JDK-4836462 : Mozilla crash when doing a java to javascript's applet
  • Type: Bug
  • Component: deploy
  • Sub-Component: plugin
  • Affected Version: 1.2.1,1.2.1_05,1.4.1,1.4.1_05,1.4.2
  • Priority: P1
  • Status: Closed
  • Resolution: Fixed
  • OS:
    linux,linux_redhat_8.0,solaris_8,solaris_9 linux,linux_redhat_8.0,solaris_8,solaris_9
  • CPU: x86,sparc
  • Submitted: 2003-03-24
  • Updated: 2004-11-04
  • Resolved: 2004-11-04
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other Other
1.4.1_07 07Fixed 1.4.2Fixed
Related Reports
Duplicate :  
Duplicate :  
Duplicate :  
Duplicate :  
Duplicate :  
Description
Steps to reproduce:
1. Launch Mozilla1.2.1_05 on redhat Linux8.0 with jre1.4.2_b18.
2. Open  http://www.mozilla.org/quality/browser/front-end/testcases/oji/javatojstest8.html
3. Mozilla crash and error on terminal as following:
 Exception in thread "Thread-2" Exception in thread "Thread-2"
Unexpected Signal : 11 occurred at PC=0x402081C7
Function=(null)+0x402081C7
Library=/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/i386/client/libjvm.so

NOTE: We are unable to locate the function name symbol for the error
      just occurred. Please refer to release documentation for possible
      reason and solutions.


Current Java thread:
        at sun.plugin.navig.motif.AThread.handleRequest(Native Method)
        at sun.plugin.navig.motif.AThread.JNIHandleLoop(AThread.java:35)
        at sun.plugin.navig.motif.AThread.run(AThread.java:27)

