Closed
Bug 222237
Opened 21 years ago
Closed 21 years ago
Browser Crashes if reloading the Window twice [@ JavaObject_getPropertyById ]
Categories
(Core Graveyard :: Java: OJI, defect)
Core Graveyard
Java: OJI
Tracking
(Not tracked)
People
(Reporter: mganter, Assigned: joshua.xia)
References
()
Details
(Keywords: crash)
Crash Data
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0) Build Identifier: All If i start the above sayed URL, the page will load an applet that pushes new quotes to the table by using the LiveConnect-Classes from Netscape JSObject, aso. The first Reload will sometimes start the page without crashing down, but always the 2nd reload causes a complete browser-crash. All Versions of Mozilla are showing this Problem. The Versions of IE are running very well and do not show this Appearance. Reproducible: Always Steps to Reproduce: 1. Load the URL 2. Reload once (sometimes Crashing) 3. Reload again (always Crashing) Actual Results: Browser crashes down.
|
||
Comment 1•21 years ago
|
||
crashing 20031012 on Win2k + Sun's JRE 1.4.2_01. related: bug 200016 ? Although I didn't find JS code that called Java, may have overlooked.
|
||
Comment 2•21 years ago
|
||
crash on the website using Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.6a) Gecko/20031022 Java Plug-in 1.4.2_01 for Netscape Navigator (DLL Helper) Win98 + SP1 Talkback ID: got Talkback, can´t send, will retry later.
|
|
||
Comment 3•21 years ago
|
||
uninstalled JRE 1.4.2_01, rebooted, installed 1.4.2_02 Also crashing, with DocWatson & Talkback, but Talkback still can´t connect.
|
|
||
Comment 4•21 years ago
|
||
DrWatson mentions the following (20031022 + Sun's JRE 1.4.2_02 on Win2k): [...] GetSecurityContext JavaObject_getPropertyById Java_netscape_javascript_JSObject_equals [...] and [...] JVM_RegisterPerfMethods JVM_MonitorWait [...]
Assignee: joshua.xia → live-connect
Status: UNCONFIRMED → NEW
Component: Java: OJI → Java: Live Connect
Ever confirmed: true
QA Contact: avm → PhilSchwartau
Summary: Browser Crashes if reloading the Window twice. The problem exists with all Browser-Versions and all java-VMs. → Browser Crashes if reloading the Window twice [@ JavaObject_getPropertyById ]
It does not seem to be effected on calling JSObject. Running in testcase, without serverconnection, the Browser keeps working. Therefore the serverconnect seems to be responsible for this problem.
|
||
Comment 6•21 years ago
|
||
This looks like OJI, here is the call stack:
(custom MozillaFirebird build from 20031125 sources):
05ef7c46()
oji.dll!map_jsj_thread_to_js_context_impl(JSJavaThreadState *
jsj_env=0x00000000, void * java_applet_obj=0x05ef4870, JNIEnv_ * env=0x02a670e0,
char * * errp=0x0012fa40) Line 156 + 0xe C++
oji.dll!enter_js_from_java_impl(JNIEnv_ * jEnv=0x02a670e0, char * *
errp=0x0012fa40, void * * pNSIPrincipaArray=0x00000000, int numPrincipals=0,
void * pNSISecurityContext=0x05f9bbe0, void * java_applet_obj=0x05ef4870) Line
420 + 0x24 C++
jsj3250.dll!jsj_enter_js(const JNINativeInterface_ * * jEnv=0x00000000, void *
applet_obj=0x05ef4870, _jobject * java_wrapper_obj=0x05ef4870, JSContext * *
cxp=0x0012fa70, JSObject * * js_objp=0x00000000, void (JSContext *, const char
*, JSErrorReport *)* * old_error_reporterp=0x0012fa88, void * *
pNSIPrincipaArray=0x00000000, int numPrincipals=0, void *
pNSISecurityContext=0x05f9bbe0) Line 712 + 0x14 C++
jsj3250.dll!nsCLiveconnect::Call(JNIEnv_ * jEnv=0x00000000, long obj=0, const
unsigned short * name=0x00000000, long length=262148, _jobjectArray *
java_args=0x020801df, void * * principalsArray=0x00000000, int numPrincipals=-1,
nsISupports * securitySupports=0x05ef489c, _jobject * * pjobj=0x00000000) Line
560 + 0x40 C++
jpins7.dll!6d35253f()
jpinsp.dll!6d36743a()
msvcr71.dll!free(void * pBlock=0x77f5febb) Line 103 + 0x5 C
ntdll.dll!_RtlUnlockHeap@4() + 0x1a
jpinsp.dll!6d367cfb()
jpins7.dll!6d352054()
oji.dll!handleRunnableEvent(JVMRunnableEvent * aEvent=0x01c06918) Line 289 C++
xpcom.dll!PL_HandleEvent(PLEvent * self=0x01c06918) Line 671 + 0x4 C++
xpcom.dll!PL_ProcessPendingEvents(PLEventQueue * self=0x009982e8) Line 606
+ 0x6 C++
xpcom.dll!_md_EventReceiverProc(HWND__ * hwnd=0x0002015c, unsigned int
uMsg=49399, unsigned int wParam=0, long lParam=10060520) Line 1413 C++
user32.dll!77d0612f()
user32.dll!77d069a5()
user32.dll!77d0695b()
user32.dll!77d351fe()
user32.dll!77d06689()
user32.dll!77d07438()
user32.dll!77d351fe()
user32.dll!77d06704()
gkwidget.dll!nsAppShell::Run() Line 159 C++
MozillaFirebird.exe!main1(int argc=1, char * * argv=0x00294620, nsISupports *
nativeApp=0x05ef4870, const nsXREAppData & aAppData={...}) Line 1282 + 0xa C++
MozillaFirebird.exe!xre_main(int argc=1, char * * argv=0x00294620, const
nsXREAppData & aAppData={...}) Line 1716 + 0x1a C++
MozillaFirebird.exe!main(int argc=1, char * * argv=0x00294620) Line 51 + 0x18 C++
MozillaFirebird.exe!WinMain(HINSTANCE__ * __formal=0x00400000, HINSTANCE__ *
__formal=0x00400000, char * args=0x00152350, HINSTANCE__ * __formal=0x00400000)
Line 64 + 0x19 C++
MozillaFirebird.exe!WinMainCRTStartup() Line 390 + 0x1b C
kernel32.dll!_BaseProcessStart@4() + 0x23Keywords: stackwanted
|
|
||
Comment 7•21 years ago
|
||
Message:
Unhandled exception at 0x05ef7c46 in MozillaFirebird.exe: 0xC0000096: Privileged
instruction.
Registers:
EAX = 0BDE9D10 EBX = 00000000 ECX = 05EF4870 EDX = 0012F5C4
ESI = 02A670E1 EDI = 00000000 EIP = 05EF7C46 ESP = 0012F5B8
EBP = 05EF4870 EFL = 00010282
Code around the crash:
JS_STATIC_DLL_CALLBACK(JSContext*)
map_jsj_thread_to_js_context_impl(JSJavaThreadState *jsj_env, void*
java_applet_obj, JNIEnv *env, char **errp)
{
607A6AC0 sub esp,8
#if 0
JVMContext* context = GetJVMContext();
JSContext *cx = context->js_context;
/*
** This callback is called for spontaneous calls only. Either create a new
JSContext
** or return the crippled context.
** TODO: Get to some kind of script manager via service manager and then get
to script context
** and then to get to the native context.
*/
//JSContext *cx = LM_GetCrippledContext();
//JSContext *cx = NULL;
*errp = NULL;
return cx;
#else
// Guess what? This design is totally invalid under Gecko, because there isn't
a 1 to 1 mapping
// between NSPR threads and JSContexts. We have to ask the plugin instance peer
what JSContext
// it lives in to make any sense of all this.
JSContext* context = NULL;
if (java_applet_obj != NULL) {
607A6AC3 mov ecx,dword ptr [esp+10h]
607A6AC7 xor eax,eax
607A6AC9 test ecx,ecx
607A6ACB mov dword ptr [esp+4],eax
607A6ACF je map_jsj_thread_to_js_context_impl+6Ch (607A6B2Ch)
nsIPluginInstance* pluginInstance = NS_REINTERPRET_CAST(nsIPluginInstance*,
java_applet_obj);
nsIPluginInstancePeer* pluginPeer = NULL;
if (pluginInstance->GetPeer(&pluginPeer) == NS_OK) {
607A6AD1 lea edx,[esp]
607A6AD4 push edx
607A6AD5 mov dword ptr [esp+4],eax
607A6AD9 mov eax,dword ptr [ecx]
607A6ADB push ecx
607A6ADC call dword ptr [eax+10h] <=================== CRASH HERE
607A6ADF test eax,eax
607A6AE1 jne map_jsj_thread_to_js_context_impl+68h (607A6B28h)
nsIPluginInstancePeer2* pluginPeer2 = NULL;
if (pluginPeer->QueryInterface(NS_GET_IID(nsIPluginInstancePeer2), (void**)
&pluginPeer2) == NS_OK) {
607A6AE3 lea edx,[esp+10h]
607A6AE7 push edx
607A6AE8 mov dword ptr [esp+14h],eax
607A6AEC mov eax,dword ptr [esp+4]
607A6AF0 mov ecx,dword ptr [eax]
607A6AF2 push offset `nsIPluginInstancePeer2::GetIID'::`2'::iid (607A8AC4h)
607A6AF7 push eax
607A6AF8 call dword ptr [ecx]
607A6AFA test eax,eax
607A6AFC jne map_jsj_thread_to_js_context_impl+5Fh (607A6B1Fh)
|
||
Comment 8•21 years ago
|
||
Bernard: thank you for these traces!!! Based on these, reassigning to Java: OJI
Assignee: live-connect → joshua.xia
Component: Java: Live Connect → Java: OJI
QA Contact: PhilSchwartau → general
dup of 64319. Please reopen it if I was wrong. *** This bug has been marked as a duplicate of 64319 ***
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
|
||
Updated•13 years ago
|
Crash Signature: [@ JavaObject_getPropertyById ]
You need to log in
before you can comment on or make changes to this bug.
Description
•