JDK-6390352 : SIGBUS in libzip.so when using java.util.zip
  • Type: Bug
  • Component: core-libs
  • Sub-Component: java.util.jar
  • Affected Version: 5.0
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • OS: solaris_9
  • CPU: sparc
  • Submitted: 2006-02-24
  • Updated: 2011-02-16
  • Resolved: 2006-03-14
Related Reports
Duplicate :  
Relates :  
Relates :  
Relates :  
Description
FULL PRODUCT VERSION :
java version "1.4.2_10"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_10-b03)
Java HotSpot(TM) Client VM (build 1.4.2_10-b03, mixed mode)

and

java version "1.5.0_06"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05)
Java HotSpot(TM) Server VM (build 1.5.0_06-b05, mixed mode)


FULL OS VERSION :
Linux envit002256 2.6.15-1.1831_FC4smp #1 SMP Tue Feb 7 13:48:31 EST 2006 i686 i686 i386 GNU/Linux

and

SunOS auton 5.9 Generic_118558-17 sun4u sparc SUNW,Sun-Fire-V240


A DESCRIPTION OF THE PROBLEM :
Java virtual machine gets SIGBUS using only Sun java classes [no dynamically linked proprietary code].

Problem occurs with 1.4 and 1.5 virtual machines, and haven't tried earlier virtual machines.

THE PROBLEM WAS REPRODUCIBLE WITH -Xint FLAG: Yes

THE PROBLEM WAS REPRODUCIBLE WITH -server FLAG: Yes

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
To reproduce this problem you need some zip files with certain content. 

In the following archive you'll find a small program with source and a zip file.
  http://www.aaa.net.au/campbell/bug.zip

Download the above, unzip it and run it like this:

[dcampbel@auton]~/bug> unzip bug.zip
Archive:  bug.zip
  inflating: ReportApplicationDtds.java
  inflating: ReportApplicationDtds.class
   creating: tmp/
   creating: tmp/wars/
   creating: tmp/ejb_jars/
   creating: tmp/ears/
  inflating: tmp/ears/SDBWeb.ear
  inflating: Filter.class
[dcampbel@auton]~/bug> /usr/java1.5/bin/java -classpath . ReportApplicationDtds tmp
about to parse META-INF/application.xml in  in SDBWeb.ear
"SDBWeb.ear","","META-INF/application.xml","1.2","1.2","dtd"
about to parse META-INF/application-borland.xml in  in SDBWeb.ear
"SDBWeb.ear","","META-INF/application-borland.xml","1.3","1.3","dtd"
about to parse META-INF/application.xml in SDBWeb.ear
about to parse WEB-INF/web.xml in SDBWeb.war in SDBWeb.ear
"SDBWeb.ear","SDBWeb.war","WEB-INF/web.xml","2.3","2.3","dtd"
about to parse WEB-INF/web-borland.xml in SDBWeb.war in SDBWeb.ear
"SDBWeb.ear","SDBWeb.war","WEB-INF/web-borland.xml","2.3","2.3","dtd"
#
# An unexpected error has been detected by HotSpot Virtual Machine:
#
#  SIGBUS (0xa) at pc=0xfe702ee8, pid=5204, tid=1
#
# Java VM: Java HotSpot(TM) Server VM (1.5.0_06-b05 mixed mode)
# Problematic frame:
# C  [libzip.so+0x2ee8]
#
# An error report file with more information is saved as hs_err_pid5204.log
#
# If you would like to submit a bug report, please visit:
#   http://java.sun.com/webapps/bugreport/crash.jsp
#
Abort (core dumped)


EXPECTED VERSUS ACTUAL BEHAVIOR :
Occasionally, instead of bombing the JVM, you get one of these exceptions:

