Closed Bug 201164 Opened 22 years ago Closed 22 years ago

Crash when java applet returns a number as a string to a javascript, and the script modifyes the number.

Categories

(Core Graveyard :: Java: OJI, defect)

Product:
Core Graveyard
Component:
Java: OJI
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: jesper, Assigned: joshua.xia)

References

(
URL
)

Details

(Keywords: crash, stackwanted, testcase, Whiteboard: fixed in JRE1.5)

Attachments

(2 files)

Sun JRE Error log
7.71 KB, text/plain
Details
check exception successfully
916 bytes, patch
brendan
: review+
beard
: superreview+
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.1; Linux 2.4.20; i686) Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20021130 java applet: import java.applet.*; public class test extends Applet { public String str() { return "" + (10); } } html code: <applet name="test" code="test.class"></applet> <script language="JavaScript"> function fnc() { tal = document.test.str(); alert(tal-10); } </script> <a href="javascript:fnc()">test</a> Clicking on the link makes mozilla crash. Reproducible: Always Steps to Reproduce: 1. go to http://bzimage.dk/mozilla_crash/test.html 2. click on "test" Actual Results: crash Expected Results: alert box saying 0 Unexpected Signal : 11 occurred at PC=0x4014cc2d Function name=method__5JNIid Library=/usr/local/mozilla/plugins/java2/lib/i386/client/libjvm.so Current Java thread: at sun.plugin.navig.motif.AThread.handleRequest(Native Method) at sun.plugin.navig.motif.AThread.JNIHandleLoop(AThread.java:44) at sun.plugin.navig.motif.AThread.run(AThread.java:36)
wfm using build 2003040708 on Win2k + JRE 1.4.2beta. Related: bug 183346 and Sun's bugtraq #4836462.
Assignee: rogerl → joshua.xia
Component: JavaScript Engine → OJI
Keywords: crash, stackwanted
QA Contact: pschwartau → dsirnapalli
I see this with the Blackdown JRE 1.4.1. It doesn't actually crash. It looks like the java plugin is aborting and bringing mozilla down with it. No plugin should be able to kill mozilla so there may well be more than one bug here.
wfm Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.4b) Gecko/20030407 on Win98SE + JRE 1.4.2beta.
Attached file Sun JRE Error log
Error log file created by JRE 1.4.2-b19 using the testcase (Linux 20030408 debug CVS).
tenthumbs: see bug 180946 (and generally speaking bug 156493). Filed a bug report on Sun's bugtraq (although I think it's related to or dupe of bugtraq #4836462).
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: testcase
I get a crash too, using Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030313 with Sun's Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.1_02-b06) under Linux Mandrake 9.1. Both Mozilla and J2RE are from RPM install, mozilla-1.3-1mdk.rpm and j2re-1.4.1_02-fcs.rpm. Is this a Linux-specific J2RE bug?
The problem is browser tries to call "doubleValue" with "java.lang.String" object. Java Plug-in returns a 0 method id to browser and the exception were thrown, so the browser should check whether the method id is 0 (or check whether the exception is pending) or not before calling method.
in mozilla/module/oji/src/ProxyJNI.cpp "GetMethodID" function only check "outMethodID != NULL" but mozilla side can't check "outMethodID->java_method != NULL" because of sturcture 's define. try to check exception.
Status: NEW → ASSIGNED
cc -> liveconnect module owner/peer
Comment on attachment 119935 [details] [diff] [review] check exception successfully please r/sr Thanks a lot!
Attachment #119935 - Flags: superreview?(beard)
Attachment #119935 - Flags: review?(brendan)
Comment on attachment 119935 [details] [diff] [review] check exception successfully The missing context leading up to line 760 is: java_class = class_descriptor->java_class; doubleValue = (*jEnv)->GetMethodID(jEnv, java_class, "doubleValue", "()D"); if (!doubleValue) { /* There is no doubleValue() method for the object. Try toString() instead and the JS engine will attempt to convert the result to a number. */ (*jEnv)->ExceptionClear(jEnv); Now why should GetMethodID return a non-null jmethodID for a non-existent method? This sounds like yet another JPI (?) bug, not a LiveConnect bug. How is GetMethodID specified to operate when the method sought is not found? How does it in fact operate on Windows? Is this a Linux-only bug? /be
bug report has been accepted on bugparade: Sun's bugtraq #4845182 (should show up in a day or two).
it is unix bug (this also happened on Solaris).
Comment on attachment 119935 [details] [diff] [review] check exception successfully sr=beard
Attachment #119935 - Flags: superreview?(beard) → superreview+
Brendan, I think that it is necessary for liveconnect to check this exception to aviod crash even though jmethodID from JPI is not NULL. JPI side will also fix it in JRE1.5
Whiteboard: fixed in JRE1.5
Comment on attachment 119935 [details] [diff] [review] check exception successfully Please put a comment like this: /* * XXX work around bug to be fixed in JRE1.5, where GetMethodID called with * a non-existent method name returns a non-null result. * See Mozilla bug 201164. */ Do that and sr=brendan@mozilla.org. /be
Attachment #119935 - Flags: review?(brendan) → review+
checked in and fixed
->fixed
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: