Browser Crashes if reloading the Window twice [@ JavaObject_getPropertyById ]

RESOLVED DUPLICATE of bug 64319

Status

Core Graveyard
Java: OJI
--
critical
RESOLVED DUPLICATE of bug 64319
14 years ago
7 years ago

People

(Reporter: Mario, Assigned: Joshua Xia)

Tracking

({crash})

Firefox Tracking Flags

(Not tracked)

Details

(crash signature, URL)

(Reporter)

Description

14 years ago
User-Agent:       Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Build Identifier: All

If i start the above sayed URL, the page will load an applet that pushes new 
quotes to the table by using the LiveConnect-Classes from Netscape JSObject, 
aso.
The first Reload will sometimes start the page without crashing down, but 
always the 2nd reload causes a complete browser-crash.
All Versions of Mozilla are showing this Problem.
The Versions of IE are running very well and do not show this Appearance.


Reproducible: Always

Steps to Reproduce:
1. Load the URL
2. Reload once (sometimes Crashing)
3. Reload again (always Crashing)

Actual Results:  
Browser crashes down.

Comment 1

14 years ago
crashing 20031012 on Win2k + Sun's JRE 1.4.2_01.

related: bug 200016 ? Although I didn't find JS code that called Java, may have
overlooked.
Assignee: idk → joshua.xia
Component: Java-Implemented Plugins → OJI
Keywords: crash, stackwanted

Comment 2

14 years ago
crash on the website using
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.6a) Gecko/20031022
Java Plug-in 1.4.2_01 for Netscape Navigator (DLL Helper)
Win98 + SP1

Talkback ID: got Talkback, can´t send, will retry later.

Comment 3

14 years ago
uninstalled JRE 1.4.2_01, rebooted, installed 1.4.2_02
Also crashing, with DocWatson & Talkback, but Talkback still can´t connect.

Comment 4

14 years ago
DrWatson mentions the following (20031022 + Sun's JRE 1.4.2_02 on Win2k):

[...]
GetSecurityContext 
JavaObject_getPropertyById 
Java_netscape_javascript_JSObject_equals
[...]
and
[...]
JVM_RegisterPerfMethods 
JVM_MonitorWait
[...]
Assignee: joshua.xia → live-connect
Status: UNCONFIRMED → NEW
Component: Java: OJI → Java: Live Connect
Ever confirmed: true
QA Contact: avm → PhilSchwartau
Summary: Browser Crashes if reloading the Window twice. The problem exists with all Browser-Versions and all java-VMs. → Browser Crashes if reloading the Window twice [@ JavaObject_getPropertyById ]
(Reporter)

Comment 5

14 years ago
It does not seem to be effected on calling JSObject.
Running in testcase, without serverconnection, the Browser keeps working.
Therefore the serverconnect seems to be responsible for this problem.

Comment 6

14 years ago
This looks like OJI, here is the call stack:
(custom MozillaFirebird build from 20031125 sources):

05ef7c46()	
	oji.dll!map_jsj_thread_to_js_context_impl(JSJavaThreadState *
jsj_env=0x00000000, void * java_applet_obj=0x05ef4870, JNIEnv_ * env=0x02a670e0,
char * * errp=0x0012fa40)  Line 156 + 0xe	C++
 	oji.dll!enter_js_from_java_impl(JNIEnv_ * jEnv=0x02a670e0, char * *
errp=0x0012fa40, void * * pNSIPrincipaArray=0x00000000, int numPrincipals=0,
void * pNSISecurityContext=0x05f9bbe0, void * java_applet_obj=0x05ef4870)  Line
420 + 0x24	C++
 	jsj3250.dll!jsj_enter_js(const JNINativeInterface_ * * jEnv=0x00000000, void *
applet_obj=0x05ef4870, _jobject * java_wrapper_obj=0x05ef4870, JSContext * *
cxp=0x0012fa70, JSObject * * js_objp=0x00000000, void (JSContext *, const char
*, JSErrorReport *)* * old_error_reporterp=0x0012fa88, void * *
pNSIPrincipaArray=0x00000000, int numPrincipals=0, void *
pNSISecurityContext=0x05f9bbe0)  Line 712 + 0x14	C++
 	jsj3250.dll!nsCLiveconnect::Call(JNIEnv_ * jEnv=0x00000000, long obj=0, const
unsigned short * name=0x00000000, long length=262148, _jobjectArray *
java_args=0x020801df, void * * principalsArray=0x00000000, int numPrincipals=-1,
nsISupports * securitySupports=0x05ef489c, _jobject * * pjobj=0x00000000)  Line
560 + 0x40	C++
 	jpins7.dll!6d35253f() 	
 	jpinsp.dll!6d36743a() 	
 	msvcr71.dll!free(void * pBlock=0x77f5febb)  Line 103 + 0x5	C
 	ntdll.dll!_RtlUnlockHeap@4()  + 0x1a	
 	jpinsp.dll!6d367cfb() 	
 	jpins7.dll!6d352054() 	
 	oji.dll!handleRunnableEvent(JVMRunnableEvent * aEvent=0x01c06918)  Line 289	C++
 	xpcom.dll!PL_HandleEvent(PLEvent * self=0x01c06918)  Line 671 + 0x4	C++
 	xpcom.dll!PL_ProcessPendingEvents(PLEventQueue * self=0x009982e8)  Line 606
+ 0x6	C++
 	xpcom.dll!_md_EventReceiverProc(HWND__ * hwnd=0x0002015c, unsigned int
uMsg=49399, unsigned int wParam=0, long lParam=10060520)  Line 1413	C++
 	user32.dll!77d0612f() 	
 	user32.dll!77d069a5() 	
 	user32.dll!77d0695b() 	
 	user32.dll!77d351fe() 	
 	user32.dll!77d06689() 	
 	user32.dll!77d07438() 	
 	user32.dll!77d351fe() 	
 	user32.dll!77d06704() 	
 	gkwidget.dll!nsAppShell::Run()  Line 159	C++
 	MozillaFirebird.exe!main1(int argc=1, char * * argv=0x00294620, nsISupports *
nativeApp=0x05ef4870, const nsXREAppData & aAppData={...})  Line 1282 + 0xa	C++
 	MozillaFirebird.exe!xre_main(int argc=1, char * * argv=0x00294620, const
nsXREAppData & aAppData={...})  Line 1716 + 0x1a	C++
 	MozillaFirebird.exe!main(int argc=1, char * * argv=0x00294620)  Line 51 + 0x18	C++
 	MozillaFirebird.exe!WinMain(HINSTANCE__ * __formal=0x00400000, HINSTANCE__ *
__formal=0x00400000, char * args=0x00152350, HINSTANCE__ * __formal=0x00400000)
 Line 64 + 0x19	C++
 	MozillaFirebird.exe!WinMainCRTStartup()  Line 390 + 0x1b	C
 	kernel32.dll!_BaseProcessStart@4()  + 0x23
Keywords: stackwanted

