Closed
Bug 260478
Opened 20 years ago
Closed 13 years ago
Browser crash with repeated JSObject calls
Categories
(Core Graveyard :: Java: Live Connect, defect)
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: sujith, Assigned: alfred.peng)
References
Details
(Keywords: crash, stackwanted)
Attachments
(1 file)
|
15.71 KB,
text/plain
|
Details |
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Build Identifier: Mozilla/5.0
I have an applet that tries to read a no of JSObjects (approximately 1000 to
1100) in its init method. I need to initialize the applet based on a request
Parameter whose value is coming from a select box. When I initialize the applet
one after the other (I have to do this and this is not done for fanciful
testing), after 4-5 iterations the mozilla browser crashes. The 1st 3-4
iterations will initialize the applet well. But from the 4rth of 5th iteration,
mozilla crashes. This is happening in both mozilla 1.5 and mozilla 1.7 and for
both the jre versions 1.4.2_05 and 1.4.2_02 (Sun jres). I am using Red hat
linux 9.0.
Mozilla crash was occurring at the native code of the getValue method of the
JSObject. That is, crashing was occurring at the native code outside JVM. It
was seen that this problem was occurring at the various points in the code
where the JSObject were being read.
In the directory /usr/local/mozilla/plugins I have a link named
libjavaplugin_oji.so -> /usr/java/j2re1.4.2_05/plugin/i386/ns610-
gcc32/libjavaplugin_oji.so. I guess this is what was needed instead of copying
the whole of libjavaplugin_oji.so.
Also, I have done the maximum performance enhancement to avoid reading the
JSObjects as much as possible.
But at the same time the crash not is occurring in IE. (I am using IE version
6.0).
This is the exception stack trace.
An unexpected exception has been detected in native code outside the VM.
Unexpected Signal : 11 occurred at PC=0x42073499
Function=__libc_free+0x49
Library=/lib/tls/libc.so.6
Current Java thread:
at sun.plugin.javascript.navig5.JSObject.JSObjectGetMember(Native
Method)
at sun.plugin.javascript.navig5.JSObject.getMember(JSObject.java:169)
at com.wincor_nixdorf.tplinux.webapp.storemgnt.kps.KBDimension.<init>
(KBDimension.java:279)
at com.wincor_nixdorf.tplinux.webapp.storemgnt.kps.keyboard.initKeyboard
(keyboard.java:1376)
at com.wincor_nixdorf.tplinux.webapp.storemgnt.kps.keyboard.init
(keyboard.java:61)
at sun.applet.AppletPanel.run(AppletPanel.java:353)
at java.lang.Thread.run(Thread.java:534)
Dynamic libraries:
08048000-0804b000 r-xp 00000000 03:02
2040960 /usr/java/j2sdk1.4.2_02/jre/bin/java_vm
0804b000-0804c000 rw-p 00002000 03:02
2040960 /usr/java/j2sdk1.4.2_02/jre/bin/java_vm
40000000-40015000 r-xp 00000000 03:02 897623 /lib/ld-2.3.2.so
40015000-40016000 rw-p 00014000 03:02 897623 /lib/ld-2.3.2.so
40017000-4001f000 r-xp 00000000 03:02
1273680 /usr/java/j2sdk1.4.2_02/jre/lib/i386/native_threads/libhpi.so
4001f000-40020000 rw-p 00007000 03:02
1273680 /usr/java/j2sdk1.4.2_02/jre/lib/i386/native_threads/libhpi.so
40020000-40024000 rw-s 00000000 03:02 1192004 /tmp/hsperfdata_tux/8649
