Closed
Bug 84082
Opened 24 years ago
Closed 24 years ago
Javascript call Java and Java callback to Javascript crashes the browser
Categories
(Core Graveyard :: Java: Live Connect, defect)
Tracking
(Not tracked)
People
(Reporter: xiaobin.lu, Assigned: xiaobin.lu)
References
Details
Attachments
(3 files)
Javascript call Java resume to work after 82034, Java call Javascript resumes
to work after 77600, however, Javascript call Java and then Java call back
crashes the browser.
Assignee | ||
Comment 1•24 years ago
|
||
Assignee | ||
Comment 2•24 years ago
|
||
Assignee | ||
Comment 3•24 years ago
|
||
I posted the testcase both in binary format ( the first) and text format ( the
second). Please use MSIE to open the testcase. I tried to using NS4.75 to open
the testcase and it seems not working.
Comment 4•24 years ago
|
||
For some reason, I am unable to unzip attachment id=37105.
I tried WinZip on WinNT, gunzip on Cygwin/WinNT, and gunzip on Linux.
I keep getting errors in each case -
Assignee | ||
Comment 5•24 years ago
|
||
Sorry for inconvinience! I will post the testcase in some external webserver
so your guys can access it.
Assignee | ||
Comment 6•24 years ago
|
||
Comment 7•24 years ago
|
||
I was able to decompress the latest attachment (id=37253) successfully
on Cygwin/WinNT by using tar -xzf on it...
When I try 'test.html' in NN4.7, it works perfectly. But when I try it
with any recent Mozilla build, I crash as soon as I hit "Run Test":
00000000()
_js_LookupProperty(JSContext * 0x0382f4c0, JSObject * 0x02ca1278, long 71717568,
JSObject * * 0x0012d994, JSProperty * * 0x0012d988, const char * 0x00e32a28,
unsigned int 2335) line 2182 + 24 bytes
js_GetProperty(JSContext * 0x0382f4c0, JSObject * 0x02ca1270, long 71717568,
long * 0x0012e524) line 2335 + 35 bytes
js_Interpret(JSContext * 0x0382f4c0, long * 0x0012e6dc) line 2535 + 1998 bytes
js_Invoke(JSContext * 0x0382f4c0, unsigned int 1, unsigned int 2) line 824 + 13
bytes
js_InternalInvoke(JSContext * 0x0382f4c0, JSObject * 0x02ca1218, long 46797344,
unsigned int 0, unsigned int 1, long * 0x0012e8b4, long * 0x0012e804) line 896 +
20 bytes
JS_CallFunctionValue(JSContext * 0x0382f4c0, JSObject * 0x02ca1218, long
46797344, unsigned int 1, long * 0x0012e8b4, long * 0x0012e804) line 3320 + 31
bytes
nsJSContext::CallEventHandler(nsJSContext * const 0x0382feb0, void * 0x02ca1218,
void * 0x02ca1220, unsigned int 1, void * 0x0012e8b4, int * 0x0012e8b0, int 0)
line 934 + 33 bytes
nsJSEventListener::HandleEvent(nsJSEventListener * const 0x04499c10, nsIDOMEvent
* 0x04491494) line 139 + 57 bytes
nsEventListenerManager::HandleEventSubType(nsListenerStruct * 0x04499b90,
nsIDOMEvent * 0x04491494, nsIDOMEventTarget * 0x04182250, unsigned int 4,
unsigned int 7) line 1119 + 20 bytes
nsEventListenerManager::HandleEvent(nsEventListenerManager * const 0x04499c60,
nsIPresContext * 0x04ff3bb0, nsEvent * 0x0012f340, nsIDOMEvent * * 0x0012f040,
nsIDOMEventTarget * 0x04182250, unsigned int 7, nsEventStatus * 0x0012f718) line
1285 + 36 bytes
nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x0449eb20,
nsIPresContext * 0x04ff3bb0, nsEvent * 0x0012f340, nsIDOMEvent * * 0x0012f040,
unsigned int 1, nsEventStatus * 0x0012f718) line 1674
nsHTMLInputElement::HandleDOMEvent(nsHTMLInputElement * const 0x0449eb20,
nsIPresContext * 0x04ff3bb0, nsEvent * 0x0012f340, nsIDOMEvent * * 0x00000000,
unsigned int 1, nsEventStatus * 0x0012f718) line 1078 + 29 bytes
PresShell::HandleEventInternal(nsEvent * 0x0012f340, nsIView * 0x00000000,
unsigned int 1, nsEventStatus * 0x0012f718) line 5513 + 47 bytes
PresShell::HandleEventWithTarget(PresShell * const 0x04fda050, nsEvent *
0x0012f340, nsIFrame * 0x02d6ae64, nsIContent * 0x0449eb20, unsigned int 1,
nsEventStatus * 0x0012f718) line 5486 + 22 bytes
