JDK-4762039 : EXCEPTION_ACCESS_VIOLATION in Fontmanager.dll
  • Type: Bug
  • Component: client-libs
  • Sub-Component: 2d
  • Affected Version: 1.4.0
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • OS: windows_2000
  • CPU: x86
  • Submitted: 2002-10-11
  • Updated: 2003-02-26
  • Resolved: 2003-02-25
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
1.4.2 b17Fixed
Related Reports
Relates :  
JDK-4482430 - Unexpected exception from NativeFontWrapper.registerFonts(Native Method)
Description

Name: gm110360			Date: 10/11/2002


FULL PRODUCT VERSION :
java version "1.4.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.0-b92)
Java HotSpot(TM) Client VM (build 1.4.0-b92, mixed mode)

FULL OPERATING SYSTEM VERSION :
Microsoft Windows 2000 [Version 5.00.2195]

ADDITIONAL OPERATING SYSTEMS :
This bug occurs on all Windows versions

A DESCRIPTION OF THE PROBLEM :
sun.awt.font.NativeFontWrapper.registerFonts occasionally
traps on an illegal memory read. This occurs because the
information in the table headers in the font files -
specifically table sizes - are not checked for consistency.


STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1.Compile and run test program below, with one of the
following font files installed:

ameb____.TTF
bdbi____.TTF
bdb_____.TTF
bdri____.TTF
bd______.TTF
bl______.TTF
cpb_____.TTF

2. Let the test program run until the access violation
exception occurs, or use a debugger to verify that an
illegal memory access is in fact made in InitializeCMAPin
cmaps.cpp every time.



ERROR MESSAGES/STACK TRACES THAT OCCUR :
An unexpected exception has been detected in native code outside the VM.
Unexpected Signal : EXCEPTION_ACCESS_VIOLATION occurred at PC=0x6D1B3B4C
Function=[Unknown.]
Library=D:\j2sdk1.4.0\jre\bin\fontmanager.dll

NOTE: We are unable to locate the function name symbol for the error
      just occurred. Please refer to release documentation for possible
      reason and solutions.


Current Java thread:
	at sun.awt.font.NativeFontWrapper.registerFonts(Native Method)
	- locked <06AF6468> (a java.lang.Class)
	at FontTester.addPathFonts(FontTester.java:32)
	at FontTester.main(FontTester.java:41)

Dynamic libraries:
0x00400000 - 0x00406000 	D:\j2sdk1.4.0\bin\java.exe
0x77F80000 - 0x77FFB000 	D:\WINNT\System32\ntdll.dll
0x77DB0000 - 0x77E0D000 	D:\WINNT\system32\ADVAPI32.dll
0x77E80000 - 0x77F36000 	D:\WINNT\system32\KERNEL32.DLL
0x77D30000 - 0x77DA1000 	D:\WINNT\system32\RPCRT4.DLL
0x78000000 - 0x78046000 	D:\WINNT\system32\MSVCRT.dll
0x6D330000 - 0x6D442000 	D:\j2sdk1.4.0\jre\bin\client\jvm.dll
0x77E10000 - 0x77E75000 	D:\WINNT\system32\USER32.dll
0x77F40000 - 0x77F7C000 	D:\WINNT\system32\GDI32.DLL
0x77570000 - 0x775A0000 	D:\WINNT\System32\WINMM.dll
0x6D1D0000 - 0x6D1D7000 	D:\j2sdk1.4.0\jre\bin\hpi.dll
0x6D300000 - 0x6D30D000 	D:\j2sdk1.4.0\jre\bin\verify.dll
0x6D210000 - 0x6D228000 	D:\j2sdk1.4.0\jre\bin\java.dll
0x6D320000 - 0x6D32D000 	D:\j2sdk1.4.0\jre\bin\zip.dll
0x6D000000 - 0x6D0F6000 	D:\j2sdk1.4.0\jre\bin\awt.dll
0x77800000 - 0x7781E000 	D:\WINNT\System32\WINSPOOL.DRV
0x76620000 - 0x76630000 	D:\WINNT\system32\MPR.DLL
0x75E60000 - 0x75E7A000 	D:\WINNT\System32\IMM32.dll
0x77A50000 - 0x77B45000 	D:\WINNT\system32\ole32.dll
0x6D180000 - 0x6D1D0000 	D:\j2sdk1.4.0\jre\bin\fontmanager.dll
0x77920000 - 0x77943000 	D:\WINNT\system32\imagehlp.dll
0x72A00000 - 0x72A2D000 	D:\WINNT\system32\DBGHELP.dll
0x690A0000 - 0x690AB000 	D:\WINNT\System32\PSAPI.DLL