40024000-40027000 r--s 00000000 03:02
261315 /usr/java/j2sdk1.4.2_02/jre/lib/ext/dnsns.jar
40027000-40031000 r-xp 00000000 03:02 522266 /lib/tls/libpthread-0.29.so
40031000-40032000 rw-p 0000a000 03:02 522266 /lib/tls/libpthread-0.29.so
40034000-40036000 r-xp 00000000 03:02 897634 /lib/libdl-2.3.2.so
40036000-40037000 rw-p 00002000 03:02 897634 /lib/libdl-2.3.2.so
40038000-40432000 r-xp 00000000 03:02
637112 /usr/java/j2sdk1.4.2_02/jre/lib/i386/client/libjvm.so
40432000-4044e000 rw-p 003f9000 03:02
637112 /usr/java/j2sdk1.4.2_02/jre/lib/i386/client/libjvm.so
40460000-40472000 r-xp 00000000 03:02 897638 /lib/libnsl-2.3.2.so
40472000-40473000 rw-p 00011000 03:02 897638 /lib/libnsl-2.3.2.so
40475000-40496000 r-xp 00000000 03:02 522264 /lib/tls/libm-2.3.2.so
40496000-40497000 rw-p 00020000 03:02 522264 /lib/tls/libm-2.3.2.so
40497000-404a4000 r--s 00000000 03:02
261318 /usr/java/j2sdk1.4.2_02/jre/lib/ext/ldapsec.jar
404a4000-404a5000 r-xp 00000000 03:02
2236040 /usr/X11R6/lib/X11/locale/lib/common/xlcUTF8Load.so.2
404a5000-404a6000 rw-p 00000000 03:02
2236040 /usr/X11R6/lib/X11/locale/lib/common/xlcUTF8Load.so.2
404a7000-404b2000 r-xp 00000000 03:02 897644 /lib/libnss_files-2.3.2.so
404b2000-404b3000 rw-p 0000a000 03:02 897644 /lib/libnss_files-2.3.2.so
404b3000-404c3000 r-xp 00000000 03:02
2285790 /usr/java/j2sdk1.4.2_02/jre/lib/i386/libverify.so
404c3000-404c5000 rw-p 0000f000 03:02
2285790 /usr/java/j2sdk1.4.2_02/jre/lib/i386/libverify.so
404c5000-404e5000 r-xp 00000000 03:02
2285777 /usr/java/j2sdk1.4.2_02/jre/lib/i386/libjava.so
404e5000-404e7000 rw-p 0001f000 03:02
2285777 /usr/java/j2sdk1.4.2_02/jre/lib/i386/libjava.so
404e7000-404fb000 r-xp 00000000 03:02
2285791 /usr/java/j2sdk1.4.2_02/jre/lib/i386/libzip.so
404fb000-404fe000 rw-p 00013000 03:02
2285791 /usr/java/j2sdk1.4.2_02/jre/lib/i386/libzip.so
404fe000-41e96000 r--s 00000000 03:02
147841 /usr/java/j2sdk1.4.2_02/jre/lib/rt.jar
41ee0000-41ef6000 r--s 00000000 03:02
147839 /usr/java/j2sdk1.4.2_02/jre/lib/sunrsasign.jar
41ef6000-41fd1000 r--s 00000000 03:02
147834 /usr/java/j2sdk1.4.2_02/jre/lib/jsse.jar
41fd1000-41fe2000 r--s 00000000 03:02
147833 /usr/java/j2sdk1.4.2_02/jre/lib/jce.jar
42000000-4212e000 r-xp 00000000 03:02 522262 /lib/tls/libc-2.3.2.so
4212e000-42131000 rw-p 0012e000 03:02 522262 /lib/tls/libc-2.3.2.so
42133000-4268c000 r--s 00000000 03:02
147832 /usr/java/j2sdk1.4.2_02/jre/lib/charsets.jar
4268c000-42866000 r--s 00000000 03:02
147807 /usr/java/j2sdk1.4.2_02/jre/lib/plugin.jar
4caf2000-4ccf2000 r--p 00000000 03:02 473377 /usr/lib/locale/locale-archive
4cef2000-4cfae000 r--s 00000000 03:02
261319 /usr/java/j2sdk1.4.2_02/jre/lib/ext/localedata.jar
4cfae000-4cfca000 r--s 00000000 03:02
261321 /usr/java/j2sdk1.4.2_02/jre/lib/ext/sunjce_provider.jar
4cfca000-4d295000 r-xp 00000000 03:02
2285751 /usr/java/j2sdk1.4.2_02/jre/lib/i386/libawt.so
4d295000-4d2ab000 rw-p 002ca000 03:02
2285751 /usr/java/j2sdk1.4.2_02/jre/lib/i386/libawt.so
4d2d0000-4d323000 r-xp 00000000 03:02
2285785 /usr/java/j2sdk1.4.2_02/jre/lib/i386/libmlib_image.so
