Closed Bug 222237 Opened 22 years ago Closed 22 years ago

Browser Crashes if reloading the Window twice [@ JavaObject_getPropertyById ]

Categories

(Core Graveyard :: Java: OJI, defect)

Product:
Core Graveyard
Component:
Java: OJI
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 64319

People

(Reporter: mganter, Assigned: joshua.xia)

References

(
URL
)

Details

(Keywords: crash)

Crash Data

User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0) Build Identifier: All If i start the above sayed URL, the page will load an applet that pushes new quotes to the table by using the LiveConnect-Classes from Netscape JSObject, aso. The first Reload will sometimes start the page without crashing down, but always the 2nd reload causes a complete browser-crash. All Versions of Mozilla are showing this Problem. The Versions of IE are running very well and do not show this Appearance. Reproducible: Always Steps to Reproduce: 1. Load the URL 2. Reload once (sometimes Crashing) 3. Reload again (always Crashing) Actual Results: Browser crashes down.
crashing 20031012 on Win2k + Sun's JRE 1.4.2_01. related: bug 200016 ? Although I didn't find JS code that called Java, may have overlooked.
Assignee: idk → joshua.xia
Component: Java-Implemented Plugins → OJI
Keywords: crash, stackwanted
crash on the website using Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.6a) Gecko/20031022 Java Plug-in 1.4.2_01 for Netscape Navigator (DLL Helper) Win98 + SP1 Talkback ID: got Talkback, can´t send, will retry later.
uninstalled JRE 1.4.2_01, rebooted, installed 1.4.2_02 Also crashing, with DocWatson & Talkback, but Talkback still can´t connect.
DrWatson mentions the following (20031022 + Sun's JRE 1.4.2_02 on Win2k): [...] GetSecurityContext JavaObject_getPropertyById Java_netscape_javascript_JSObject_equals [...] and [...] JVM_RegisterPerfMethods JVM_MonitorWait [...]
Assignee: joshua.xia → live-connect
Status: UNCONFIRMED → NEW
Component: Java: OJI → Java: Live Connect
Ever confirmed: true
QA Contact: avm → PhilSchwartau
Summary: Browser Crashes if reloading the Window twice. The problem exists with all Browser-Versions and all java-VMs. → Browser Crashes if reloading the Window twice [@ JavaObject_getPropertyById ]
It does not seem to be effected on calling JSObject. Running in testcase, without serverconnection, the Browser keeps working. Therefore the serverconnect seems to be responsible for this problem.
This looks like OJI, here is the call stack: (custom MozillaFirebird build from 20031125 sources): 05ef7c46() oji.dll!map_jsj_thread_to_js_context_impl(JSJavaThreadState * jsj_env=0x00000000, void * java_applet_obj=0x05ef4870, JNIEnv_ * env=0x02a670e0, char * * errp=0x0012fa40) Line 156 + 0xe C++ oji.dll!enter_js_from_java_impl(JNIEnv_ * jEnv=0x02a670e0, char * * errp=0x0012fa40, void * * pNSIPrincipaArray=0x00000000, int numPrincipals=0, void * pNSISecurityContext=0x05f9bbe0, void * java_applet_obj=0x05ef4870) Line 420 + 0x24 C++ jsj3250.dll!jsj_enter_js(const JNINativeInterface_ * * jEnv=0x00000000, void * applet_obj=0x05ef4870, _jobject * java_wrapper_obj=0x05ef4870, JSContext * * cxp=0x0012fa70, JSObject * * js_objp=0x00000000, void (JSContext *, const char *, JSErrorReport *)* * old_error_reporterp=0x0012fa88, void * * pNSIPrincipaArray=0x00000000, int numPrincipals=0, void * pNSISecurityContext=0x05f9bbe0) Line 712 + 0x14 C++ jsj3250.dll!nsCLiveconnect::Call(JNIEnv_ * jEnv=0x00000000, long obj=0, const unsigned short * name=0x00000000, long length=262148, _jobjectArray * java_args=0x020801df, void * * principalsArray=0x00000000, int numPrincipals=-1, nsISupports * securitySupports=0x05ef489c, _jobject * * pjobj=0x00000000) Line 560 + 0x40 C++ jpins7.dll!6d35253f() jpinsp.dll!6d36743a() msvcr71.dll!free(void * pBlock=0x77f5febb) Line 103 + 0x5 C ntdll.dll!_RtlUnlockHeap@4() + 0x1a jpinsp.dll!6d367cfb() jpins7.dll!6d352054() oji.dll!handleRunnableEvent(JVMRunnableEvent * aEvent=0x01c06918) Line 289 C++ xpcom.dll!PL_HandleEvent(PLEvent * self=0x01c06918) Line 671 + 0x4 C++ xpcom.dll!PL_ProcessPendingEvents(PLEventQueue * self=0x009982e8) Line 606 + 0x6 C++ xpcom.dll!