FULL PRODUCT VERSION : java version "1.7.0_04" Java(TM) SE Runtime Environment (build 1.7.0_04-b22) Java HotSpot(TM) Client VM (build 23.0-b21, mixed mode, sharing) Java(TM) Platform SE 7 U4 10.4.0.22 ADDITIONAL OS VERSION INFORMATION : Windows 7 64-bit [Version 6.1.7601] EXTRA RELEVANT SYSTEM CONFIGURATION : Firefox 13.0 (32-bit) A DESCRIPTION OF THE PROBLEM : If an applet uses netscape.javascript.JSObject to interact with JavaScript/DOM objects in its host web page, but passes null to one of JSObject's methods where a property name is expected, the browser process will crash due to a null pointer dereference in jvm.dll. STEPS TO FOLLOW TO REPRODUCE THE PROBLEM : Load an applet that calls netscape.javascript.JSObject.getMember(String) with a null member name argument. EXPECTED VERSUS ACTUAL BEHAVIOR : EXPECTED - The method call gracefully returns null or throws an appropriate exception. ACTUAL - An access violation occurs in jvm.dll, terminating the browser process. REPRODUCIBILITY : This bug can be reproduced always. ---------- BEGIN SOURCE ---------- public class CrashApplet extends java.applet.Applet { public void start() { netscape.javascript.JSObject.getWindow(this).getMember(null); } } ---------- END SOURCE ---------- CUSTOMER SUBMITTED WORKAROUND : Null-check "name" arguments before passing them to JSObject.
|