Bug ID: JDK-4379151 JDK1.4 Crashes - SEGV in DragMotionProto

JDK-4379151 : JDK1.4 Crashes - SEGV in DragMotionProto

Type: Bug
Component: client-libs
Sub-Component: java.awt
Affected Version: 2.0,1.2.0,1.3.0,1.4.0

Priority: P2
Status: Resolved
Resolution: Fixed
OS: solaris_2.6,solaris_7,solaris_8
CPU: x86,sparc

Submitted: 2000-10-13
Updated: 2001-03-09
Resolved: 2001-01-29

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

Other	Other
1.3.1 rc1Fixed	1.4.0Fixed

Related Reports

Duplicate :

JDK-4313374 - JCK-runtime-13rc1 drag and drop test hangs the terminal

Description

After selecting and pasting back to the unwritable textarea, jvm crashes.
To recreate:
1. Get into CDE or openwin.
2. /net/ctech48/export/home/projects/eztask.sh &
3. Click on Domain button, and choose dklee4 and then click visit.
4. Select the tab called Journal from the top.
5.  Click on ctech5 or other machine that will show full text over the textarea on the right.
6. Select the whole text area by dragging the mouse with left button pressed, and then click on the left mouse button as soon as you let go of dragging.
7. Mouse input will freeze until jvm crashes:

An unexpected exception has been detected in native code outside the VM.
# Program counter=0xf7cb6234
#
# Problematic Thread: prio=5 tid=0xab4b0 nid=0xc runnable 
#

The trace of the core dumps is:
core file header read successfully
detected a multithreaded program
t@12 (l@1) terminated by signal ABRT (Abort)
current thread: t@12
=>[1] __sigprocmask(0x0, 0xf7880a40, 0x0, 0xffffffff, 0xffffffff, 0x0), at 0xff369968
  [2] _resetsig(0xff37c524, 0x0, 0xf7881dc8, 0x0, 0x0, 0xf7881e44), at 0xff35f1e8
  [3] _sigon(0xff381120, 0xff380fa0, 0xf7881e3c, 0xf7880b14, 0x6, 0xc), at 0xff35e934
  [4] _thrp_kill(0x0, 0xc, 0x6, 0xff37c524, 0xf7881dc8, 0xff380924), at 0xff3617ac
  [5] abort(0xff332320, 0xf7880c0c, 0x0, 0x0, 0x0, 0xf7880c2d), at 0xff2b9380
  [6] __1cbBhandle_unexpected_exception6FpnGThread_ipnHsiginfo_pC4_v_(0xfe7858f0, 0xb, 0xf78811d0, 0xf7cb6234, 0xf7cb6234, 0x0), at 0xfe5e9118
  [7] JVM_handle_solaris_signal(0xfe7858f0, 0xf7cb6234, 0xf7cb6234, 0x0, 0xf7cb6234, 0x1c1798), at 0xfe5ec720
  [8] __libthread_segvhdlr(0xb, 0xf78811d0, 0xf7880f18, 0xff37c524, 0x0, 0x0), at 0xff368f5c
  [9] __sighndlr(0xb, 0xf78811d0, 0xf7880f18, 0xff368e7c, 0xf7881e4c, 0xf7881e2c), at 0xff36b920
  ---- called from signal handler with signal 11 (SIGSEGV) ------
  [10] DragMotionProto(), at 0xf7cb6234
  [11] FinishAction(0x520588, 0x19f5f8, 0xf7d780ec, 0x0, 0xf7881790, 0xc), at 0xf7cb67dc
  [12] HandleActions(0x0, 0x520588, 0x518060, 0xfc0fa124, 0x5124e4, 0xfc0fa11c), at 0xfc0c1c28
  [13] HandleSimpleState(0x8, 0x514c20, 0x1, 0x2, 0xfc0fa11c, 0x1), at 0xfc0c0a48
  [14] _XtTranslateEvent(0x520588, 0x0, 0xfc0f4000, 0x5205b8, 0xa70, 0x0), at 0xfc0c0520
  [15] XtDispatchEventToWidget(0x1, 0xf7881790, 0xfc0f4000, 0x0, 0x0, 0x8), at 0xfc0c0454
  [16] _XtDefaultDispatcher(0xf7881790, 0x8, 0x0, 0x198f34, 0x0, 0x518198), at 0xfc0bfce0
  [17] XtDispatchEvent(0xf7881790, 0x0, 0xfc0bf940, 0xfc0f4000, 0x0, 0x1), at 0xfc0bf808
  [18] processOneEvent(0x3, 0x3, 0x3, 0x1, 0x1c181c, 0x0), at 0xf7e4d670
  [19] awt_MToolkit_loop(0x1c181c, 0xf7ebe550, 0xf7881a10, 0xf7ed26dc, 0xf7ee2780, 0xc), at 0xf7e4cfac
  [20] 0xfc4082ec(0xf82b5790, 0xfc408154, 0xfe7b8dec, 0xfe7858f0, 0x1c1798, 0x0), at 0xfc4082eb
  [21] 0xfc405768(0x0, 0x38, 0xfe7b8dec, 0xfc4104d8, 0x3400, 0x1b5560), at 0xfc405767
  [22] 0xfc400438(0xf7881a30, 0xf7881c68, 0xa, 0xfa0176b0, 0xfc40746c, 0xf7881bb4), at 0xfc400437
  [23] __1cJJavaCallsLcall_helper6FpnJJavaValue_pnMmethodHandle_pnRJavaCallArguments_pnGThread__v_(0xf7881c60, 0xfe7858f0, 0xf7881bac, 0x1c1798, 0xfc40746c, 0xf7881c68), at 0xfe53ffc8
  [24] __1cJJavaCallsMcall_virtual6FpnJJavaValue_nLKlassHandle_nMsymbolHandle_4pnRJavaCallArguments_pnGThread__v_(0xfa018328, 0xf7881b98, 0xf7881b9c, 0xfe7858f0, 0xf7881c60, 0xf7881bac), at 0xfe53f660
  [25] __1cJJavaCallsMcall_virtual6FpnJJavaValue_nGHandle_nLKlassHandle_nMsymbolHandle_5pnGThread__v_(0xf7881c60, 0xf7881c5c, 0xf7881c58, 0xf7881c4c, 0xf7881c44, 0x1c1798), at 0xfe53f6d0
  [26] cMthread_entry6FpnKJavaThread_pnGThread__v_(0xfa018328, 0x1c1798, 0xfe7858f0, 0x0, 0x0, 0x0), at 0xfe5719d8
  [27] __1cKJavaThreadDrun6M_v_(0xf7802000, 0xfe790190, 0xfe7858f0, 0x80000, 0x1c1798, 0x80000), at 0xfe63a968
  [28] _start(0xfe7858f0, 0xff253d68, 0x0, 0xf7981e54, 0x1, 0xfe401000), at 0xfe5e5ea4

