Bug ID: JDK-4833514 JVM crash while reading FVD described class

JDK-4833514 : JVM crash while reading FVD described class

Type: Bug
Component: other-libs
Sub-Component: corba:idl
Affected Version: 1.3.1,1.4.1

Priority: P2
Status: Resolved
Resolution: Fixed
OS: windows_2000
CPU: x86

Submitted: 2003-03-17
Updated: 2003-05-09
Resolved: 2003-04-12

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

Other	Other	Other
1.3.1 09Fixed	1.4.1Fixed	1.4.2Fixed

Related Reports

Relates :	JDK-4676248 - JDK 1.3.1/1.4 interop failure for all exceptions
Relates :	JDK-4615605 - J2SE 1.4/1.3 interop broken for RemoteException and unchecked exceptions
Relates :	JDK-4743229 - Fix for Bugs #4615605 and #4676248 cause crash

Description

Customer Problem Description:
-------------------------------
This is against 1.3.1_07 seen with -client, -server and -Xint flags.
The problem occurs when trying to read an exception from a 1.4.1 VM.
1.3.1 does not have access to java.lang.StackTraceElement so
javax.rmi.CORBA.ValueHandler.readValue() is called with clz == null

I believe the value handler is supposed to cope since it can read the FVD 
for the class and skip the data. However, instead it blows up. This is on
win32/Win2K.

Unexpected Signal : EXCEPTION_ACCESS_VIOLATION occurred at PC=0x6d448463
Function name=(N/A)
Library=c:\java\jdk1.3\jre\bin\hotspot\jvm.dll

NOTE: We are unable to locate the function name symbol for the error
       just occurred. Please refer to release documentation for possible
       reason and solutions.



Current Java thread:
         at 
com.sun.corba.se.internal.io.IIOPInputStream.throwExceptionType(Nativ
e Method)
         at 
com.sun.corba.se.internal.io.IIOPInputStream.simpleReadObject(IIOPInp
utStream.java:272)
         at 
com.sun.corba.se.internal.io.ValueHandlerImpl.readValueInternal(Value
HandlerImpl.java:245)
         at 
com.sun.corba.se.internal.io.ValueHandlerImpl.readValue(ValueHandlerI
mpl.java:207)
         at weblogic.iiop.IIOPInputStream.read_value(IIOPInputStream.java:1957)
         at weblogic.iiop.ReplyMessage.getThrowable(ReplyMessage.java:345)
         at 
weblogic.iiop.InboundResponseImpl.getThrowable(InboundResponseImpl.ja
va:63)
         at 
weblogic.iiop.OutboundRequestImpl.sendReceive(OutboundRequestImpl.jav
a:139)
         at weblogic.iiop.IIOPRemoteRef.invokeInternal(IIOPRemoteRef.java:191)
         at weblogic.iiop.IIOPRemoteRef.invoke(IIOPRemoteRef.java:135)
         at j2ee.interop.demo.Processor_IIOP_WLStub.testException(Unknown 
Source)

         at j2ee.interop.demo.TesterEJB.testException(TesterEJB.java:299)
         at java.lang.reflect.Method.invoke(Native Method)
         at j2ee.interop.demo.TesterEJB.invokeTest(TesterEJB.java:135)
         at j2ee.interop.demo.TesterEJB.performTests(TesterEJB.java:100)
         at 
j2ee.interop.demo.TesterEJB_10qnrl_EOImpl.performTests(TesterEJB_10qn
rl_EOImpl.java:46)
         at j2ee.interop.demo.ReporterServlet.doGet(ReporterServlet.java:73)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at 
weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run
(ServletStubImpl.java:1058)
         at 
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubIm
pl.java:401)
         at 
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubIm
pl.java:306)
         at 
weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio
n.run(WebAppServletContext.java:5458)
         at 
weblogic.security.service.SecurityServiceManager.runAs(SecurityServic
eManager.java:809)
         at 
weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppSe
rvletContext.java:3116)
         at 
weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestIm
pl.java:2583)
         at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:215)
         at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:191)

