Digging deep into the "java" object makes Firefox and Java crash

RESOLVED WONTFIX

Status

defect
--
critical
RESOLVED WONTFIX
13 years ago
9 years ago

People

(Reporter: jruderman, Unassigned)

Tracking

({crash, testcase})

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

13 years ago
Evaluating java.i.i.i.i....i (with about 2^14 i's) makes Firefox hang for a few minutes and then crash.

Thread 0 Crashed:
0   libclient.dylib           	0x9c0dfbfc jio_snprintf + 200008
1   libclient.dylib           	0x9c0df86c jio_snprintf + 199096
2   libclient.dylib           	0x9c0def34 jio_snprintf + 196736
3   libclient.dylib           	0x9c0de450 jio_snprintf + 193948
4   libclient.dylib           	0x9c0ddf14 jio_snprintf + 192608
5   libclient.dylib           	0x9c0ddd48 jio_snprintf + 192148
6   libclient.dylib           	0x9c116254 JVM_DoPrivileged + 6612
7   libclient.dylib           	0x9c1160cc JVM_DoPrivileged + 6220
8   com.netscape.MRJPlugin    	0x01f90bf8 StopJavaControlAsyncDrawing.eh + 20556
9   com.netscape.MRJPlugin    	0x01f9bdf8 StopJavaControlAsyncDrawing.eh + 66124
10  com.netscape.MRJPlugin    	0x01f6c6cc JavaMessageQueue::notify() + 196
11  <<00000000>> 	0x09647258 0 + 157577816
12  <<00000000>> 	0x09647050 0 + 157577296
13  <<00000000>> 	0x09572164 0 + 156705124
14  libclient.dylib           	0x9c10c3c8 jio_snprintf + 382228
15  libclient.dylib           	0x9c10c214 jio_snprintf + 381792
16  libclient.dylib           	0x9c12aeec JVM_MaxMemory + 9056
17  libclient.dylib           	0x9c172110 JVM_FindLoadedClass + 2676
18  JavaEmbeddingPlugin       	0x05c2f054 JEPDoLiveConnectProxy + 1576
19  com.netscape.MRJPlugin    	0x01f5eb24 JEPDoLiveConnectProxy + 124
20  com.netscape.MRJPlugin    	0x01f6dde0 CSecureEnv::sendMessageToJava(JavaMessage*) + 1908
21  com.netscape.MRJPlugin    	0x01f6f3d0 CSecureEnv::FindClass(char const*, _jclass**) + 96
22  org.mozilla.firefox       	0x00a54d7c ProxyJNIEnv::FindClass(JNIEnv_*, char const*) + 60
23  org.mozilla.firefox       	0x00843004 jsj_init_JavaMember + 628
24  libmozjs.dylib            	0x23047850 js_LookupPropertyWithFlags + 1216
25  libmozjs.dylib            	0x2304a244 js_GetProperty + 152
26  libmozjs.dylib            	0x23036504 js_Interpret + 28604
27  libmozjs.dylib            	0x2303d544 js_Execute + 580
28  libmozjs.dylib            	0x230059cc JS_EvaluateUCScriptForPrincipals + 88
...
(Reporter)

Comment 1

13 years ago
Posted file testcase
I'm able to reproduce this, but only on OS X Tiger (I tested on
10.4.7).  I'm not able to reproduce it on OS X 10.3.9.

I get a similar stack trace (on the main thread), though not an
identical one.  And in the Console (not the Java Console) I see many
occurrances (10 - 15) of the following string at the same time as the
crash:

"An irrecoverable stack overflow (bypassing yellow and red zones)."

This string is in libjvm.dylib (of Apple's JVM), and seems to
correspond to the string "An irrecoverable stack overflow has
occurred" in Sun's (other) JVMs.  So it looks like the JVM is
overflowing the browser's stack (on the main thread).

The code that crashes is called repeatedly (possibly hundreds of
times), but not (as far as I can tell) recursively -- so I don't know
why there's a stack overflow.

I also don't know why it only happens on OS X 10.4.X.  But the Java
Embedding Plugin (and consequently Apple's JVM) does more work on a
JavaScript-to-Java LiveConnect call on OS X 10.4.X than it does on OS
X 10.3.X or 10.2.8.  So that may have something to do with it.

I don't know what I'm going to be able to do about this.

(Browser event handler recursion doesn't seem to be involved here.)

Updated

13 years ago
Blocks: 353557

Updated

13 years ago
No longer blocks: 353557
My fix for bug 389597 also fixes this bug.
Assignee: yuanyi21 → smichaud
Component: Java: OJI → Java Embedding Plugin
QA Contact: zhayupeng → java.jep
Smokey, this isn't a bug in the Java Embedding Plugin.

As my fix for bug 389597 shows, this is actually a side effect of a
bug in Mozilla.org's LiveConnect implementation.
Assignee: smichaud → nobody
Component: Java Embedding Plugin → Java: Live Connect
QA Contact: java.jep → live-connect
(Reporter)

Comment 5

10 years ago
Liveconnect is gone, so I guess this is worksforme or wontfix, depending on how you look at it.
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → WONTFIX

Updated

9 years ago
Component: Java: Live Connect → Java: Live Connect
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.