_md_EventReceiverProc(HWND__ * hwnd=0x0002015c, unsigned int uMsg=49399, unsigned int wParam=0, long lParam=10060520) Line 1413 C++ user32.dll!77d0612f() user32.dll!77d069a5() user32.dll!77d0695b() user32.dll!77d351fe() user32.dll!77d06689() user32.dll!77d07438() user32.dll!77d351fe() user32.dll!77d06704() gkwidget.dll!nsAppShell::Run() Line 159 C++ MozillaFirebird.exe!main1(int argc=1, char * * argv=0x00294620, nsISupports * nativeApp=0x05ef4870, const nsXREAppData & aAppData={...}) Line 1282 + 0xa C++ MozillaFirebird.exe!xre_main(int argc=1, char * * argv=0x00294620, const nsXREAppData & aAppData={...}) Line 1716 + 0x1a C++ MozillaFirebird.exe!main(int argc=1, char * * argv=0x00294620) Line 51 + 0x18 C++ MozillaFirebird.exe!WinMain(HINSTANCE__ * __formal=0x00400000, HINSTANCE__ * __formal=0x00400000, char * args=0x00152350, HINSTANCE__ * __formal=0x00400000) Line 64 + 0x19 C++ MozillaFirebird.exe!WinMainCRTStartup() Line 390 + 0x1b C kernel32.dll!_BaseProcessStart@4() + 0x23
Keywords: stackwanted
Message: Unhandled exception at 0x05ef7c46 in MozillaFirebird.exe: 0xC0000096: Privileged instruction. Registers: EAX = 0BDE9D10 EBX = 00000000 ECX = 05EF4870 EDX = 0012F5C4 ESI = 02A670E1 EDI = 00000000 EIP = 05EF7C46 ESP = 0012F5B8 EBP = 05EF4870 EFL = 00010282 Code around the crash: JS_STATIC_DLL_CALLBACK(JSContext*) map_jsj_thread_to_js_context_impl(JSJavaThreadState *jsj_env, void* java_applet_obj, JNIEnv *env, char **errp) { 607A6AC0 sub esp,8 #if 0 JVMContext* context = GetJVMContext(); JSContext *cx = context->js_context; /* ** This callback is called for spontaneous calls only. Either create a new JSContext ** or return the crippled context. ** TODO: Get to some kind of script manager via service manager and then get to script context ** and then to get to the native context. */ //JSContext *cx = LM_GetCrippledContext(); //JSContext *cx = NULL; *errp = NULL; return cx; #else // Guess what? This design is totally invalid under Gecko, because there isn't a 1 to 1 mapping // between NSPR threads and JSContexts. We have to ask the plugin instance peer what JSContext // it lives in to make any sense of all this. JSContext* context = NULL; if (java_applet_obj != NULL) { 607A6AC3 mov ecx,dword ptr [esp+10h] 607A6AC7 xor eax,eax 607A6AC9 test ecx,ecx 607A6ACB mov dword ptr [esp+4],eax 607A6ACF je map_jsj_thread_to_js_context_impl+6Ch (607A6B2Ch) nsIPluginInstance* pluginInstance = NS_REINTERPRET_CAST(nsIPluginInstance*, java_applet_obj); nsIPluginInstancePeer* pluginPeer = NULL; if (pluginInstance->GetPeer(&pluginPeer) == NS_OK) { 607A6AD1 lea edx,[esp] 607A6AD4 push edx 607A6AD5 mov dword ptr [esp+4],eax 607A6AD9 mov eax,dword ptr [ecx] 607A6ADB push ecx 607A6ADC call dword ptr [eax+10h] <=================== CRASH HERE 607A6ADF test eax,eax 607A6AE1 jne map_jsj_thread_to_js_context_impl+68h (607A6B28h) nsIPluginInstancePeer2* pluginPeer2 = NULL; if (pluginPeer->QueryInterface(NS_GET_IID(nsIPluginInstancePeer2), (void**) &pluginPeer2) == NS_OK) { 607A6AE3 lea edx,[esp+10h] 607A6AE7 push edx 607A6AE8 mov dword ptr [esp+14h],eax 607A6AEC mov eax,dword ptr [esp+4] 607A6AF0 mov ecx,dword ptr [eax] 607A6AF2 push offset `nsIPluginInstancePeer2::GetIID'::`2'::iid (607A8AC4h) 607A6AF7 push eax 607A6AF8 call dword ptr [ecx] 607A6AFA test eax,eax 607A6AFC jne map_jsj_thread_to_js_context_impl+5Fh (607A6B1Fh)
Bernard: thank you for these traces!!! Based on these, reassigning to Java: OJI
Assignee: live-connect → joshua.xia
Component: Java: Live Connect → Java: OJI
QA Contact: PhilSchwartau → general
dup of 64319. Please reopen it if I was wrong. *** This bug has been marked as a duplicate of 64319 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
Product: Core → Core Graveyard
Crash Signature: [@ JavaObject_getPropertyById ]
You need to log in before you can comment on or make changes to this bug.