Dynamic libraries:
08048000-0804b000 r-xp 00000000 03:07 423523    
/home/haojianwen/jdks/j2sdk1.4.2/jre/bin/java_vm
0804b000-0804c000 rw-p 00002000 03:07 423523    
/home/haojianwen/jdks/j2sdk1.4.2/jre/bin/java_vm
40000000-40012000 r-xp 00000000 03:02 794992     /lib/ld-2.2.93.so
40012000-40013000 rw-p 00012000 03:02 794992     /lib/ld-2.2.93.so
40013000-4001b000 r-xp 00000000 03:07 1319340   
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/i386/native_threads/libhpi.so
4001b000-4001c000 rw-p 00007000 03:07 1319340   
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/i386/native_threads/libhpi.so
4001c000-40020000 rw-s 00000000 03:02 844708     /tmp/hsperfdata_haojianwen/21871
40020000-40023000 r--s 00000000 03:07 244345    
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/ext/dnsns.jar
40023000-40030000 r-xp 00000000 03:02 48692      /lib/i686/libpthread-0.10.so
40030000-40033000 rw-p 0000d000 03:02 48692      /lib/i686/libpthread-0.10.so
40054000-40056000 r-xp 00000000 03:02 795005     /lib/libdl-2.2.93.so
40056000-40057000 rw-p 00001000 03:02 795005     /lib/libdl-2.2.93.so
40057000-40464000 r-xp 00000000 03:07 228057    
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/i386/client/libjvm.so
40464000-40480000 rw-p 0040c000 03:07 228057    
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/i386/client/libjvm.so
40492000-404a4000 r-xp 00000000 03:02 795009     /lib/libnsl-2.2.93.so
404a4000-404a5000 rw-p 00012000 03:02 795009     /lib/libnsl-2.2.93.so
404a7000-404c8000 r-xp 00000000 03:02 48690      /lib/i686/libm-2.2.93.so
404c8000-404c9000 rw-p 00021000 03:02 48690      /lib/i686/libm-2.2.93.so
404c9000-404d6000 r--s 00000000 03:07 244347    
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/ext/ldapsec.jar
404d6000-404d7000 r-xp 00000000 03:02 1168224   
/usr/X11R6/lib/X11/locale/common/xlcUTF8Load.so.2
404d7000-404d8000 rw-p 00000000 03:02 1168224   
/usr/X11R6/lib/X11/locale/common/xlcUTF8Load.so.2
404d9000-404e2000 r-xp 00000000 03:02 795025     /lib/libnss_files-2.2.93.so
404e2000-404e3000 rw-p 00008000 03:02 795025     /lib/libnss_files-2.2.93.so
404e3000-404f3000 r-xp 00000000 03:07 1303063   
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/i386/libverify.so
404f3000-404f5000 rw-p 0000f000 03:07 1303063   
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/i386/libverify.so
404f5000-40515000 r-xp 00000000 03:07 1303064   
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/i386/libjava.so
40515000-40517000 rw-p 0001f000 03:07 1303064   
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/i386/libjava.so
40517000-4052b000 r-xp 00000000 03:07 1303066   
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/i386/libzip.so
4052b000-4052e000 rw-p 00013000 03:07 1303066   
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/i386/libzip.so
4052e000-41eb0000 r--s 00000000 03:07 895883    
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/rt.jar
41efa000-41f10000 r--s 00000000 03:07 895856    
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/sunrsasign.jar
41f10000-41fea000 r--s 00000000 03:07 895858    
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/jsse.jar
41fea000-41ffb000 r--s 00000000 03:07 895857    
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/jce.jar
41ffb000-41fff000 r-xp 00000000 03:02 973547     /usr/X11R6/lib/libXtst.so.6.1
41fff000-42000000 rw-p 00004000 03:02 973547     /usr/X11R6/lib/libXtst.so.6.1
42000000-42126000 r-xp 00000000 03:02 48688      /lib/i686/libc-2.2.93.so
42126000-4212b000 rw-p 00126000 03:02 48688      /lib/i686/libc-2.2.93.so
4212f000-42688000 r--s 00000000 03:07 895882    
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/charsets.jar
42688000-4285d000 r--s 00000000 03:07 895884    
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/plugin.jar
44905000-4490c000 r-xp 00000000 03:02 973537     /usr/X11R6/lib/libXp.so.6.2
4490c000-4490d000 rw-p 00006000 03:02 973537     /usr/X11R6/lib/libXp.so.6.2
4cb13000-4cd13000 r--p 00000000 03:02 470510     /usr/lib/locale/locale-archive
4cd13000-4ce1c000 r--p 00253000 03:02 470510     /usr/lib/locale/locale-archive
4d020000-4d03c000 r--s 00000000 03:07 244344    
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/ext/sunjce_provider.jar
4d03c000-4d0f8000 r--s 00000000 03:07 244346    
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/ext/localedata.jar
4d0f8000-4d3c3000 r-xp 00000000 03:07 1303075   
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/i386/libawt.so
4d3c3000-4d3d8000 rw-p 002ca000 03:07 1303075   
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/i386/libawt.so
4d3fe000-4d451000 r-xp 00000000 03:07 1303074   
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/i386/libmlib_image.so
4d451000-4d452000 rw-p 00052000 03:07 1303074   
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/i386/libmlib_image.so
4d452000-4d458000 r--s 00000000 03:02 1217003    /usr/lib/gconv/gconv-modules.cache
4d458000-4d461000 r-xp 00000000 03:02 1168227   
/usr/X11R6/lib/X11/locale/common/xomGeneric.so.2
4d461000-4d462000 rw-p 00008000 03:02 1168227   
/usr/X11R6/lib/X11/locale/common/xomGeneric.so.2
4d462000-4d4b0000 r-xp 00000000 03:02 973545     /usr/X11R6/lib/libXt.so.6.0
4d4b0000-4d4b4000 rw-p 0004d000 03:02 973545     /usr/X11R6/lib/libXt.so.6.0
4d4b4000-4d4c1000 r-xp 00000000 03:02 973525     /usr/X11R6/lib/libXext.so.6.4
4d4c1000-4d4c2000 rw-p 0000c000 03:02 973525     /usr/X11R6/lib/libXext.so.6.4
4d4c2000-4d59d000 r-xp 00000000 03:02 973517     /usr/X11R6/lib/libX11.so.6.2
4d59d000-4d5a0000 rw-p 000da000 03:02 973517     /usr/X11R6/lib/libX11.so.6.2
4d5a0000-4d5a8000 r-xp 00000000 03:02 973515     /usr/X11R6/lib/libSM.so.6.0
4d5a8000-4d5a9000 rw-p 00007000 03:02 973515     /usr/X11R6/lib/libSM.so.6.0
4d5a9000-4d5bd000 r-xp 00000000 03:02 973511     /usr/X11R6/lib/libICE.so.6.3
4d5bd000-4d5be000 rw-p 00013000 03:02 973511     /usr/X11R6/lib/libICE.so.6.3
4d5c0000-4d5d2000 r-xp 00000000 03:07 1303087   
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/i386/libjavaplugin_jni.so
4d5d2000-4d5d4000 rw-p 00011000 03:07 1303087   
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/i386/libjavaplugin_jni.so
4d5e8000-4d6a2000 r-xp 00000000 03:07 1303077   
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/i386/libfontmanager.so
4d6a2000-4d6bc000 rw-p 000b9000 03:07 1303077   
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/i386/libfontmanager.so
4d6bd000-4d6e9000 r-xp 00000000 03:02 1216859    /usr/lib/gconv/GB18030.so
4d6e9000-4d6ea000 rw-p 0002b000 03:02 1216859    /usr/lib/gconv/GB18030.so
4d6ea000-4d706000 r-xp 00000000 03:02 1168222   
/usr/X11R6/lib/X11/locale/common/ximcp.so.2
4d706000-4d708000 rw-p 0001b000 03:02 1168222   
/usr/X11R6/lib/X11/locale/common/ximcp.so.2
4dc93000-4dcae000 r-xp 00000000 03:07 1303073   
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/i386/libdcpr.so
4dcae000-4dcc1000 rw-p 0001a000 03:07 1303073   
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/i386/libdcpr.so
4dcc1000-4dcd1000 r-xp 00000000 03:07 1303069   
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/i386/libnet.so
4dcd1000-4dcd2000 rw-p 0000f000 03:07 1303069   
/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/i386/libnet.so
4dcd2000-4dcde000 rw-s 00000000 00:04 20840467   /SYSV00000000 (deleted)
4dcee000-4dcf9000 r-xp 00000000 03:02 795033     /lib/libnss_nisplus-2.2.93.so
4dcf9000-4dcfa000 rw-p 0000a000 03:02 795033     /lib/libnss_nisplus-2.2.93.so
4dcfa000-4dcfd000 r-xp 00000000 03:02 795022     /lib/libnss_dns-2.2.93.so
4dcfd000-4dcfe000 rw-p 00002000 03:02 795022     /lib/libnss_dns-2.2.93.so
4dcfe000-4dd0d000 r-xp 00000000 03:02 795037     /lib/libresolv-2.2.93.so
4dd0d000-4dd0e000 rw-p 0000e000 03:02 795037     /lib/libresolv-2.2.93.so

