United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6984457 FF3.5.x crashed if the sample applet is running repeatedly
JDK-6984457 : FF3.5.x crashed if the sample applet is running repeatedly

Details
Type:
Bug
Submit Date:
2010-09-14
Status:
Closed
Updated Date:
2011-02-16
Project Name:
JDK
Resolved Date:
2011-01-27
Component:
deploy
OS:
generic
Sub-Component:
plugin
CPU:
generic
Priority:
P2
Resolution:
Fixed
Affected Versions:
5.0u25-rev
Fixed Versions:
5.0u29 (b01)

Related Reports
Backport:
Backport:

Sub Tasks

Description
The customer has developed an applet on FF3.5.8 under RHEL 3,4,5 using 1.5.0_24 JFB version

PRODUCT:java version "1.5.0_24" Java(TM) Platform, Standard Edition for Business
(build 1.5.0_24-b02) Java HotSpot(TM) Client VM (build 1.5.0_24-b02, mixed mode, sharing)

When the customer has performed some operations repeatedly in their applets, the firefox browser would be crashed abruptly. There is no core can be found even we have enabled core dump correctly on linux.

Have asked the customer to run our clock applet under $JDK_ROOT/demo/applets/Clock/example1.html, the firefox will be crashed after pressing the browser reload button around 100 times.

I've managed to reproduce the problem locally

We will see the following messages in the stdout after the browser exit / crash

INTERNAL ERROR on Browser End: Could not register plugininstance

System error?:: Success

I ran our sample applet on linux / FF3.5.12 with the latest jdk1.5.0_25-rev-b06

Please also note the japanese engineer can reproduce the problem on solaris as well. He has collected the data and analyzed the problem as follows:

He can see the behavior of UnlockInstanceIndex() by attaching a firefox-bin process.

--JavaVM5.cpp--
998 if (status == APPLET_DESTROY) {
999 m_pPluginFactory->UnlockInstanceIndex(ix);
1000 }
---------------

When the child applet window is closed, JavaPluginFactory5::UnregisterInstance() is called and plugin_instances[i] is set NULL and released. However, UnlockInstanceIndex() is not called at all...so locked_plugin_instances[i] is still "true".

Then, RegisterInstance() will be called 4 times each opened window, but plugin number get increasing only and if we open window 25times, the count will reach 100.

so he thinks we need to focus on how UnlockInstanceIndex() will be called during closing the applet winodw.

Here is the reproducible test

[case 1]
1.open <JDK_DIR>/demo/applets.html
2.click "A Clock" link in the center of window
(<JDK_DIR>/demo/applets/Clock/example1.html)
3.click back button of the brwoser
4.repeat step 2nd and 3rd 100 times

[case 2]
1.open <JDK_DIR>/demo/applets/Clock/example1.html
2.click reload button 100times

The customer's code can be found in

https://cores2-web.central.sun.com/cores/73406998/73406998_20100907/

The log and trace files can be found in

https://cores2-web.central.sun.com/cores/73406998/test_log_byHatanaka/

Thanks

                                    

Comments
EVALUATION

PluginInstanceIndex needs to be Unlocked in JavaPluginInstance5::Destroy() along with Unregister.
                                     
2010-12-02



Hardware and Software, Engineered to Work Together