4d323000-4d324000 rw-p 00052000 03:02
2285785 /usr/java/j2sdk1.4.2_02/jre/lib/i386/libmlib_image.so
4d324000-4d32a000 r--s 00000000 03:02 114445 /usr/lib/gconv/gconv-
modules.cache
4d32a000-4d332000 r-xp 00000000 03:02
1387372 /usr/X11R6/lib/libXcursor.so.1.0
4d332000-4d333000 rw-p 00007000 03:02
1387372 /usr/X11R6/lib/libXcursor.so.1.0
4d334000-4d33b000 r-xp 00000000 03:02 1387388 /usr/X11R6/lib/libXp.so.6.2
4d33b000-4d33c000 rw-p 00006000 03:02 1387388 /usr/X11R6/lib/libXp.so.6.2
4d33c000-4d38a000 r-xp 00000000 03:02 1387396 /usr/X11R6/lib/libXt.so.6.0
4d38a000-4d38e000 rw-p 0004d000 03:02 1387396 /usr/X11R6/lib/libXt.so.6.0
4d38e000-4d39b000 r-xp 00000000 03:02 1387374 /usr/X11R6/lib/libXext.so.6.4
4d39b000-4d39c000 rw-p 0000c000 03:02 1387374 /usr/X11R6/lib/libXext.so.6.4
4d39c000-4d3a0000 r-xp 00000000 03:02 1387398 /usr/X11R6/lib/libXtst.so.6.1
4d3a0000-4d3a1000 rw-p 00004000 03:02 1387398 /usr/X11R6/lib/libXtst.so.6.1
4d3a1000-4d47d000 r-xp 00000000 03:02 1387364 /usr/X11R6/lib/libX11.so.6.2
4d47d000-4d480000 rw-p 000db000 03:02 1387364 /usr/X11R6/lib/libX11.so.6.2
4d480000-4d488000 r-xp 00000000 03:02 1387362 /usr/X11R6/lib/libSM.so.6.0
4d488000-4d489000 rw-p 00007000 03:02 1387362 /usr/X11R6/lib/libSM.so.6.0
4d489000-4d49d000 r-xp 00000000 03:02 1387358 /usr/X11R6/lib/libICE.so.6.3
4d49d000-4d49e000 rw-p 00013000 03:02 1387358 /usr/X11R6/lib/libICE.so.6.3
4d4a0000-4d4b2000 r-xp 00000000 03:02
2285754 /usr/java/j2sdk1.4.2_02/jre/lib/i386/libjavaplugin_jni.so
4d4b2000-4d4b4000 rw-p 00011000 03:02
2285754 /usr/java/j2sdk1.4.2_02/jre/lib/i386/libjavaplugin_jni.so
4d4c8000-4d582000 r-xp 00000000 03:02
2285755 /usr/java/j2sdk1.4.2_02/jre/lib/i386/libfontmanager.so
4d582000-4d59c000 rw-p 000b9000 03:02
2285755 /usr/java/j2sdk1.4.2_02/jre/lib/i386/libfontmanager.so
4d5ad000-4d5b4000 r-xp 00000000 03:02
1387394 /usr/X11R6/lib/libXrender.so.1.2
4d5b4000-4d5b5000 rw-p 00006000 03:02
1387394 /usr/X11R6/lib/libXrender.so.1.2
4d5b5000-4d5d1000 r-xp 00000000 03:02
2236038 /usr/X11R6/lib/X11/locale/lib/common/ximcp.so.2
4d5d1000-4d5d3000 rw-p 0001c000 03:02
2236038 /usr/X11R6/lib/X11/locale/lib/common/ximcp.so.2
4dc53000-4dc63000 r-xp 00000000 03:02
2285787 /usr/java/j2sdk1.4.2_02/jre/lib/i386/libnet.so
4dc63000-4dc64000 rw-p 0000f000 03:02
2285787 /usr/java/j2sdk1.4.2_02/jre/lib/i386/libnet.so
4dc64000-4dc7f000 r-xp 00000000 03:02
2285753 /usr/java/j2sdk1.4.2_02/jre/lib/i386/libdcpr.so
4dc7f000-4dc92000 rw-p 0001a000 03:02
2285753 /usr/java/j2sdk1.4.2_02/jre/lib/i386/libdcpr.so
4dc92000-4dcc9000 r-xp 00000000 03:02
2285782 /usr/java/j2sdk1.4.2_02/jre/lib/i386/libjpeg.so
4dcc9000-4dcca000 rw-p 00036000 03:02
2285782 /usr/java/j2sdk1.4.2_02/jre/lib/i386/libjpeg.so
4dcca000-4dcd4000 rw-s 00000000 00:04 118554633 /SYSV00000000 (deleted)
4ddf2000-4de03000 r--s 00000000 03:02
768036 /home/tplinux/.java/deployment/cache/javapi/v1.0/jar/kps.jar;jsession
id=4AFAABF8F7F89B67D797210A479C65A0-10f76516-4a20c58d.zip
Heap at VM Abort:
Heap
def new generation total 1088K, used 1035K [0x44910000, 0x44a30000,
0x44df0000)
