Javascript call Java and Java callback to Javascript crashes the browser

VERIFIED DUPLICATE of bug 46518

Status

VERIFIED DUPLICATE of bug 46518
18 years ago
8 years ago

People

(Reporter: xiaobin.lu, Assigned: xiaobin.lu)

Tracking

Trunk
x86
Windows NT
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(3 attachments)

467 bytes, application/octet-stream
Details
1.43 KB, text/plain
Details
1.18 KB, application/octet-stream
Details
(Assignee)

Description

18 years ago
Javascript call Java resume to work after 82034, Java call Javascript resumes 
to work after 77600, however, Javascript call Java and then Java call back 
crashes the browser.
(Assignee)

Comment 1

18 years ago
Created attachment 37103 [details]
A simple testcase
(Assignee)

Comment 2

18 years ago
Created attachment 37105 [details]
Testcase in zip format
(Assignee)

Comment 3

18 years ago
I posted the testcase both in binary format ( the first) and text format ( the 
second). Please use MSIE to open the testcase. I tried to using NS4.75 to open 
the testcase and it seems not working.

Comment 4

18 years ago
For some reason, I am unable to unzip attachment id=37105.
I tried WinZip on WinNT, gunzip on Cygwin/WinNT, and gunzip on Linux.
I keep getting errors in each case -
(Assignee)

Comment 5

18 years ago
  Sorry for inconvinience! I will post the testcase in some external webserver 
so your guys can access it.
(Assignee)

Comment 6

18 years ago
Created attachment 37253 [details]
The testcase

Comment 7

18 years ago
I was able to decompress the latest attachment (id=37253) successfully
on Cygwin/WinNT by using tar -xzf on it...

When I try 'test.html' in NN4.7, it works perfectly. But when I try it
with any recent Mozilla build, I crash as soon as I hit "Run Test": 


00000000()
_js_LookupProperty(JSContext * 0x0382f4c0, JSObject * 0x02ca1278, long 71717568, 
JSObject * * 0x0012d994, JSProperty * * 0x0012d988, const char * 0x00e32a28, 
unsigned int 2335) line 2182 + 24 bytes
js_GetProperty(JSContext * 0x0382f4c0, JSObject * 0x02ca1270, long 71717568, 
long * 0x0012e524) line 2335 + 35 bytes
js_Interpret(JSContext * 0x0382f4c0, long * 0x0012e6dc) line 2535 + 1998 bytes
js_Invoke(JSContext * 0x0382f4c0, unsigned int 1, unsigned int 2) line 824 + 13 
bytes
js_InternalInvoke(JSContext * 0x0382f4c0, JSObject * 0x02ca1218, long 46797344, 
unsigned int 0, unsigned int 1, long * 0x0012e8b4, long * 0x0012e804) line 896 + 
20 bytes
JS_CallFunctionValue(JSContext * 0x0382f4c0, JSObject * 0x02ca1218, long 
46797344, unsigned int 1, long * 0x0012e8b4, long * 0x0012e804) line 3320 + 31 
bytes
nsJSContext::CallEventHandler(nsJSContext * const 0x0382feb0, void * 0x02ca1218, 
void * 0x02ca1220, unsigned int 1, void * 0x0012e8b4, int * 0x0012e8b0, int 0) 
line 934 + 33 bytes
nsJSEventListener::HandleEvent(nsJSEventListener * const 0x04499c10, nsIDOMEvent 
* 0x04491494) line 139 + 57 bytes
nsEventListenerManager::HandleEventSubType(nsListenerStruct * 0x04499b90, 
nsIDOMEvent * 0x04491494, nsIDOMEventTarget * 0x04182250, unsigned int 4, 
unsigned int 7) line 1119 + 20 bytes
nsEventListenerManager::HandleEvent(nsEventListenerManager * const 0x04499c60, 
nsIPresContext * 0x04ff3bb0, nsEvent * 0x0012f340, nsIDOMEvent * * 0x0012f040, 
nsIDOMEventTarget * 0x04182250, unsigned int 7, nsEventStatus * 0x0012f718) line 
1285 + 36 bytes
nsGenericElement::HandleDOMEvent(nsGenericElement * const 0x0449eb20, 
nsIPresContext * 0x04ff3bb0, nsEvent * 0x0012f340, nsIDOMEvent * * 0x0012f040, 
unsigned int 1, nsEventStatus * 0x0012f718) line 1674
nsHTMLInputElement::HandleDOMEvent(nsHTMLInputElement * const 0x0449eb20, 
nsIPresContext * 0x04ff3bb0, nsEvent * 0x0012f340, nsIDOMEvent * * 0x00000000, 
unsigned int 1, nsEventStatus * 0x0012f718) line 1078 + 29 bytes
PresShell::HandleEventInternal(nsEvent * 0x0012f340, nsIView * 0x00000000, 
unsigned int 1, nsEventStatus * 0x0012f718) line 5513 + 47 bytes
PresShell::HandleEventWithTarget(PresShell * const 0x04fda050, nsEvent * 
0x0012f340, nsIFrame * 0x02d6ae64, nsIContent * 0x0449eb20, unsigned int 1, 
nsEventStatus * 0x0012f718) line 5486 + 22 bytes
nsEventStateManager::CheckForAndDispatchClick(nsEventStateManager * const 
0x03bc8e30, nsIPresContext * 0x04ff3bb0, nsMouseEvent * 0x0012f824, 
nsEventStatus * 0x0012f718) line 2463 + 61 bytes
nsEventStateManager::PostHandleEvent(nsEventStateManager * const 0x03bc8e38, 
nsIPresContext * 0x04ff3bb0, nsEvent * 0x0012f824, nsIFrame * 0x02d6ae64, 
nsEventStatus * 0x0012f718, nsIView * 0x0446f7b0) line 1548 + 28 bytes
PresShell::HandleEventInternal(nsEvent * 0x0012f824, nsIView * 0x0446f7b0, 
unsigned int 1, nsEventStatus * 0x0012f718) line 5533 + 43 bytes
PresShell::HandleEvent(PresShell * const 0x04fda054, nsIView * 0x0446f7b0, 
nsGUIEvent * 0x0012f824, nsEventStatus * 0x0012f718, int 0, int & 1) line 5440 + 
25 bytes
nsView::HandleEvent(nsView * const 0x0446f7b0, nsGUIEvent * 0x0012f824, unsigned 
int 8, nsEventStatus * 0x0012f718, int 0, int & 1) line 377
nsView::HandleEvent(nsView * const 0x0446ff70, nsGUIEvent * 0x0012f824, unsigned 
int 8, nsEventStatus * 0x0012f718, int 0, int & 1) line 350
nsView::HandleEvent(nsView * const 0x04fde390, nsGUIEvent * 0x0012f824, unsigned 
int 28, nsEventStatus * 0x0012f718, int 1, int & 1) line 350
nsViewManager::DispatchEvent(nsViewManager * const 0x04fde520, nsGUIEvent * 
0x0012f824, nsEventStatus * 0x0012f718) line 2051
HandleEvent(nsGUIEvent * 0x0012f824) line 68
nsWindow::DispatchEvent(nsWindow * const 0x0446a394, nsGUIEvent * 0x0012f824, 
nsEventStatus & nsEventStatus_eIgnore) line 712 + 10 bytes
nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012f824) line 733
nsWindow::DispatchMouseEvent(unsigned int 301, nsPoint * 0x00000000) line 4195 + 
21 bytes
ChildWindow::DispatchMouseEvent(unsigned int 301, nsPoint * 0x00000000) line 
4442
nsWindow::ProcessMessage(unsigned int 514, unsigned int 0, long 3604556, long * 
0x0012fc2c) line 3166 + 24 bytes
nsWindow::WindowProc(HWND__ * 0x003b02fe, unsigned int 514, unsigned int 0, long 
3604556) line 979 + 27 bytes
USER32! 77e71820()
 