nsEventStateManager::CheckForAndDispatchClick(nsEventStateManager * const
0x03bc8e30, nsIPresContext * 0x04ff3bb0, nsMouseEvent * 0x0012f824,
nsEventStatus * 0x0012f718) line 2463 + 61 bytes
nsEventStateManager::PostHandleEvent(nsEventStateManager * const 0x03bc8e38,
nsIPresContext * 0x04ff3bb0, nsEvent * 0x0012f824, nsIFrame * 0x02d6ae64,
nsEventStatus * 0x0012f718, nsIView * 0x0446f7b0) line 1548 + 28 bytes
PresShell::HandleEventInternal(nsEvent * 0x0012f824, nsIView * 0x0446f7b0,
unsigned int 1, nsEventStatus * 0x0012f718) line 5533 + 43 bytes
PresShell::HandleEvent(PresShell * const 0x04fda054, nsIView * 0x0446f7b0,
nsGUIEvent * 0x0012f824, nsEventStatus * 0x0012f718, int 0, int & 1) line 5440 +
25 bytes
nsView::HandleEvent(nsView * const 0x0446f7b0, nsGUIEvent * 0x0012f824, unsigned
int 8, nsEventStatus * 0x0012f718, int 0, int & 1) line 377
nsView::HandleEvent(nsView * const 0x0446ff70, nsGUIEvent * 0x0012f824, unsigned
int 8, nsEventStatus * 0x0012f718, int 0, int & 1) line 350
nsView::HandleEvent(nsView * const 0x04fde390, nsGUIEvent * 0x0012f824, unsigned
int 28, nsEventStatus * 0x0012f718, int 1, int & 1) line 350
nsViewManager::DispatchEvent(nsViewManager * const 0x04fde520, nsGUIEvent *
0x0012f824, nsEventStatus * 0x0012f718) line 2051
HandleEvent(nsGUIEvent * 0x0012f824) line 68
nsWindow::DispatchEvent(nsWindow * const 0x0446a394, nsGUIEvent * 0x0012f824,
nsEventStatus & nsEventStatus_eIgnore) line 712 + 10 bytes
nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012f824) line 733
nsWindow::DispatchMouseEvent(unsigned int 301, nsPoint * 0x00000000) line 4195 +
21 bytes
ChildWindow::DispatchMouseEvent(unsigned int 301, nsPoint * 0x00000000) line
4442
nsWindow::ProcessMessage(unsigned int 514, unsigned int 0, long 3604556, long *
0x0012fc2c) line 3166 + 24 bytes
nsWindow::WindowProc(HWND__ * 0x003b02fe, unsigned int 514, unsigned int 0, long
3604556) line 979 + 27 bytes
USER32! 77e71820()
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 8•24 years ago
|
||
This is the Java plug-in I am using on WinNT with Mozilla:
File name: D:\mozilla\dist\WIN32_D.OBJ\bin\plugins\NPOJI600.dll
Java Plug-in 1.3.0_01 for Netscape Navigator (DLL Helper)
Mime Type Description Suffixes Enabled
application/x-java-vm Java Virtual Machine for Netscape 6.x Yes
Comment 9•24 years ago
|
||
This smells like the problem fixed in bug #82034. Please get that patch and
verify. The crash is happening on a call to a NULL function pointer called
resolve.
Depends on: 82034
Assignee | ||
Comment 10•24 years ago
|
||
I filed this bug with latest trunk with fix for 77600, 82034. So I don't think
it is same problem as 82034.
Actually the problem is to make it work, I need to grant all the permissions
in my java policy file which is not supposed to be like that.
Comment 11•24 years ago
|
||
I have finished a debug WinNT Mozilla build 2001-06-05. Also, I downloaded
the WinNT binary 2001060509 from the ftp server. Both come one day after
the fix for bug 82034 was checked in.
With each build, the browser no longer crashes when I click the "Run Test"
button in Test.html; but then again, NOTHING happens. No alertbox comes up.
No errors appear in the JavaScript console. In the Java Console all I
see is the message
Calling getWIndow() ....
which appears as soon as I load Test.html. When I click the "Run Test"
button, no further message appears in the Java Console or the Mozilla
debug console.
The onClick handler of the "Run Test" button is
document.callLCApplet.callAlert()
When I type that in as a javascript:URL and hit enter, I get this message
in the Mozilla debug console:
Error loading URL javascript: document.callLCApplet.callAlert() : 2152924149
Comment 12•24 years ago
|
||
Assignee | ||
Comment 13•24 years ago
|
||
You need to apply patch of 77600 to reproduce the problem.