Dynamic libraries:
0x00400000 - 0x00405000         c:\java\jdk1.3\bin\java.exe
0x77F80000 - 0x77FFB000         C:\WINNT\System32\ntdll.dll
0x77DB0000 - 0x77E0D000         C:\WINNT\system32\ADVAPI32.dll
0x77E80000 - 0x77F36000         C:\WINNT\system32\KERNEL32.DLL
0x77D30000 - 0x77DA1000         C:\WINNT\system32\RPCRT4.DLL
0x78000000 - 0x78046000         C:\WINNT\system32\MSVCRT.dll
0x6D420000 - 0x6D4F8000         c:\java\jdk1.3\jre\bin\hotspot\jvm.dll
0x77E10000 - 0x77E75000         C:\WINNT\system32\USER32.dll
0x77F40000 - 0x77F7C000         C:\WINNT\system32\GDI32.DLL
0x77570000 - 0x775A0000         C:\WINNT\System32\WINMM.dll
0x681A0000 - 0x681A7000         C:\WINNT\System32\serwvdrv.dll
0x66740000 - 0x66747000         C:\WINNT\System32\umdmxfrm.dll
0x6D220000 - 0x6D227000         c:\java\jdk1.3\jre\bin\hpi.dll
0x6D3B0000 - 0x6D3BD000         c:\java\jdk1.3\jre\bin\verify.dll
0x6D250000 - 0x6D267000         c:\java\jdk1.3\jre\bin\java.dll
0x6D3C0000 - 0x6D3CD000         c:\java\jdk1.3\jre\bin\zip.dll
0x6D340000 - 0x6D348000         C:\java\jdk1.3\jre\bin\net.dll
0x75050000 - 0x75058000         C:\WINNT\System32\WSOCK32.dll
0x75030000 - 0x75043000         C:\WINNT\System32\WS2_32.DLL
0x75020000 - 0x75028000         C:\WINNT\System32\WS2HELP.DLL
0x782C0000 - 0x782CC000         C:\WINNT\System32\rnr20.dll
0x77980000 - 0x779A4000         C:\WINNT\System32\DNSAPI.DLL
0x77340000 - 0x77353000         C:\WINNT\System32\iphlpapi.dll
0x77520000 - 0x77525000         C:\WINNT\System32\ICMP.DLL
0x77320000 - 0x77337000         C:\WINNT\System32\MPRAPI.DLL
0x75150000 - 0x75160000         C:\WINNT\System32\SAMLIB.DLL
0x75170000 - 0x751BF000         C:\WINNT\System32\NETAPI32.DLL
0x77BE0000 - 0x77BEF000         C:\WINNT\System32\SECUR32.DLL
0x751C0000 - 0x751C6000         C:\WINNT\System32\NETRAP.DLL
0x77950000 - 0x7797A000         C:\WINNT\system32\WLDAP32.DLL
0x77A50000 - 0x77B45000         C:\WINNT\system32\OLE32.DLL
0x779B0000 - 0x77A4B000         C:\WINNT\system32\OLEAUT32.DLL
0x773B0000 - 0x773DE000         C:\WINNT\System32\ACTIVEDS.DLL
0x77380000 - 0x773A2000         C:\WINNT\System32\ADSLDPC.DLL
0x77830000 - 0x7783E000         C:\WINNT\System32\RTUTILS.DLL
0x77880000 - 0x7790D000         C:\WINNT\System32\SETUPAPI.DLL
0x77C10000 - 0x77C6E000         C:\WINNT\System32\USERENV.DLL
0x774E0000 - 0x77512000         C:\WINNT\System32\RASAPI32.DLL
0x774C0000 - 0x774D1000         C:\WINNT\System32\RASMAN.DLL
0x77530000 - 0x77552000         C:\WINNT\System32\TAPI32.DLL
0x71710000 - 0x71794000         C:\WINNT\system32\COMCTL32.DLL
0x70BD0000 - 0x70C35000         C:\WINNT\system32\SHLWAPI.DLL
0x77360000 - 0x77379000         C:\WINNT\System32\DHCPCSVC.DLL
0x777E0000 - 0x777E8000         C:\WINNT\System32\winrnr.dll
0x777F0000 - 0x777F5000         C:\WINNT\System32\rasadhlp.dll
0x6D240000 - 0x6D246000         C:\java\jdk1.3\jre\bin\ioser12.dll
0x74FD0000 - 0x74FED000         C:\WINNT\system32\msafd.dll
0x75010000 - 0x75017000         C:\WINNT\System32\wshtcpip.dll
0x10000000 - 0x10005000         H:\weblogic\src700\bin\wlntio.dll
0x77920000 - 0x77943000         C:\WINNT\system32\imagehlp.dll
0x72A00000 - 0x72A2D000         C:\WINNT\system32\DBGHELP.dll
0x690A0000 - 0x690AB000         C:\WINNT\System32\PSAPI.DLL