Status: UNCONFIRMED → NEW
Ever confirmed: true

Comment 8

18 years ago
This is the Java plug-in I am using on WinNT with Mozilla:

File name: D:\mozilla\dist\WIN32_D.OBJ\bin\plugins\NPOJI600.dll
Java Plug-in 1.3.0_01 for Netscape Navigator (DLL Helper)

Mime Type                         Description                  Suffixes Enabled
application/x-java-vm   Java Virtual Machine for Netscape 6.x        Yes

Comment 9

18 years ago
This smells like the problem fixed in bug #82034. Please get that patch and 
verify.  The crash is happening on a call to a NULL function pointer called 
resolve.
Depends on: 82034
(Assignee)

Comment 10

18 years ago
  I filed this bug with latest trunk with fix for 77600, 82034. So I don't think 
it is same problem as 82034.
   Actually the problem is to make it work, I need to grant all the permissions 
in my java policy file which is not supposed to be like that.

Comment 11

18 years ago
I have finished a debug WinNT Mozilla build 2001-06-05. Also, I downloaded
the WinNT binary 2001060509 from the ftp server. Both come one day after 
the fix for bug 82034 was checked in. 

With each build, the browser no longer crashes when I click the "Run Test"
button in Test.html; but then again, NOTHING happens. No alertbox comes up. 

No errors appear in the JavaScript console. In the Java Console all I
see is the message 

                   Calling getWIndow() ....

which appears as soon as I load Test.html. When I click the "Run Test"
button, no further message appears in the Java Console or the Mozilla
debug console.

The onClick handler of the "Run Test" button is 

                 document.callLCApplet.callAlert()


When I type that in as a javascript:URL and hit enter, I get this message 
in the Mozilla debug console:

Error loading URL javascript: document.callLCApplet.callAlert() : 2152924149

Comment 12

18 years ago
That same error number (2152924149) also occurs in these bugs:

                             bug 83799
                             bug 83981 
(Assignee)

Comment 13

18 years ago
You need to apply patch of 77600 to reproduce the problem.

Comment 14

18 years ago
OK, but I was testing Patrick's idea at 2001-06-05 17:40 above:

  > This smells like the problem fixed in bug 82034. Please get that patch
  > and verify.  The crash is happening on a call to a NULL function pointer 
  > called resolve.

