

Ubuntu 8.10
uname -r
2.6.27-7-generic

Small app that shows the problem:
import javax.swing.*;
import javax.swing.border.LineBorder;
import java.awt.*;
import java.awt.event.ActionEvent;

public class TestChar {
    public static void main(String[] args) {
        SwingUtilities.invokeLater(new Runnable() {
            public void run() {
                new TestChar().run();
            }
        });
    }

    private void run() {
        JFrame frame = new JFrame("Test Character");
        frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
        JPanel panel = new JPanel();
        final JLabel label = new JLabel("(empty)");
        label.setSize(400, 100);
        label.setBorder(new LineBorder(Color.black));
        JButton button = new JButton("Set Char x0DDD");
        button.addActionListener(new AbstractAction() {
            public void actionPerformed(ActionEvent actionEvent) {
                label.setText(Character.toString('\u0DDD'));
            }
        });
        panel.add(button);
        panel.add(label);

        frame.getContentPane().add(panel);
        frame.pack();
        frame.setVisible(true);
    }
}

Run this, then click the button. On my Ubuntu system, clicking the
button causes an immediate crash of the VM. Have also tested on OS X
java -version
java version "1.6.0_07"
Java(TM) SE Runtime Environment (build 1.6.0_07-b06-153)
Java HotSpot(TM) 64-Bit Server VM (build 1.6.0_07-b06-57, mixed mode)

and the VM _did not crash_.

Output in the Ubuntu console following the crash is attached.



$ java -cp out/production/Samples TestChar &>out.txt
*** glibc detected *** java: free(): invalid next size (fast): 0x09db39d0 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6[0xb7f833f4]
/lib/tls/i686/cmov/libc.so.6(cfree+0x96)[0xb7f85456]
/usr/java/jdk1.6.0_10/jre/lib/i386/libfontmanager.so[0xb55c92cc]
/usr/java/jdk1.6.0_10/jre/lib/i386/libfontmanager.so[0xb55d0b22]
/usr/java/jdk1.6.0_10/jre/lib/i386/libfontmanager.so[0xb55d1e4d]
/usr/java/jdk1.6.0_10/jre/lib/i386/libfontmanager.so[0xb55cf90d]
/usr/java/jdk1.6.0_10/jre/lib/i386/libfontmanager.so(Java_sun_font_SunLayoutEngine_nativeLayout+0x24f)[0xb55d193f]

                                    

Comments
EVALUATION

I reproduced this on Fedora. It ought to crash anywhere but so far I've only
seen it crash on Linux. It isn't a bug related to a specific font since it
reliably crashes JDK on Linux in layout with various fonts, including
ones without any Indic, so its in Indic character processing.
The ICU opentype layout developer commented :
"\u0DDD is a split vowel. It splits to \u0DD9, \u0DCF, \u0DCA. \u0DCA is
SINHALA SIGN AL-LAKUNA (virama) so I guess that's related to the problem somehow."
                                     
2009-01-16
SUGGESTED FIX

Seems to be due to (and fixable by) having sinhala expansion be 4 and not 3

ICU bug #5501 http://bugs.icu-project.org/trac/ticket/5501  (has link to patch)
                                     
2009-01-31
SUGGESTED FIX

In 7, the ICU layout engine will be synced, so, this bug will only have the regression test.
                                     
2009-02-03



Hardware and Software, Engineered to Work Together