Local Time = Sat Sep 28 00:19:49 2002
Elapsed Time = 4
#
# The exception above was detected in native code outside the VM
#
# Java VM: Java HotSpot(TM) Client VM (1.4.0-b92 mixed mode)
#


REPRODUCIBILITY :
This bug can be reproduced occasionally.

---------- BEGIN SOURCE ----------

import java.io.*;
import java.util.*;
import sun.awt.font.*;

public class FontTester {
 static Vector vector2 = new Vector();
 static {
   vector2.add(new Vector());
 }

 static void addPathFonts(String s, FilenameFilter
   filenamefilter, int i) {
   File file = new File(s);
   String as[] = file.list(filenamefilter);
   if (as == null) {
     return;
   }
   for (int j = 0; j < as.length; j++) {
     File file1 = new File(file, as[j]);
     String s1 = null;
         try {
           s1 = file1.getCanonicalPath();
       }
         catch(IOException ex) {
           s1 = file1.getAbsolutePath();
       }

         Vector vector = new Vector(1);
     vector.addElement(s1);
     System.out.println("Registering (" + i + ") " + s1);
     NativeFontWrapper.registerFonts(vector, 1, vector2, i, false);
   }
 }

 public static void main(String[] args) {
   String directory = "d:/temp/fonts";
   for (int i = 0; i < 10000; i++) {
     System.out.println("Test Number: " + i);
     addPathFonts(directory,
       new FilenameFilter() {
       public boolean accept(File file, String s) {
         return s.endsWith(".ttf") || s.endsWith(".TTF") || s.endsWith(".ttc")
|| s.endsWith(".TTC");
       }
     }, 0);
     addPathFonts(directory,
       new FilenameFilter() {
       public boolean accept(File file, String s) {
         return s.endsWith(".ps") || s.endsWith(".PS") || s.endsWith(".pfb") ||
s.endsWith(".PFB") || s.endsWith(".pfa") || s.endsWith(".PFA");
       }
     }, 1);
     addPathFonts(directory,
       new FilenameFilter() {
       public boolean accept(File file, String s) {
         return s.endsWith(".t2k") || s.endsWith(".T2K");
       }
     }, 2);
   }
   System.out.println("Done...");
 }
}
---------- END SOURCE ----------

CUSTOMER WORKAROUND :
Uninstall corrupt font files
(Review ID: 165494) 
======================================================================
Attached font files   
###@###.### 2002-10-16
Comments
CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: mantis-beta tiger FIXED IN: mantis-beta tiger INTEGRATED IN: mantis-b17 mantis-beta tiger tiger-b03
24-08-2004
EVALUATION Font files needed. Marking as incomplete. ###@###.### 2002-10-28 Name: inR10103 Date: 02/19/2003 Fonts causing crash have same problem with CMAP table - length of last subtable seems to be random and may exceed table size. In fact subtable itself seems to be ok and its end coincidence with table end but length in the table header is not valid. BTW, all known fonts with such problem are from same source (@ 1991 Digital Typeface Corp). Proposed solution is check for this problem and ignore problematic fonts. ======================================================================
24-08-2004