eden space 1024K, 98% used [0x44910000, 0x44a0cfa0, 0x44a10000)
from space 64K, 36% used [0x44a20000, 0x44a25d78, 0x44a30000)
to space 64K, 0% used [0x44a10000, 0x44a10000, 0x44a20000)
tenured generation total 12708K, used 8887K [0x44df0000, 0x45a59000,
0x48910000)
the space 12708K, 69% used [0x44df0000, 0x4569dd78, 0x4569de00, 0x45a59000)
compacting perm gen total 5888K, used 5873K [0x48910000, 0x48ed0000,
0x4c910000)
the space 5888K, 99% used [0x48910000, 0x48ecc5a8, 0x48ecc600, 0x48ed0000)
Local Time = Wed Sep 15 15:21:57 2004
Elapsed Time = 1242
#
# The exception above was detected in native code outside the VM
#
# Java VM: Java HotSpot(TM) Client VM (1.4.2_02-b03 mixed mode)
#
# An error report file has been saved as hs_err_pid8649.log.
# Please refer to the file for further information.
#
INTERNAL ERROR on Browser End: Pipe closed during read? State may be corrupt
System error?:: Connection reset by peer
Reproducible: Always
Steps to Reproduce:
1. Write an applet that calls close to a thousand JSObjects getValue method.
2. Call that repeateddly
3.
Actual Results:
Then the browser crashes after some iterations (4to5)
Expected Results:
The applet should be initialised properly.
This is happening in both mozilla 1.5 and mozilla 1.7 and for both the jre
versions 1.4.2_05 and 1.4.2_02 (Sun jres).
Summary: Browser crash with repated JSObject calls → Browser crash with repeated JSObject calls
brendan: is it likely/possible that liveconnect isn't rooting an object it's exposing to java and the object got gc'd?
Keywords: crash
Hardware: Other → PC
|
||
Comment 2•20 years ago
|
||
Timeless: Who knows? We need a stack. Was talkback sent? /be
reporter: please install a mozilla.org talkback enabled build and crash again, the run components/talkback and copy the incident id to this bug. thanks. you could also build your own mozilla (make sure you don't --enable-strip. personally i'd go for --disable-debug --disable-optimize, but you could pick enables if you wanted to) of mozilla and use valgrind. this next bit is rebuilt from memory... export VALGRIND_OPTS=--num-callers=10 --error-limit=no --logfile-fd=3 ./run-mozilla.sh `which valgrind` ./mozilla-bin you'll eventually want to add something like: 3> mozilla.valgrind 2> mozilla.stderr 1> mozilla.stdout
Keywords: stackwanted
|
||
Comment 4•19 years ago
|
||
*** Bug 285451 has been marked as a duplicate of this bug. ***
|
||
Comment 5•19 years ago
|
||
The bug 285451 that has been marked as a dupe of this bug was already confirmed and its status was changed to new. The Talkback crash ID of that bug was: 4221939 and the page to reproduce it is: http://telis.edugraf.ufsc.br/apliques/Giovani/quebrandoTudo/teste.html. So I believe you do have a reason to set this bug to new. Sorry for this, but I'd like to ask you to try to give some attention to the bug because the application we develop depends upon this and we're obligated to use IE, unfortunally. Besides that, this kind of situation is very common. So if you can give us some idea on when this is going to be fixed I'd be grateful.
