JDK-4713783 : EXCEPTION_ACCESS_VIOLATION occurred at ZIP_GetNextEntry function cause JVM exit
  • Type: Bug
  • Component: core-libs
  • Sub-Component: java.util
  • Affected Version: 1.3.1
  • Priority: P2
  • Status: Resolved
  • Resolution: Fixed
  • OS: windows_2000
  • CPU: x86
  • Submitted: 2002-07-12
  • Updated: 2003-01-07
  • Resolved: 2002-10-26
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other Other Other Other
1.3.1_07 07Fixed 1.4.0_04Fixed 1.4.1_02Fixed 1.4.2Fixed
Description

Name: wm7046			Date: 07/11/2002


FULL PRODUCT VERSION :
C:\weblogic\dev\sandbox\txie\ZipBug>java -version
java version "1.3.1_04"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.1_04-b02)
Java HotSpot(TM) Client VM (build 1.3.1_04-b02, mixed mode)

C:\weblogic\dev\sandbox\txie\ZipBug>java -version
java version "1.3.1_03"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.1_03-b03)
Java HotSpot(TM) Client VM (build 1.3.1_03-b03, mixed mode)



FULL OPERATING SYSTEM VERSION :
Windows XP, Windows 2000

EXTRA RELEVANT SYSTEM CONFIGURATION :
JDK 1.3.1_03, JDK 1.3.1_04

A DESCRIPTION OF THE PROBLEM :
A simple test case to reproduce the Violation. One is
around 5 times it gives an access_violation

C:\weblogic\dev\sandbox\txie\ZipBug>java -classpath .
ZipBug jmx.zip

java.lang.IllegalStateException: zip file closed
        at java.util.zip.ZipFile.getEntry(ZipFile.java:136)
        at ZipBug.readEntry(ZipBug.java:57)
        at ZipBug.run(ZipBug.java:44)
An unexpected exception has been detected in native code
outside the VM.
Unexpected Signal : EXCEPTION_ACCESS_VIOLATION occurred at
PC=0x6d3c7a3f
Function name=ZIP_GetNextEntry
Library=c:\java\java131\jre\bin\zip.dll

Current Java thread:
        at java.util.zip.ZipFile.freeEntry(Native Method)
        at java.util.zip.ZipFile.getEntry(ZipFile.java:146)
        at ZipBug.readEntry(ZipBug.java:57)
        at ZipBug.run(ZipBug.java:44)

Dynamic libraries:
0x00400000 - 0x00405000         c:\java\java131\bin\java.exe
0x77F50000 - 0x77FF9000         C:\WINNT\System32\ntdll.dll
0x77E60000 - 0x77F45000         C:\WINNT\system32
\kernel32.dll
0x77DD0000 - 0x77E5B000         C:\WINNT\system32
\ADVAPI32.dll
0x77CC0000 - 0x77D35000         C:\WINNT\system32\RPCRT4.dll
0x77C10000 - 0x77C63000         C:\WINNT\system32\MSVCRT.dll
0x6D420000 - 0x6D4F0000         c:\java\java131
\jre\bin\hotspot\jvm.dll
0x77D40000 - 0x77DCD000         C:\WINNT\system32\USER32.dll
0x77C70000 - 0x77CB0000         C:\WINNT\system32\GDI32.dll
0x76B40000 - 0x76B6C000         C:\WINNT\System32\WINMM.dll
0x76390000 - 0x763AA000         C:\WINNT\System32\IMM32.DLL
0x629C0000 - 0x629C8000         C:\WINNT\System32\LPK.DLL
0x72FA0000 - 0x72FFA000         C:\WINNT\System32\USP10.dll
0x10000000 - 0x10019000         C:\WINNT\System32
\NVDESK32.DLL
0x6D220000 - 0x6D227000         c:\java\java131
\jre\bin\hpi.dll
0x6D3B0000 - 0x6D3BD000         c:\java\java131
\jre\bin\verify.dll
0x6D250000 - 0x6D266000         c:\java\java131
\jre\bin\java.dll
0x6D3C0000 - 0x6D3CD000         c:\java\java131
\jre\bin\zip.dll
0x76C90000 - 0x76CB2000         C:\WINNT\system32
\imagehlp.dll
0x6D510000 - 0x6D58C000         C:\WINNT\system32
\DBGHELP.dll
0x77C00000 - 0x77C07000         C:\WINNT\system32
\VERSION.dll
0x76BF0000 - 0x76BFB000         C:\WINNT\System32\PSAPI.DLL

Local Time = Thu Jul 11 14:43:24 2002
Elapsed Time = 0
#
# The exception above was detected in native code outside
the VM
#
# Java VM: Java HotSpot(TM) Client VM (1.3.1_03-b03 mixed
mode)
#
# An error report file has been saved as hs_err_pid3040.log.
# Please refer to the file for further information.
#

