JDK-5002680 : GPE in com.sun.imageio.plugins.jpeg.JPEGImageReader.resetReader()
  • Type: Bug
  • Component: client-libs
  • Sub-Component: javax.imageio
  • Affected Version: 1.4.2
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: windows_xp
  • CPU: x86
  • Submitted: 2004-02-25
  • Updated: 2004-03-30
  • Resolved: 2004-03-30
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
1.3.1_16Resolved
Description

Name: rmT116609			Date: 02/24/2004


FULL PRODUCT VERSION :
java version "1.4.2_03"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_03-b02)
Java HotSpot(TM) Client VM (build 1.4.2_03-b02, mixed mode)

java version "1.5.0-beta"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-beta-b32c)
Java HotSpot(TM) Client VM (build 1.5.0-beta-b32c, mixed mode)



ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]

A DESCRIPTION OF THE PROBLEM :
I get a crash when executing ImageReader.reset() for JPEG files. This is 100% reproducible using the included testcase.

Please try commiting a fix in Tiger as there is no known workaround for this crash.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Run testcase


ERROR MESSAGES/STACK TRACES THAT OCCUR :
An unexpected exception has been detected in native code outside the VM.
Unexpected Signal : EXCEPTION_ACCESS_VIOLATION (0xc0000005) occurred at PC=0xA592A8
Function=[Unknown.]
Library=(N/A)

NOTE: We are unable to locate the function name symbol for the error
      just occurred. Please refer to release documentation for possible
      reason and solutions.


Current Java thread:
        at com.sun.imageio.plugins.jpeg.JPEGImageReader.resetReader(Native Method)
        at com.sun.imageio.plugins.jpeg.JPEGImageReader.reset(JPEGImageReader.java:1297)
        at com.shadowcraft.desktopbeautifier.spider.Mutation.getImageDimension(Mutation.java:706)
        at com.shadowcraft.desktopbeautifier.spider.Mutation.getWallpapers(Mutation.java:332)
        at com.shadowcraft.desktopbeautifier.spider.Mutation.hitPage(Mutation.java:588)
        at com.shadowcraft.desktopbeautifier.spider.Population.main(Population.java:367)

Dynamic libraries:
0x00400000 - 0x00406000         C:\j2sdk1.4.2_03\jre\bin\java.exe
0x77F50000 - 0x77FF7000         C:\WINDOWS\System32\ntdll.dll
0x77E60000 - 0x77F46000         C:\WINDOWS\system32\kernel32.dll
0x77DD0000 - 0x77E5D000         C:\WINDOWS\system32\ADVAPI32.dll
0x78000000 - 0x78086000         C:\WINDOWS\system32\RPCRT4.dll
0x77C10000 - 0x77C63000         C:\WINDOWS\system32\MSVCRT.dll
0x08000000 - 0x08138000         C:\j2sdk1.4.2_03\jre\bin\client\jvm.dll
0x77D40000 - 0x77DCC000         C:\WINDOWS\system32\USER32.dll
0x77C70000 - 0x77CB0000         C:\WINDOWS\system32\GDI32.dll
0x76B40000 - 0x76B6C000         C:\WINDOWS\System32\WINMM.dll
0x76390000 - 0x763AC000         C:\WINDOWS\System32\IMM32.DLL
0x629C0000 - 0x629C8000         C:\WINDOWS\System32\LPK.DLL
0x72FA0000 - 0x72FFA000         C:\WINDOWS\System32\USP10.dll
0x10000000 - 0x10007000         C:\j2sdk1.4.2_03\jre\bin\hpi.dll
0x003A0000 - 0x003AE000         C:\j2sdk1.4.2_03\jre\bin\verify.dll
0x003B0000 - 0x003C9000         C:\j2sdk1.4.2_03\jre\bin\java.dll
0x003D0000 - 0x003DD000         C:\j2sdk1.4.2_03\jre\bin\zip.dll
0x02E60000 - 0x02E6F000         C:\j2sdk1.4.2_03\jre\bin\net.dll
0x71AB0000 - 0x71AC4000         C:\WINDOWS\System32\WS2_32.dll
0x71AA0000 - 0x71AA8000         C:\WINDOWS\System32\WS2HELP.dll
0x71A50000 - 0x71A8B000         C:\WINDOWS\System32\mswsock.dll
0x76F20000 - 0x76F45000         C:\WINDOWS\System32\DNSAPI.dll
0x76FB0000 - 0x76FB7000         C:\WINDOWS\System32\winrnr.dll
0x76F60000 - 0x76F8C000         C:\WINDOWS\system32\WLDAP32.dll
0x76FC0000 - 0x76FC5000         C:\WINDOWS\System32\rasadhlp.dll
0x71A90000 - 0x71A98000         C:\WINDOWS\System32\wshtcpip.dll
0x02F40000 - 0x02F63000         C:\j2sdk1.4.2_03\jre\bin\cmm.dll
0x03070000 - 0x0308E000         C:\j2sdk1.4.2_03\jre\bin\jpeg.dll
0x03090000 - 0x0319F000         C:\j2sdk1.4.2_03\jre\bin\awt.dll
0x73000000 - 0x73023000         C:\WINDOWS\System32\WINSPOOL.DRV
0x771B0000 - 0x772D1000         C:\WINDOWS\system32\ole32.dll
0x76C90000 - 0x76CB2000         C:\WINDOWS\system32\imagehlp.dll
0x6D510000 - 0x6D58D000         C:\WINDOWS\system32\DBGHELP.dll
0x77C00000 - 0x77C07000         C:\WINDOWS\system32\VERSION.dll
0x76BF0000 - 0x76BFB000         C:\WINDOWS\System32\PSAPI.DLL

