348020 - JVM crashes on Mozilla.termEmbedding() invocation

Status: RESOLVED INCOMPLETE

(Core Graveyard :: Java to XPCOM Bridge, defect)

Description

[Vladimir Korenev]

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.5) Gecko/20060802 Firefox/1.5.0.5
Build Identifier: 

The following line in the DestroyXPTCMappingEnum() function in the nsJavaXPCOMBindingUtils.cpp causes JVM crash:

  entry->xptcstub->DeleteStrongRef();

This occures because the nsJavaXPTCStub object has been previously deleted in the nsJavaXPTCStub::ReleaseWeakRef() method and all its data has been overwritten.

BTW, that line has a comment:
  // The XPTC stub will be released by the XPCOM side, if it hasn't been
  // already.  We just need to delete the Java global ref held by the XPTC stub,
  // so the Java garbage collector can handle the Java object when necessary.

Reproducible: Sometimes

Comment 1

[jhp (no longer active)]

This sounds like bug 338110.  That fix was checked in to the trunk and the 1.8.1 branch.  Since you are on Linux, try this build: ftp://ftp.mozilla.org/pub/mozilla.org/xulrunner/nightly/latest-mozilla1.8/xulrunner-1.8.1b1.en-US.linux-i686.tar.gz, which has the fix.

*** This bug has been marked as a duplicate of 338110 ***

Comment 2

[Vladimir Korenev]

I have built XULRunner from 1.8.1 branch sources. I have checked that it contains the patch from bug 338110. That is a different problem.

This bug is reproducible in a quite a big project, but I have not been able to make a small sample yet.

Comment 3

[Vladimir Korenev]

As a workaround the following line in the nsJavaXPTCStub::ReleaseWeakRef() method can be commented out:

  delete this;

See http://lxr.mozilla.org/mozilla1.8/source/extensions/java/xpcom/nsJavaXPTCStub.cpp#205

Of course this will lead to memory leak.

Comment 4

[Phoenix]

Is this still reproducible/actual?