|
|
||
Comment 6•19 years ago
|
||
Kyle, could you look into this for 1.8b2? I'll help get drivers approval if you get a patch that fixes this bug attached. /be
Assignee: live-connect → kyle.yuan
Status: UNCONFIRMED → NEW
Ever confirmed: true
Reporter, jre 1.4.2 is buggy when doing liveconnect calls in applet's init method. We fixed a bunch of bugs for this in jre 1.5. Could you upgrade to jre 1.5 and try again? Giovani and Bob, I can not get mozilla crash using the testcase you provided, neither on WinXP nor on Linux, with jre 1.5.0_01. The value in textbox can be successfully increased to 999. Is there any special operation needed to make the crash happen?
|
|
||
Comment 8•19 years ago
|
||
There is no additional operation to reproduce the crash. I'm using jre 1.5.0_2 under windows XP SP2 and it crashed when I opened it, it has counted until 39 then it has broken. I've downloaded the latest nightly build available on the Firefox's main developer's page and it has crashed as well. So, I've generated a new talkback on the latest nightly build. It's id is 4950682.
|
|
||
Comment 9•19 years ago
|
||
So this affects the 1.5 release of the Java plugin, and the crash is in caps code. Talkback link: http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=2&type=iid&id=4950682 /be
|
||
Comment 10•19 years ago
|
||
This is a bug in java plugin and affect all version of jre1.5. I talked with the java plugin developer and filed sun bug 6254466 for tracking this issue. The root cause for bug 264062 is the same.
|
|
||
Comment 11•19 years ago
|
||
*** Bug 264062 has been marked as a duplicate of this bug. ***
|
|
||
Comment 12•19 years ago
|
||
*** Bug 272128 has been marked as a duplicate of this bug. ***
|
|
||
Comment 13•19 years ago
|
||
I was told that this bug should be fixed in Sun jre 1.5.0_04.
|
||
Comment 14•19 years ago
|
||
Awesome! But isn't there something that has to be done on Firefox side as well? To my understanding it shouldn't be crashing if some plug-in misbehaves.
|
|
||
Comment 15•19 years ago
|
||
So far we can't prevent plugin crash from taking down firefox. That's bug 180946.
|
|
||
Comment 16•19 years ago
|
||
*** Bug 272969 has been marked as a duplicate of this bug. ***
|
||
Comment 17•19 years ago
|
||
Is this a duplicate of bug 209559?
|
|
||
Comment 18•19 years ago
|
||
*** Bug 294842 has been marked as a duplicate of this bug. ***
|
|
||
Comment 19•19 years ago
|
||
*** Bug 294842 has been marked as a duplicate of this bug. ***
|
||
Comment 20•19 years ago
|
||
Another affected Web page is at <URL:http://www.dot.ca.gov/traffic/>. See Talkback incident ##5950578. See duplicate bug #294842 for details. This is also a problem with Windows 98SE. I have changed the OS from "Linux" to "All". Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.8) Gecko/20050511 Java2 RTE 5 (1.5.0 v.1)
OS: Linux → All
|
||
Comment 23•15 years ago
|
||
Tested with intel Mac running Mac OS X 10.4.11 with all current updates, and Camino nightly version 2.0b2pre (1.9.0.7pre 2009020512). No crash; but the applet had problems working properly. Attaching Activity Monitor sample from Camino while the applet was running
|
|
||
Comment 24•15 years ago
|
||
Sample taken while applet on Caltrans URL was running. Should have made that clear in the previous comment.
|
|
||
Comment 25•15 years ago
|
||
(In reply to comment #23) > Tested with intel Mac running Mac OS X 10.4.11 with all current updates, and > Camino nightly version 2.0b2pre (1.9.0.7pre 2009020512). > > No crash; but the applet had problems working properly. File a new bug and attach the activity monitor there. Don't hijack old bugs. I'll let Alfred deal with this bug's status. /be
|
||
Comment 26•13 years ago
|
||
Testcases in comment 5 and comment 20 are no more available. Is there any way to reproduce this bug?
|
|
||
Comment 27•13 years ago
|
||
Re comment #26: That is what happens when an actual error is reported and no attempt is made to correct it for more than six years after good test cases are presented.
|
||
Comment 28•13 years ago
|
||
Firefox code moved from custom Liveconnect code to the NPAPI/NPRuntime bridge a while back. Mass-closing the bugs in the liveconnect component which are likely invalid. If you believe that this bug is still relevant to modern versions of Firefox, please reopen it and move it the "Core" product, component "Plug-Ins".
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•