JDK-7072601 : Java 7 crashes with Internet Explorer 9
  • Type: Bug
  • Component: deploy
  • Sub-Component: plugin
  • Affected Version: 7
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: windows_7
  • CPU: x86
  • Submitted: 2011-07-29
  • Updated: 2013-01-08
  • Resolved: 2011-08-17
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 7 JDK 8
7u2 b03Fixed 8Fixed
Related Reports
Relates :  
Description
FULL PRODUCT VERSION :
java version "1.7.0"
Java(TM) SE Runtime Environment (build 1.7.0-b147)
Java HotSpot(TM) 64-Bit Server VM (build 21.0-b17, mixed mode)

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7601]

A DESCRIPTION OF THE PROBLEM :
After installing Java 7, Internet Explorer 9 crashes when opening some applets.

REGRESSION.  Last worked in version 6u26

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Compile JavaVersionApplet.java
2. Open java-version.html with Internet Explorer 9

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Install Java version is displayed

ERROR MESSAGES/STACK TRACES THAT OCCUR :
Internet Explorer 9 reports "A problem with this webpage caused Internet Explorer to close and reopen the tab."

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
JavaVersionApplet.java:

import java.applet.Applet;
public class JavaVersionApplet extends Applet {
	public static String getJavaVersion() {
		return System.getProperty("java.version");
	}
}

java-version.html:

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<title>Java Version Check</title>
<script type="text/javascript">
function getJavaVersion() {
	var javaVersion=document.getElementById("javaVersion");
	javaVersion.innerHTML="Loading..."
	var verionCheckApplet=document.getElementById("verionCheckApplet");
	javaVersion.innerHTML=("getJavaVersion" in verionCheckApplet)?verionCheckApplet.getJavaVersion():"Not Installed";
}
</script>
</head>
<body onload="getJavaVersion()">
<h1>Java Version Check</h1>
<p id="javaVersion">JavaScript Required</p>
<object id="verionCheckApplet" type="application/x-java-applet" width="0" height="0"><param name="code" value="JavaVersionApplet.class" /></object>
</body>
</html>
---------- END SOURCE ----------

Comments
EVALUATION The crash is reproducible with IE9 only; the testcase ran fine with IE8. From oleauto.h, #define V_VT(X) ((X)->vt) the problem is due to null is passed into V_VT(). The fix is to add null check before calling V_VT().
2011-08-04

SUGGESTED FIX webrev: http://sa.sfbay.sun.com/projects/deployment_data/7-client/7072601/ Note that in the first section of the fix (lines 1718 - 1729): When javascript is about to call an applet's method, wFlags is DISPATCH_METHOD. Since we're calling an applet's method, we're ok not to get into the "if" block and set those m_dpOnLoad, etc. In this case, with IE8 pdispparams->rgvarg is non-zero but with IE9 pdispparams->rgvarg is 0.
2011-08-04

EVALUATION Problem also reproduced with 32-bit config. (JRE/ win7/ IE9). Initial call stack at crash (without symbols) as follows: > jp2iexp.dll!6d99449e() [Frames below may be incorrect and/or missing, no symbols loaded for jp2iexp.dll] mshtml.dll!67436483() mshtml.dll!67362ee9() mshtml.dll!67362e70() mshtml.dll!673ef410() jscript9.dll!67171ece() jscript9.dll!670b840a() jscript9.dll!670b8396() jscript9.dll!67172bf6() mshtml.dll!675a2901() mshtml.dll!6766edfe() mshtml.dll!67658e1c() mshtml.dll!675165c1() mshtml.dll!674e003c() mshtml.dll!6765a169() mshtml.dll!676795e0() user32.dll!770486ef() user32.dll!77048876() user32.dll!7704881f() user32.dll!770489b5() user32.dll!77048e9c() ieframe.dll!6f0c1b83()
2011-08-01