(Assignee)

Updated

18 years ago
Blocks: 59447
(Assignee)

Comment 15

18 years ago
   Applied patch for 77600, tested on today's trunk and I got a crash. The stack 
trace looks like:
NTDLL! 77f7629c()
jsj_HashJavaObject(const void * 0x0086f7c0, void * 0x03dee530) line 76 + 18 
bytes
jsj_WrapJavaObject(JSContext * 0x03aa1520, const JNINativeInterface_ * * 
0x03dee530, _jobject * 0x0086f7c0, _jobject * 0x0086f7c4) line 129 + 13 bytes
jsj_ConvertJavaObjectToJSValue(JSContext * 0x03aa1520, const JNINativeInterface_ 
* * 0x03dee530, _jobject * 0x0086f7c0, long * 0x1bf48030) line 861 + 21 bytes
nsCLiveconnect::Call(nsCLiveconnect * const 0x03dea880, JNIEnv_ * 0x03dee530, 
long 469010784, const unsigned short * 0x00871780, long 8, _jobjectArray * 
0x0086f624, void * * 0x00000000, int 0, nsISupports * 0x026f3dd0, _jobject * * 
0x0012c984) line 449 + 27 bytes
CJSCallDispatcher::Dispatch(JSObject_CallInfo * 0x026f11c0) line 370 + 58 bytes
CJSCallDispatcher::Run(CJSCallDispatcher * const 0x026f1180) line 981 + 39 bytes
   The reason is there is some exception occured during a call to 
java.lang.System.identifyHashcode. The exception is:
java.security.AccessControlException: access denied (java.lang.RuntimePermission 
getProtectionDomain)
	at java.security.AccessControlContext.checkPermission(Unknown Source)
	at java.security.AccessController.checkPermission(Unknown Source)
	at java.lang.SecurityManager.checkPermission(Unknown Source)
	at java.lang.Class.getProtectionDomain(Unknown Source)
	at 
sun.plugin.liveconnect.SecureInvocation.checkLiveConnectCaller(SecureInvocation.
java:420)
	at 
sun.plugin.liveconnect.SecureInvocation.CallMethod(SecureInvocation.java:262)
	at sun.plugin.javascript.navig5.JSObject.JSObjectGetMember(Native 
Method)
	at sun.plugin.javascript.navig5.JSObject.getMember(JSObject.java:181)
	at JavaToJS.getMemberTest(JavaToJS.java:299)
	at java.lang.reflect.Method.invoke(Native Method)
	at 
sun.plugin.liveconnect.PrivilegedCallMethodAction.run(SecureInvocation.java:585)
	at java.security.AccessController.doPrivileged(Native Method)
	at 
sun.plugin.liveconnect.SecureInvocation.CallMethod(SecureInvocation.java:276)
java.security.AccessControlException: access denied (java.lang.RuntimePermission 
getProtectionDomain)
	at java.security.AccessControlContext.checkPermission(Unknown Source)
	at java.security.AccessController.checkPermission(Unknown Source)
	at java.lang.SecurityManager.checkPermission(Unknown Source)
	at java.lang.Class.getProtectionDomain(Unknown Source)
	at 
sun.plugin.liveconnect.SecureInvocation.checkLiveConnectCaller(SecureInvocation.
java:420)
	at 
sun.plugin.liveconnect.SecureInvocation.CallMethod(SecureInvocation.java:262)
	at sun.plugin.javascript.navig5.JSObject.JSObjectGetMember(Native 
Method)
	at sun.plugin.javascript.navig5.JSObject.getMember(JSObject.java:181)
	at JavaToJS.getMemberTest(JavaToJS.java:299)
	at java.lang.reflect.Method.invoke(Native Method)
	at 
sun.plugin.liveconnect.PrivilegedCallMethodAction.run(SecureInvocation.java:585)
	at java.security.AccessController.doPrivileged(Native Method)
	at 
sun.plugin.liveconnect.SecureInvocation.CallMethod(SecureInvocation.java:276)
  
   By the way, grant all permission in java.policy file solves the problem.
(Assignee)

Comment 16

18 years ago
Reassign!
Assignee: beard → xiaobin.lu

Comment 17

18 years ago
On the Mac, I don't crash when I hit the "Run Test" button, but the first time 
the applet is run, the value of TestApplet.win is null, so the call to 
TestApplet.callAlert() fails with a NullPointerException. If I hit reload, the 
second time around, the call to JSObject.getWindow(this) works. Evidently there 
is some kind of race condition when initializing the applet the first time.
(Assignee)

Comment 18

18 years ago

*** This bug has been marked as a duplicate of 46518 ***
Status: NEW → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → DUPLICATE
(Assignee)

Comment 19

18 years ago
  The reason I marked this bug as dup of 46518 is 46518 contains more issues 
than this bug. In other words, it is just one problem of 46518.

Comment 20

18 years ago
Marking Verified Duplicate -
Status: RESOLVED → VERIFIED

Updated

8 years ago
Component: Java: Live Connect → Java: Live Connect
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.