Heap at VM Abort:
Heap
 def new generation   total 576K, used 553K [0x44910000, 0x449b0000, 0x44df0000)
  eden space 512K,  99% used [0x44910000, 0x4498ffc0, 0x44990000)
  from space 64K,  64% used [0x449a0000, 0x449aa5e8, 0x449b0000)
  to   space 64K,   0% used [0x44990000, 0x44990000, 0x449a0000)
 tenured generation   total 1408K, used 1198K [0x44df0000, 0x44f50000, 0x48910000)
   the space 1408K,  85% used [0x44df0000, 0x44f1ba48, 0x44f1bc00, 0x44f50000)
 compacting perm gen  total 7424K, used 7338K [0x48910000, 0x49050000, 0x4c910000)
   the space 7424K,  98% used [0x48910000, 0x4903aa78, 0x4903ac00, 0x49050000)

Local Time = Mon Mar 17 10:47:44 2003
Elapsed Time = 669
#
# HotSpot Virtual Machine Error : 11
# Error ID : 4F530E43505002EF
# Please report this error at
# http://java.sun.com/cgi-bin/bugreport.cgi
#
# Java VM: Java HotSpot(TM) Client VM (1.4.2-beta-b18 mixed mode)
#
# An error report file has been saved as hs_err_pid21871.log.
# Please refer to the file for further information.
#
INTERNAL ERROR on Browser End: Plugin instance index out of bounds -65