Exception in thread "main" java.util.zip.ZipException: oversubscribed dynamic bit lengths tree
        at java.util.zip.InflaterInputStream.read(InflaterInputStream.java:140)
        at java.io.FilterInputStream.read(FilterInputStream.java:111)
        at java.io.PushbackInputStream.read(PushbackInputStream.java:161)
        at java.io.FilterInputStream.read(FilterInputStream.java:90)
        at org.apache.crimson.parser.XmlReader.<init>(XmlReader.java:248)
        at org.apache.crimson.parser.XmlReader.createReader(XmlReader.java:125)
        at org.apache.crimson.parser.InputEntity.init(InputEntity.java:215)
        at org.apache.crimson.parser.Parser2.parseInternal(Parser2.java:471)
        at org.apache.crimson.parser.Parser2.parse(Parser2.java:305)
        at org.apache.crimson.parser.XMLReaderImpl.parse(XMLReaderImpl.java:442)
        at org.apache.crimson.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:185)
        at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:98)
        at ReportApplicationDtds.showResults(ReportApplicationDtds.java:66)
        at ReportApplicationDtds.showResults(ReportApplicationDtds.java:114)
        at ReportApplicationDtds.showWarResults(ReportApplicationDtds.java:124)
        at ReportApplicationDtds.main(ReportApplicationDtds.java:274)

Exception in thread "main" java.util.zip.ZipException: invalid stored block lengths
        at java.util.zip.InflaterInputStream.read(InflaterInputStream.java:140)
        at java.io.FilterInputStream.read(FilterInputStream.java:111)
        at java.io.PushbackInputStream.read(PushbackInputStream.java:161)
        at java.io.FilterInputStream.read(FilterInputStream.java:90)
        at org.apache.crimson.parser.XmlReader.<init>(XmlReader.java:248)
        at org.apache.crimson.parser.XmlReader.createReader(XmlReader.java:125)
        at org.apache.crimson.parser.InputEntity.init(InputEntity.java:215)
        at org.apache.crimson.parser.Parser2.parseInternal(Parser2.java:471)
        at org.apache.crimson.parser.Parser2.parse(Parser2.java:305)
        at org.apache.crimson.parser.XMLReaderImpl.parse(XMLReaderImpl.java:442)
        at org.apache.crimson.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:185)
        at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:98)
        at ReportApplicationDtds.showResults(ReportApplicationDtds.java:66)
        at ReportApplicationDtds.showResults(ReportApplicationDtds.java:114)
        at ReportApplicationDtds.showWarResults(ReportApplicationDtds.java:124)
        at ReportApplicationDtds.main(ReportApplicationDtds.java:274)

ERROR MESSAGES/STACK TRACES THAT OCCUR :
The output of Java 1.4.2_10 on linux and the output of Java 1.5.0_06-b05 on Solaris 9 is attached seperatly.

REPRODUCIBILITY :
This bug can be reproduced often.

---------- BEGIN SOURCE ----------
This problem is obscure.  It only happens with zip files of a certain size or flavour, so the example I reference from this case will illustrate everything for you.  See the "steps to reproduce" description I have provided.
---------- END SOURCE ----------

Comments
WORK AROUND As an alternate workaround, extract each war (etc) into a different temp file: 214,215d213 < File temp = File.createTempFile("stat", "tmp"); < 248a247 > File temp = File.createTempFile("stat", "tmp"); 251a251 > temp.delete(); 264a265 > System.out.println("len2=" + len2 + ", len3=" + len3); 271a273 > File temp = File.createTempFile("stat", "tmp"); 274a277 > temp.delete(); 284d286 < temp.delete();
14-03-2006

EVALUATION The zip file instances returned by showResults are never closed, and the underlying zip file itself is overwritten. Our implementation mmaps the central directory of each zip file (on Solaris & Linux), so accesses after the first fail because cached information about the mmap'd file no longer reflects the actual, changed file.
14-03-2006

WORK AROUND Change as ReportApplicationDtds.java as follows: 274c274,276 < showWarResults(builder, temp, fileName, innerFileName); --- > ZipFile z = showWarResults(builder, temp, fileName, innerFileName); > if (z != null) > z.close();
10-03-2006

EVALUATION The immediate problem appears to be that multiple instances of ZipFile are simultaneously open on the same underlying file: each subsequent invocation of showResults(DocumentBuilder builder, File file, String fileName, String innerFileName, String vendorNeutralDescriptor, String vendorDescriptor1, String vendorDescriptor2) creates a new ZipFile instance on the given file, but that is never closed. See the workaround.
10-03-2006