JDK-6516933 : iexplore.exe crash in AwtWindow::IsFocusableWindow() in file awt_Window.cpp(1185)
  • Type: Bug
  • Component: client-libs
  • Sub-Component: java.awt
  • Affected Version: 1.4.2_06,5.0u9
  • Priority: P2
  • Status: Closed
  • Resolution: Duplicate
  • OS: windows_xp
  • CPU: x86
  • Submitted: 2007-01-24
  • Updated: 2010-07-29
  • Resolved: 2007-01-29
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
5.0u9Resolved
Related Reports
Duplicate :  
JDK-6480378 - Backport 5065001, 6259348 and others to 5.0 update release
Description
Customer keeps getting crashes of iexplore.exe when running Java applets
on Windows XP Build 2600 Service Pack 2 (IE 6.0 with SP2).
The problem is not reproducible and happens intermittently.
Customer is running 1.4.2_06, however problem also occurred with
1.5.0_09.


From hs_err_pid.log files we can see where the crash occurs.
Please find "50400961_13012007_hs_err_pid3776.log" file attached.


Stack: [0x083b0000,0x084b0000),  sp=0x084afa5c,  free space=1022k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C  [awt.dll+0xe9299]
J  sun.awt.windows.WComponentPeer.nativeHandleEvent(Ljava/awt/AWTEvent;)V
J  sun.awt.windows.WComponentPeer.handleEvent(Ljava/awt/AWTEvent;)V
J  java.awt.Component.dispatchEventImpl(Ljava/awt/AWTEvent;)V
v  ~RuntimeStub::alignment_frame_return Runtime1 stub
j  java.awt.Container.dispatchEventImpl(Ljava/awt/AWTEvent;)V+42
J  java.awt.EventQueue.dispatchEvent(Ljava/awt/AWTEvent;)V
J  java.awt.EventDispatchThread.pumpOneEventForHierarchy(ILjava/awt/Component;)Z
v  ~RuntimeStub::alignment_frame_return Runtime1 stub
j  java.awt.EventDispatchThread.pumpEventsForHierarchy(ILjava/awt/Conditional;Ljava/awt/Component;)V+26
j  java.awt.EventDispatchThread.pumpEvents(ILjava/awt/Conditional;)V+4
j  java.awt.EventDispatchThread.pumpEvents(Ljava/awt/Conditional;)V+3
j  java.awt.EventDispatchThread.run()V+9
v  ~StubRoutines::call_stub
V  [jvm.dll+0x86e84]
V  [jvm.dll+0xddead]
V  [jvm.dll+0x86d55]
V  [jvm.dll+0x86ab2]
V  [jvm.dll+0xa16b2]
V  [jvm.dll+0x10f4ac]
V  [jvm.dll+0x10f47a]
C  [msvcrt.dll+0x2a3b0]
C  [kernel32.dll+0xb683]

 Using 1.5.0_09 symbol files allows to translate address awt.dll+0xe9299
 back:

0:000> ln awt+0xe9299
../../../src/windows/native/sun/windows/awt_Window.cpp(1185)
(6d0e9270)   awt!AwtWindow::IsFocusableWindow+0x29   |  (6d0e9320)
awt!AwtWindow::_SetModalExcludedNativeProp
0:000>

 Looking into source code gives:

1180 BOOL AwtWindow::IsFocusableWindow() {
1181     JNIEnv *env = (JNIEnv *)JNU_GetEnv(jvm, JNI_VERSION_1_2);
1182     if (env->EnsureLocalCapacity(2) < 0) {
1183         return FALSE;
1184     }
1185     jobject target = GetTarget(env);         <=========================== !!!
1186     static jfieldID FocusableWindowStateID = 0;
1187     if (FocusableWindowStateID == 0) {
1188         jclass windowClass = env->GetObjectClass(target);
1189         FocusableWindowStateID = env->GetFieldID(windowClass, "focusableWindowState", "Z");
1190         env->DeleteLocalRef(windowClass);
1191     }
1192     
1193     BOOL focusability = env->GetBooleanField(target, FocusableWindowStateID);
1194     env->DeleteLocalRef(target);
1195     return focusability;
1196 }
Comments
EVALUATION The crash can happed at 'GetTarget(env)' only if 'this' is null. It looks like the object is deleted from another thread, which means this bug is a kind of problem described in 5065001/6229122. There is another change request 6480378 which is about backporting these bugs to 1.5.0 update release, so I'm closing this one as duplicate of 6480378.
29-01-2007