Local Time = Fri Mar 14 12:24:44 2003
Elapsed Time = 128
#
# HotSpot Virtual Machine Error : EXCEPTION_ACCESS_VIOLATION
# Error ID : 4F530E43505002BD
# Please report this error at
# http://java.sun.com/cgi-bin/bugreport.cgi
#
# Java VM: Java HotSpot(TM) Client VM (1.3.1_07-b02 interpreted mode)
#
# An error report file has been saved as hs_err_pid1992.log.

When they tried to run with -XX:+ShowMessageBoxOnError,

>1) when it crashes, it pops up a dialog box, saying "An error has just 
>occurred,
>    do you want to debug the problem?", with a "yes" button and a "no" button.
>    Click on the "yes" button.

This gives:

****************
Another exception has been detected while we were handling last error.
Dumping information about last error:
ERROR REPORT FILE = (N/A)
PC                = 0x6D448463
SIGNAL            = -1073741819
FUNCTION NAME     = (N/A)
LIBRARY NAME      = (N/A)
Please check ERROR REPORT FILE for further information, if there is any.
Good bye.

BEA tried running with java_g (debug build of 1.3.1_07) and have the
following output:

#
# HotSpot Virtual Machine Error, assertion failure
# Please report this error at
# http://java.sun.com/cgi-bin/bugreport.cgi
#
# assert(handle != 0, "JNI handle should not be null")
#
# Error ID: 
D:\BUILD_AREA\jdk131-update\ws\hotspot\src\share\vm\runtime\jniHandl
es.hpp, 150
#
# Problematic Thread: prio=5 tid=0x1a71ad70 nid=0x8dc runnable
#
# SafepointSynchronize::begin: Fatal error:
# SafepointSynchronize::begin: Timed out while attempting to reach a safepoint.
# SafepointSynchronize::begin: Threads which did not reach the safepoint:
# nid=0x8dc runnable
# SafepointSynchronize::begin: (End of list)

The stack I get is unusable:

JVM_G! 0807be48()
JVM_G! 08073d36()
IOSER12_G! 1b8010d8()
1a313542()
1a3104d2()
1a310522()
1a310522()
1a3105ea()
1a310522()
1a310522()
1a310522()
1a310522()
1a310522()
1a3105ea()
1a31059a()
JVM_G! 082c8bc7()
JVM_G! 0805ae1f()
JVM_G! 080ea618()
JVM_G! 0805aa41()
JVM_G! 080f0754()
JVM_G! 080f09f0()
JVM_G! 080973ba()
JAVA_G! 00a026e8()
1a313542()
1a310522()
1a3104d2()
1a310522()
1a3105ea()
1a3104d2()
1a3104d2()
1a31059a()
1a3105ea()
1a3104d2()
1a3104d2()
1a3105ea()
1a310522()
1a3104d2()
1a31059a()
1a3104d2()
JVM_G! 082c8bc7()
JVM_G! 0805ae1f()
JVM_G! 080ea618()
JVM_G! 0805aa41()
JVM_G! 0805a59e()
JVM_G! 0805a5df()
JVM_G! 0809297c()
JVM_G! 08122224()
JVM_G! 08122144()
JVM_G! 080e8dc0()
_threadstartex(void * 0x1a71b9f8) line 212 + 13 bytes
KERNEL32! 77e887dd()