System error?:: Success
[haojianwen@baseman mozilla]$ ./mozilla -debug
Exception in thread "Thread-2" Exception in thread "Thread-2"
Unexpected Signal : 11 occurred at PC=0x402081C7
Function=(null)+0x402081C7
Library=/home/haojianwen/jdks/j2sdk1.4.2/jre/lib/i386/client/libjvm.so


Name: jl125535			Date: 04/04/2003


To reproduce the failure. load the following HTML file in Netscape ((Mozilla 1.3 beta or Netscape 7.02)) on Linux with the Java plugin installed:

<html>
<script>
var x=new java.net.ServerSocket(1234);
alert(x);
</script>
</html>

(company - Netscape , email - ###@###.###)

The above comments are just for reference in case this issue ever arises again.

###@###.###  2003-04-04
(Review ID: 181282)
======================================================================

Comments
CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: 1.4.1_07 generic mantis-rc tiger FIXED IN: 1.4.1_07 mantis-rc tiger INTEGRATED IN: 1.4.1_07 mantis-b20 mantis-rc tiger tiger-b25 VERIFIED IN: 1.4.1_07
23-07-2004

EVALUATION Have to fix on JPI side. see JPI 's server.c 's JAVA_PLUGIN_SECURE_CALL: JPI have no inited the return value, and Exception happened on JVM side, so a random value is return. and at the same time JPI clear this Exception so that OJI can't get this exception to decide the return value is valid or invalid. Mozilla can only use return != 0 to decide the return value is valid or invalid, but this way don't work because a random value is return! JPI should init return value (All JNI method)! ###@###.### 2003-03-24 First I can't reproduce the crash using JRE 1.4.2 b18. Second I think this is a Mozilla bug. Mozilla should check whether the exception has been thrown or not during Javascript to Java call, should not depend on the return value to guess whether the call is successful ot not. 0 is a valid return value. Please fix in Mozilla side. ###@###.### 2003-03-24 Hi Xiaobin: First, Please reproduce this bug on Linux. Second, this exception is cleared by JPI just as it occurred (see wrapExceptionOccurred in server.c) I insert wrapExceptionOccurred just after wrapExceptionOccurred in server.c (case JAVA_PLUGIN_SECURE_CALL) the first return of wrapExceptionOccurred is TRUE, the second return is FALSE, so I think the exception is clearred by wrapExceptionOccurred. I used ExceptionOccurred on OJI side to check this exception, it can't get the exception occurred on JPI side. I think all JNI method return value should be inited to be {NULL}, or it will lead to a lot of liveconnect bugs (crash or hang). ###@###.### 2003-03-25 Okay, I can reproduce it on Redhat 8.0 and 6.1. But the browser crashes only the first time I go to that URL, if I tested some other liveconnect test first, it won't crash. This bug seems to be there for a long time, even can be reproducible on 1.4.1. The reason is somehow the Exception has been lost. So the next call will result into browser crash. I am going to perform more investigation to see what we can do to fix this. ###@###.### 2003-03-25 The cause of this bug is when JNI throws exception, our code tries to call ExceptionDescribed within ExceptionOccurred (see server.c "wrapExceptionOccurred" function). And somehow, calling ExceptionDescribed when JNIEnv is already bad causes the Exception to get lost. So Mozilla/Netscape won't get the Exception (however, JNIEnv is already bad) and continues to use the bad JNI, the effect is browser crash or hang. We need to address this bug after mantis-beta. ###@###.### 2003-03-26 can't reproduce this bug using can't reproduce on "Java(TM) Plug-in 1.4.2-internal-jdeploy_02_apr_2003_05_36" ###@###.### 2003-04-04
26-03-2003

SUGGESTED FIX JPI should init return value (All JNI method)! ###@###.### 2003-03-24 JPI should init All JNI return value! even though OJI/Liveconnect can check some exception, but the additional Exception check will reduce the performance. ###@###.### 2003-03-24
24-03-2003