Comment 7

14 years ago
Message:

Unhandled exception at 0x05ef7c46 in MozillaFirebird.exe: 0xC0000096: Privileged
instruction.

Registers:

EAX = 0BDE9D10 EBX = 00000000 ECX = 05EF4870 EDX = 0012F5C4 
ESI = 02A670E1 EDI = 00000000 EIP = 05EF7C46 ESP = 0012F5B8 
EBP = 05EF4870 EFL = 00010282 

Code around the crash:

JS_STATIC_DLL_CALLBACK(JSContext*)
map_jsj_thread_to_js_context_impl(JSJavaThreadState *jsj_env, void*
java_applet_obj, JNIEnv *env, char **errp)
{
607A6AC0  sub         esp,8 
#if 0
	JVMContext* context = GetJVMContext();
	JSContext *cx = context->js_context;

    /*
    ** This callback is called for spontaneous calls only. Either create a new
JSContext
    ** or return the crippled context.
    ** TODO: Get to some kind of script manager via service manager and then get
to script context 
    **       and then to get to the native context.
    */
    //JSContext *cx    = LM_GetCrippledContext();
    //JSContext *cx    = NULL;

    *errp = NULL;
    return cx;
#else
	// Guess what? This design is totally invalid under Gecko, because there isn't
a 1 to 1 mapping
	// between NSPR threads and JSContexts. We have to ask the plugin instance peer
what JSContext
	// it lives in to make any sense of all this.
	JSContext* context = NULL;
	if (java_applet_obj != NULL) {
607A6AC3  mov         ecx,dword ptr [esp+10h] 
607A6AC7  xor         eax,eax 
607A6AC9  test        ecx,ecx 
607A6ACB  mov         dword ptr [esp+4],eax 
607A6ACF  je          map_jsj_thread_to_js_context_impl+6Ch (607A6B2Ch) 
		nsIPluginInstance* pluginInstance = NS_REINTERPRET_CAST(nsIPluginInstance*,
java_applet_obj);
	        nsIPluginInstancePeer* pluginPeer = NULL;
		if (pluginInstance->GetPeer(&pluginPeer) == NS_OK) {
607A6AD1  lea         edx,[esp] 
607A6AD4  push        edx  
607A6AD5  mov         dword ptr [esp+4],eax 
607A6AD9  mov         eax,dword ptr [ecx] 
607A6ADB  push        ecx  
607A6ADC  call        dword ptr [eax+10h] <=================== CRASH HERE
607A6ADF  test        eax,eax 
607A6AE1  jne         map_jsj_thread_to_js_context_impl+68h (607A6B28h) 
			nsIPluginInstancePeer2* pluginPeer2 = NULL;
			if (pluginPeer->QueryInterface(NS_GET_IID(nsIPluginInstancePeer2), (void**)
&pluginPeer2) == NS_OK) {
607A6AE3  lea         edx,[esp+10h] 
607A6AE7  push        edx  
607A6AE8  mov         dword ptr [esp+14h],eax 
607A6AEC  mov         eax,dword ptr [esp+4] 
607A6AF0  mov         ecx,dword ptr [eax] 
607A6AF2  push        offset `nsIPluginInstancePeer2::GetIID'::`2'::iid (607A8AC4h) 
607A6AF7  push        eax  
607A6AF8  call        dword ptr [ecx] 
607A6AFA  test        eax,eax 
607A6AFC  jne         map_jsj_thread_to_js_context_impl+5Fh (607A6B1Fh)

Comment 8

14 years ago
Bernard: thank you for these traces!!! 

Based on these, reassigning to Java: OJI
Assignee: live-connect → joshua.xia
Component: Java: Live Connect → Java: OJI
QA Contact: PhilSchwartau → general

Comment 9

14 years ago
dup of 64319. Please reopen it if I was wrong.

*** This bug has been marked as a duplicate of 64319 ***
Status: NEW → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → DUPLICATE

Updated

7 years ago
Component: Java: OJI → Java: OJI
Product: Core → Core Graveyard
Crash Signature: [@ JavaObject_getPropertyById ]
You need to log in before you can comment on or make changes to this bug.