Heap at VM Abort:
Heap
 def new generation   total 576K, used 448K [0x10010000, 0x100b0000, 0x104f0000)
  eden space 512K,  84% used [0x10010000, 0x1007bf28, 0x10090000)
  from space 64K,  25% used [0x10090000, 0x10094140, 0x100a0000)
  to   space 64K,   0% used [0x100a0000, 0x100a0000, 0x100b0000)
 tenured generation   total 1408K, used 230K [0x104f0000, 0x10650000, 0x14010000)
   the space 1408K,  16% used [0x104f0000, 0x10529830, 0x10529a00, 0x10650000)
 compacting perm gen  total 4096K, used 2211K [0x14010000, 0x14410000, 0x18010000)
   the space 4096K,  53% used [0x14010000, 0x14238cc8, 0x14238e00, 0x14410000)

Local Time = Sun Jan 25 20:41:05 2004
Elapsed Time = 3
#
# The exception above was detected in native code outside the VM
#
# Java VM: Java HotSpot(TM) Client VM (1.4.2_03-b02 mixed mode)
#
# An error report file has been saved as hs_err_pid2688.log.
# Please refer to the file for further information.
#

With 1.5.0-beta-b32:

Image? http://islands.com/downloads/VancouverIsland200.jpg
Image? http://islands.com/downloads/../images/smooth.gif
Image? http://islands.com/downloads/../images/blue_dot.gif
Image? http://islands.com/downloads/BigIslandHawaii200.jpg
#
# An unexpected error has been detected by HotSpot Virtual Machine:
#
#  EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x009d8d00, pid=1412, tid=808
#
# Java VM: Java HotSpot(TM) Client VM (1.5.0-beta-b32c mixed mode)
# Problematic frame:
# C  0x009d8d00
#
# An error report file with more information is saved as hs_err_pid1412.log
#
# If you would like to submit a bug report, please visit:
#   http://java.sun.com/webapps/bugreport/crash.jsp
#


REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
import java.awt.Dimension;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.HashMap;
import java.util.Iterator;
import javax.imageio.ImageIO;
import javax.imageio.ImageReader;
import javax.imageio.stream.ImageInputStream;

public class ImageIOCrash
{
  private HashMap contentTypeReaderMap = new HashMap();
  
  /**
   * Returns dimensions of image at specified URL.
   *
   * @throws IOException
   */
  public Dimension getImageDimension(URL url) throws IOException
  {
    System.out.println("Image? " + url);
    HttpURLConnection connection = (HttpURLConnection) url.openConnection();
    ImageInputStream imageIn = null;
    ImageReader reader = null;
    try
    {
           BufferedInputStream in = new BufferedInputStream(connection.getInputStream());
      String contentType = connection.getContentType();
      if (contentType==null || !contentType.startsWith("image/"))
        throw new IllegalArgumentException(contentType);
      contentType = contentType.substring("image/".length());
      if (contentTypeReaderMap.containsKey(contentType))
      {
        reader = (ImageReader) contentTypeReaderMap.get(contentType);
        reader.reset();
      }
      else
      {
        Iterator iterator = ImageIO.getImageReadersByFormatName(contentType);
        if (!iterator.hasNext())
          throw new IOException("Cannot decode image/" + contentType);
        reader = (ImageReader) iterator.next();
        contentTypeReaderMap.put(contentType, reader);
      }
      imageIn = ImageIO.createImageInputStream(in);
      reader.setInput(imageIn);
      return new Dimension(reader.getWidth(0), reader.getHeight(0));
    }
    finally
    {
      if (imageIn!=null)
        imageIn.close();
      connection.disconnect();
    }
  }
  
  /**
   * @param args the command line arguments
   */
  public static void main(String[] args)
  {
    ImageIOCrash crash = new ImageIOCrash();
    try
    {
      crash.getImageDimension(new URL("http://islands.com/downloads/VancouverIsland200.jpg"));
      crash.getImageDimension(new URL("http://islands.com/downloads/../images/smooth.gif"));
      crash.getImageDimension(new URL("http://islands.com/downloads/../images/blue_dot.gif"));
      crash.getImageDimension(new URL("http://islands.com/downloads/BigIslandHawaii200.jpg"));
    }
    catch (Exception e)
    {
      e.printStackTrace();
    }
  }
}
---------- END SOURCE ----------
(Incident Review ID: 235740) 
======================================================================

Comments
CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: tiger-beta2 FIXED IN: tiger-beta2 INTEGRATED IN: tiger-b45 tiger-beta2
2004-08-21

EVALUATION Too late for Tiger. ###@###.### 2004-03-01 Name: abR10136 Date: 03/13/2004 The problem here is what if we call reset() for JPEG image reader after image input stream had been closed then it causes VM crash. We try to push already read data back as part of the reset() procedure and get an IOException as result of operation on already closed stream. Crash happens because we do not set up error handling in the native readerReset() method. Solution is to initialize exception handler and in this particular case we may want to eat IOexception because we can not distinguish between legal and illegal situations (and illegal are unlikely to happen here). ======================================================================
2004-08-21