Comments

CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: ladybird merlin-beta FIXED IN: ladybird-rc1 merlin-beta INTEGRATED IN: ladybird-rc1 merlin-beta

14-06-2004

EVALUATION I assume this is drag+drop. eric.hawkes@eng 2000-12-10 I have attached a core file which shows the same stack trace. The core is based on my own build and was generated using the test case attached to 4313374. david.mendenhall@east 2000-12-12 Adding patches from /net/crumple.eng/export/nc-re/pkgs/n6_solpatches/PR3/n6-patches-s7-sparc.tar seems to remove the problem. After installing the patches from there, I couldn't reproduce the problem at all on solaris 2.7. Dong-Kyu.Lee@Eng 2001-01-19 This tar file includes the following patches: 106300-09 SunOS 5.7: Shared library patch for 64bit C++ 106327-08 SunOS 5.7: Shared library patch for C++ 106541-11 SunOS 5.7: Kernel update patch 106950-09 SunOS 5.7: Linker patch 106980-10 SunOS 5.7: libthread patch 107081-20 Motif 1.2.7 and 2.1.1: Runtime library patch for Solaris 7 107153-01 SunOS 5.7: There are three characters missed in zh.GBK songti.ttf 107544-03 SunOS 5.7: /usr/lib/fs/ufs/fsck patch 107636-05 SunOS 5.7: X Input & Output Method patch 108376-07 OpenWindows 3.6.1: Xsun Patch 109104-01 Obsoleted by: 106541-14 SunOS 5.7: /kernel/fs/sockfs patch Likely bug fix candiates from 107081-20: 4342603 _XmIEndUpdate() core dumps when event processing is delayed 4318757 crash in drag and drop Looking at these two bugs, 4318757 looks *exactly* like the crash we saw in this bug. 4318757 was fixed in 105284-34 (Solaris 2.6, sparc) 105285-34 (Solaris 2.6, i386) 107081-16 (Solaris 7, sparc) 107082-16 (Solaris 7, i386) 108940-02 (Solaris 8, sparc) 108941-02 (Solaris 8, i386) Later versions of these patches are already on the required patch lists for ladybird and merlin. I suspect this bug can be closed. david.mendenhall@east 2001-01-19 It occurred to me that I should check to see if the Motif source we use for the Linux distribution includes the Suggested Fix for 4318757. Everything seems to be there, except for the NULL check at the beginning of DragMotionProto in DragC.c. I think we should consider adding the following to that function: /* 4318757 - If this info is NULL then the dc is not properly setup. */ if(dc->drag.currReceiverInfo == NULL) return; david.mendenhall@east 2001-01-22 The Motif fix was putback to the merlin Motif workspace. david.mendenhall@east 2001-01-29 The Motif fix was putback to the ladybird Motif workspace. david.mendenhall@east 2001-03-12 No test case is provided because the bug could only be reproduced by the submitter using his large, custom application. He could not provide a smaller test case. david.mendenhall@east 2001-03-12

12-03-2001