C:\weblogic\dev\sandbox\txie\ZipBug>java -version
java version "1.3.1_03"
Java(TM) 2 Runtime Environment, Standard Edition (build
1.3.1_03-b03)
Java HotSpot(TM) Client VM (build 1.3.1_03-b03, mixed mode)

OR it hangs the command window with message,
C:\weblogic\dev\sandbox\txie\ZipBug>java -classpath .
ZipBug jmx.zip



****************
Another exception has been detected while we were handling
last error.
Dumping information about last error:
ERROR REPORT FILE = (N/A)
PC                = 0x6D3C7A3F
SIGNAL            = -1073741819
FUNCTION NAME     = (N/A)
LIBRARY NAME      = (N/A)
Please check ERROR REPORT FILE for further information, if
there is any.
Good bye.


STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. compile the test case enclosed,
2. java -classpath . ZipBug <zip file>


ERROR MESSAGES/STACK TRACES THAT OCCUR :
A simple test case to reproduce the Violation. One is around 5 times it gives
an access_violation

C:\weblogic\dev\sandbox\txie\ZipBug>java -classpath . ZipBug jmx.zip

java.lang.IllegalStateException: zip file closed
        at java.util.zip.ZipFile.getEntry(ZipFile.java:136)
        at ZipBug.readEntry(ZipBug.java:57)
        at ZipBug.run(ZipBug.java:44)
An unexpected exception has been detected in native code outside the VM.
Unexpected Signal : EXCEPTION_ACCESS_VIOLATION occurred at PC=0x6d3c7a3f
Function name=ZIP_GetNextEntry
Library=c:\java\java131\jre\bin\zip.dll

Current Java thread:
        at java.util.zip.ZipFile.freeEntry(Native Method)
        at java.util.zip.ZipFile.getEntry(ZipFile.java:146)
        at ZipBug.readEntry(ZipBug.java:57)
        at ZipBug.run(ZipBug.java:44)

Dynamic libraries:
0x00400000 - 0x00405000         c:\java\java131\bin\java.exe
0x77F50000 - 0x77FF9000         C:\WINNT\System32\ntdll.dll
0x77E60000 - 0x77F45000         C:\WINNT\system32\kernel32.dll
0x77DD0000 - 0x77E5B000         C:\WINNT\system32\ADVAPI32.dll
0x77CC0000 - 0x77D35000         C:\WINNT\system32\RPCRT4.dll
0x77C10000 - 0x77C63000         C:\WINNT\system32\MSVCRT.dll
0x6D420000 - 0x6D4F0000         c:\java\java131\jre\bin\hotspot\jvm.dll
0x77D40000 - 0x77DCD000         C:\WINNT\system32\USER32.dll
0x77C70000 - 0x77CB0000         C:\WINNT\system32\GDI32.dll
0x76B40000 - 0x76B6C000         C:\WINNT\System32\WINMM.dll
0x76390000 - 0x763AA000         C:\WINNT\System32\IMM32.DLL
0x629C0000 - 0x629C8000         C:\WINNT\System32\LPK.DLL
0x72FA0000 - 0x72FFA000         C:\WINNT\System32\USP10.dll
0x10000000 - 0x10019000         C:\WINNT\System32\NVDESK32.DLL
0x6D220000 - 0x6D227000         c:\java\java131\jre\bin\hpi.dll
0x6D3B0000 - 0x6D3BD000         c:\java\java131\jre\bin\verify.dll
0x6D250000 - 0x6D266000         c:\java\java131\jre\bin\java.dll
0x6D3C0000 - 0x6D3CD000         c:\java\java131\jre\bin\zip.dll
0x76C90000 - 0x76CB2000         C:\WINNT\system32\imagehlp.dll
0x6D510000 - 0x6D58C000         C:\WINNT\system32\DBGHELP.dll
0x77C00000 - 0x77C07000         C:\WINNT\system32\VERSION.dll
0x76BF0000 - 0x76BFB000         C:\WINNT\System32\PSAPI.DLL

Local Time = Thu Jul 11 14:43:24 2002
Elapsed Time = 0
#
# The exception above was detected in native code outside the VM
#
# Java VM: Java HotSpot(TM) Client VM (1.3.1_03-b03 mixed mode)
#
# An error report file has been saved as hs_err_pid3040.log.
# Please refer to the file for further information.
#

C:\weblogic\dev\sandbox\txie\ZipBug>java -version
java version "1.3.1_03"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.1_03-b03)
Java HotSpot(TM) Client VM (build 1.3.1_03-b03, mixed mode)

OR it hangs the command window with message,
C:\weblogic\dev\sandbox\txie\ZipBug>java -classpath . ZipBug jmx.zip



****************
Another exception has been detected while we were handling last error.
Dumping information about last error:
ERROR REPORT FILE = (N/A)
PC                = 0x6D3C7A3F
SIGNAL            = -1073741819
FUNCTION NAME     = (N/A)
LIBRARY NAME      = (N/A)
Please check ERROR REPORT FILE for further information, if there is any.
Good bye.


REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
import java.util.zip.*;
import java.util.Enumeration;
import java.io.IOException;
import java.util.List;
import java.util.ArrayList;
import java.util.Iterator;

/**
 * Simple class to reproduce the EXCEPTION_ACCESS_VIOLATION in ZipFile.
 * It shows the scenario where a zipFile is closed in another thread
 * while the current thread is calling getEntry()
 *
 * Usage : java ZipBug zipFile
 * (1 in 5 times we see the following exception)
 *
 * causing :
 * 1) An unexpected exception has been detected in native code outside the VM.
 * Unexpected Signal : EXCEPTION_ACCESS_VIOLATION occurred at PC=0x6d3c7a3f
 * Function name=ZIP_GetNextEntry
 * Library=c:\java\java131_03\jre\bin\zip.dll
 *
 **/
public class ZipBug extends Thread{
  
  static final int READ = 0;
  
  static final int CLOSE = 1;
  
  private int mode;

  private ZipFile zipFile ;

  private List entryList;

  public ZipBug(int mode, ZipFile zip, List list) {
    this.mode = mode;
    this.zipFile = zip;
    this.entryList = list;
  }

  public void run() {
    try {
      if (mode == READ) {
        readEntry();
      } else {
        closeZip();
      }
    } catch (IOException ioe) {
      ioe.printStackTrace();
    }
  }

  private void readEntry() {

    Iterator i = entryList.iterator();
    while (i.hasNext()) {
      ZipEntry ze = zipFile.getEntry((String)i.next());
    }
  }

  private void closeZip() throws IOException {
    String name = zipFile.getName();
    if (zipFile != null)
      zipFile.close();
    zipFile = new ZipFile(name);
  }



  public static void main(String[] args) throws Exception {
    if (args.length == 0) {
      System.out.println("Usage: java ZipBug zipFile");
      return;
    }
    
    String zipName = args[0];

    ZipFile zipFile = new ZipFile(zipName);

    Enumeration enum = zipFile.entries();
    List list = new ArrayList();
    while (enum.hasMoreElements()) {
      ZipEntry ze = (ZipEntry) enum.nextElement();
      list.add(ze.getName());
    }
    
    ZipBug zb = new ZipBug(READ, zipFile, list);
    ZipBug zb1 = new ZipBug(READ, zipFile, list);
    
    ZipBug zc = new ZipBug(CLOSE, zipFile, list);
    ZipBug zc1 = new ZipBug(CLOSE, zipFile, list);
    ZipBug zc2 = new ZipBug(CLOSE, zipFile, list);
    
    zb.start();
    zb1.start();

    zc.start();
    zc1.start();
    zc2.start();

  }

}






---------- END SOURCE ----------
(Review ID: 159257) 
======================================================================

Comments
CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: 1.3.1_07 1.4.0_04 1.4.1_02 mantis FIXED IN: 1.3.1_07 1.4.0_04 1.4.1_02 mantis INTEGRATED IN: 1.3.1_07 1.4.0_04 1.4.1_02 mantis mantis-b05 VERIFIED IN: mantis
14-06-2004

EVALUATION Also reproducible with 1.4.1 build 17 on Windows NT 4. -- ###@###.### 2002/7/12 ZipFile methods are not specified to be thread safe. If one thread calls getEntry() and another thread calls close(), then proper synchronization should be used. In any case we should avoid crashing VM. Not a bug - ZipFile is not thread safe. Use syncrhonization between close() and getEntry(). ###@###.### 2002-07-19 Pure Java code cannot under any circumstances be allowed to crash the VM. The ZipFile class must therefore be made as thread-safe as is necessary in order to avoid this. -- ###@###.### 2002/10/7 I've picked up an escalation on this bug. I tried for solution locking raw monitor in jzfile before affecting ref count. But it looks like we have to have java level lock in ZipFile. But because that may not be acceptable for performance reasons, I am still looking for a way to avoid crash. I think there are two interaction scenarios in crash. * A close call from one thread interactes with other thread's close call. (crash in freeEntry). * A close call from one thread interactes with other thread's ZIP_GetNextEntry call. ###@###.### 2002-10-09 Access to jzfile and jzentry must be synchronized. ###@###.### 2002-10-15
09-10-2002