Comment 14•24 years ago
|
||
OK, but I was testing Patrick's idea at 2001-06-05 17:40 above:
> This smells like the problem fixed in bug 82034. Please get that patch
> and verify. The crash is happening on a call to a NULL function pointer
> called resolve.
Assignee | ||
Comment 15•24 years ago
|
||
Applied patch for 77600, tested on today's trunk and I got a crash. The stack
trace looks like:
NTDLL! 77f7629c()
jsj_HashJavaObject(const void * 0x0086f7c0, void * 0x03dee530) line 76 + 18
bytes
jsj_WrapJavaObject(JSContext * 0x03aa1520, const JNINativeInterface_ * *
0x03dee530, _jobject * 0x0086f7c0, _jobject * 0x0086f7c4) line 129 + 13 bytes
jsj_ConvertJavaObjectToJSValue(JSContext * 0x03aa1520, const JNINativeInterface_
* * 0x03dee530, _jobject * 0x0086f7c0, long * 0x1bf48030) line 861 + 21 bytes
nsCLiveconnect::Call(nsCLiveconnect * const 0x03dea880, JNIEnv_ * 0x03dee530,
long 469010784, const unsigned short * 0x00871780, long 8, _jobjectArray *
0x0086f624, void * * 0x00000000, int 0, nsISupports * 0x026f3dd0, _jobject * *
0x0012c984) line 449 + 27 bytes
CJSCallDispatcher::Dispatch(JSObject_CallInfo * 0x026f11c0) line 370 + 58 bytes
CJSCallDispatcher::Run(CJSCallDispatcher * const 0x026f1180) line 981 + 39 bytes
The reason is there is some exception occured during a call to
java.lang.System.identifyHashcode. The exception is:
java.security.AccessControlException: access denied (java.lang.RuntimePermission
getProtectionDomain)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.Class.getProtectionDomain(Unknown Source)
at
sun.plugin.liveconnect.SecureInvocation.checkLiveConnectCaller(SecureInvocation.
java:420)
at
sun.plugin.liveconnect.SecureInvocation.CallMethod(SecureInvocation.java:262)
at sun.plugin.javascript.navig5.JSObject.JSObjectGetMember(Native
Method)
at sun.plugin.javascript.navig5.JSObject.getMember(JSObject.java:181)
at JavaToJS.getMemberTest(JavaToJS.java:299)
at java.lang.reflect.Method.invoke(Native Method)
at
sun.plugin.liveconnect.PrivilegedCallMethodAction.run(SecureInvocation.java:585)
at java.security.AccessController.doPrivileged(Native Method)
at
sun.plugin.liveconnect.SecureInvocation.CallMethod(SecureInvocation.java:276)
java.security.AccessControlException: access denied (java.lang.RuntimePermission
getProtectionDomain)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.Class.getProtectionDomain(Unknown Source)
at
sun.plugin.liveconnect.SecureInvocation.checkLiveConnectCaller(SecureInvocation.
java:420)
at
sun.plugin.liveconnect.SecureInvocation.CallMethod(SecureInvocation.java:262)
at sun.plugin.javascript.navig5.JSObject.JSObjectGetMember(Native
Method)
at sun.plugin.javascript.navig5.JSObject.getMember(JSObject.java:181)
at JavaToJS.getMemberTest(JavaToJS.java:299)
at java.lang.reflect.Method.invoke(Native Method)
at
sun.plugin.liveconnect.PrivilegedCallMethodAction.run(SecureInvocation.java:585)
at java.security.AccessController.doPrivileged(Native Method)
at
sun.plugin.liveconnect.SecureInvocation.CallMethod(SecureInvocation.java:276)
By the way, grant all permission in java.policy file solves the problem.
Comment 17•24 years ago
|
||
On the Mac, I don't crash when I hit the "Run Test" button, but the first time
the applet is run, the value of TestApplet.win is null, so the call to
TestApplet.callAlert() fails with a NullPointerException. If I hit reload, the
second time around, the call to JSObject.getWindow(this) works. Evidently there
is some kind of race condition when initializing the applet the first time.
Assignee | ||
Comment 18•24 years ago
|
||
*** This bug has been marked as a duplicate of 46518 ***
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
Assignee | ||
Comment 19•24 years ago
|
||
The reason I marked this bug as dup of 46518 is 46518 contains more issues
than this bug. In other words, it is just one problem of 46518.
You need to log in
before you can comment on or make changes to this bug.
Description
•