United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-7072601 Java 7 crashes with Internet Explorer 9
JDK-7072601 : Java 7 crashes with Internet Explorer 9

Details
Type:
Bug
Submit Date:
2011-07-29
Status:
Resolved
Updated Date:
2013-01-08
Project Name:
JDK
Resolved Date:
2011-08-17
Component:
deploy
OS:
windows_7
Sub-Component:
plugin
CPU:
x86
Priority:
P3
Resolution:
Fixed
Affected Versions:
7
Fixed Versions:
7u2 (b03)

Related Reports
Backport:
Relates:

Sub Tasks

Description
FULL PRODUCT VERSION :
java version "1.7.0"
Java(TM) SE Runtime Environment (build 1.7.0-b147)
Java HotSpot(TM) 64-Bit Server VM (build 21.0-b17, mixed mode)

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7601]

A DESCRIPTION OF THE PROBLEM :
After installing Java 7, Internet Explorer 9 crashes when opening some applets.

REGRESSION.  Last worked in version 6u26

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Compile JavaVersionApplet.java
2. Open java-version.html with Internet Explorer 9

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Install Java version is displayed

ERROR MESSAGES/STACK TRACES THAT OCCUR :
Internet Explorer 9 reports "A problem with this webpage caused Internet Explorer to close and reopen the tab."

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
JavaVersionApplet.java:

import java.applet.Applet;
public class JavaVersionApplet extends Applet {
	public static String getJavaVersion() {
		return System.getProperty("java.version");
	}
}

java-version.html:

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<title>Java Version Check</title>
<script type="text/javascript">
function getJavaVersion() {
	var javaVersion=document.getElementById("javaVersion");
	javaVersion.innerHTML="Loading..."
	var verionCheckApplet=document.getElementById("verionCheckApplet");
	javaVersion.innerHTML=("getJavaVersion" in verionCheckApplet)?verionCheckApplet.getJavaVersion():"Not Installed";
}
</script>
</head>
<body onload="getJavaVersion()">
<h1>Java Version Check</h1>
<p id="javaVersion">JavaScript Required</p>
<object id="verionCheckApplet" type="application/x-java-applet" width="0" height="0"><param name="code" value="JavaVersionApplet.class" /></object>
</body>
</html>
---------- END SOURCE ----------

                                    

Comments
EVALUATION

Problem also reproduced with 32-bit config. (JRE/ win7/ IE9).

Initial call stack at crash (without symbols) as follows:
>	jp2iexp.dll!6d99449e() 	
 	[Frames below may be incorrect and/or missing, no symbols loaded for jp2iexp.dll]	
 	mshtml.dll!67436483() 	
 	mshtml.dll!67362ee9() 	
 	mshtml.dll!67362e70() 	
 	mshtml.dll!673ef410() 	
 	jscript9.dll!67171ece() 	
 	jscript9.dll!670b840a() 	
 	jscript9.dll!670b8396() 	
 	jscript9.dll!67172bf6() 	
 	mshtml.dll!675a2901() 	
 	mshtml.dll!6766edfe() 	
 	mshtml.dll!67658e1c() 	
 	mshtml.dll!675165c1() 	
 	mshtml.dll!674e003c() 	
 	mshtml.dll!6765a169() 	
 	mshtml.dll!676795e0() 	
 	user32.dll!770486ef() 	
 	user32.dll!77048876() 	
 	user32.dll!7704881f() 	
 	user32.dll!770489b5() 	
 	user32.dll!77048e9c() 	
 	ieframe.dll!6f0c1b83()
                                     
2011-08-01
SUGGESTED FIX

webrev: http://sa.sfbay.sun.com/projects/deployment_data/7-client/7072601/

Note that in the first section of the fix (lines 1718 - 1729): 
When javascript is about to call an applet's method, wFlags is DISPATCH_METHOD.
Since we're calling an applet's method, we're ok not to get into the "if" block and set those m_dpOnLoad, etc.
In this case, with IE8 pdispparams->rgvarg is non-zero but with IE9 pdispparams->rgvarg is 0.
                                     
2011-08-04
EVALUATION

The crash is reproducible with IE9 only; the testcase ran fine with IE8.

From oleauto.h,
#define V_VT(X)         ((X)->vt) 
the problem is due to null is passed into V_VT().

The fix is to add null check before calling V_VT().
                                     
2011-08-04



Hardware and Software, Engineered to Work Together