###@###.### 2003-03-19

BEA has seen the problem in 1.4.1_02

*****************************************************************************

###@###.### 2003-03-28

This bug seems to be similar to 4676248 4615605 

*******************************************************************************

Comments

CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: 1.3.1_09 1.4.1_03 mantis-beta FIXED IN: 1.3.1_09 1.4.1_03 mantis-beta INTEGRATED IN: 1.3.1_09 1.4.1_03 mantis-b20 mantis-beta
14-06-2004
WORK AROUND none
11-06-2004
SUGGESTED FIX ------- ioser.c ------- * /tmp/sccs.Yaa47j Tue Mar 18 18:32:32 2003 --- ioser.c Tue Mar 18 18:27:48 2003 *********** * 74,82 **** JNIEXPORT void JNICALL Java_com_sun_corba_se_internal_io_IIOPOutputStream_throwExceptionType (JNIEnv env, jobject obj, jclass c, jstring mssg) { ! const char strMsg = (env)->GetStringUTFChars(env, mssg, 0L); (env)->ThrowNew(env, c, strMsg); ! (env)->ReleaseStringUTFChars(env, mssg, strMsg); return; } --- 74,87 ---- JNIEXPORT void JNICALL Java_com_sun_corba_se_internal_io_IIOPOutputStream_throwExceptionType (JNIEnv env, jobject obj, jclass c, jstring mssg) { ! const char* strMsg; ! if (mssg) ! strMsg =(env)->GetStringUTFChars(env, mssg, 0L); ! else ! strMsg = "Null message"; (env)->ThrowNew(env, c, strMsg); ! if (mssg) ! (env)->ReleaseStringUTFChars(env, mssg, strMsg); return; } ************ * 90,98 **** JNIEXPORT void JNICALL Java_com_sun_corba_se_internal_io_IIOPInputStream_throwExceptionType (JNIEnv env, jobject obj, jclass c, jstring mssg) { ! const char strMsg = (env)->GetStringUTFChars(env, mssg, 0L); (env)->ThrowNew(env, c, strMsg); ! (env)->ReleaseStringUTFChars(env, mssg, strMsg); return; } --- 95,108 ---- JNIEXPORT void JNICALL Java_com_sun_corba_se_internal_io_IIOPInputStream_throwExceptionType (JNIEnv env, jobject obj, jclass c, jstring mssg) { ! const char* strMsg; ! if (mssg) ! strMsg = (env)->GetStringUTFChars(env, mssg, 0L); ! else ! strMsg = "Null message"; (env)->ThrowNew(env, c, strMsg); ! if (mssg) ! (*env)->ReleaseStringUTFChars(env, mssg, strMsg); return; }
11-06-2004
EVALUATION following is the native stack trace, looks like we needs a null check before calling jni_GetStringUTF, like the one in suggested fix jvm_g!JNIHandles::resolve_non_null+0x48 [D:\BUILD_AREA\jdk131-update\ws\hotspot\src\share\vm\runtime\jniHandles.hpp @ 150] jvm_g!jni_GetStringUTFChars+0x145 [D:\BUILD_AREA\jdk131-update\ws\hotspot\src\share\vm\prims\jni.cpp @ 1253] ioser12_g!Java_com_sun_corba_se_internal_io_IIOPInputStream_throwExceptionType+0x19 [../../../../src/share/native/com/sun/corba/se/internal/io/ioser.c @ 93] ###@###.### 2003-03-19
19-03-2003