Closed
Bug 847819
Opened 11 years ago
Closed 7 years ago
crash in nsJSObjWrapper::NP_HasMethod @ JSAutoCompartment::JSAutoCompartment caused by a Java Applet using LiveConnect
Categories
(Core Graveyard :: Plug-ins, defect, P3)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: wdick, Unassigned)
References
()
Details
(Keywords: crash, reproducible)
Crash Data
Attachments
(2 files, 1 obsolete file)
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22 Steps to reproduce: Hello, when I load our Java applet and hit the "Reload current page" or "Back" button, then Firefox crashes with an EXCEPTION_ACCESS_VIOLATION. See the attached HotSpot Error log. The crash happens after the applet destroy phase. Our Java applet uses JNA to load the native PC/SC library. The crash happens only, if the applet locates a smartcard reader. So, to reproduce the crash, you have to have a connected smartcard reader. I would be happy to fix any problems, which lead to the crash, in our applet, but I have no idea what causes the crash. Firefox doesn't crash: - If a card reader is connected, but LiveConnect is not used. - If LiveConnect is used, but no card reader is found. I tested with the Firefox 19 and a nightly build 22.0a1 (2013-02-26) and 22.0a1 (2013-03-04) on Windows 7. I managed to create a crash report under my Debian system: https://crash-stats.mozilla.com/report/index/bp-ac969065-d6da-4803-b46a-6a8192130305
Updated•11 years ago
|
Severity: normal → critical
Status: UNCONFIRMED → NEW
Crash Signature: [@ JSAutoCompartment::JSAutoCompartment ]
Component: Untriaged → Plug-ins
Ever confirmed: true
Keywords: crash
OS: Windows 7 → Linux
Product: Firefox → Core
Hardware: x86_64 → x86
Summary: Memory Access Violation caused by a Java Applet using LiveConnect → crash in nsJSObjWrapper::NP_HasMethod @ JSAutoCompartment::JSAutoCompartment caused by a Java Applet using LiveConnect
Reporter | ||
Comment 1•11 years ago
|
||
Hi, I put the applet, which crashes Firefox, on the following site: http://cloudsuite.intarsys.de/cloudsuite-snippets/jsui_basic_signature_do.xhtml Greetings, Waldemar
Updated•11 years ago
|
Comment 2•11 years ago
|
||
Looks like either the JSContext or the JSObject passed to the AutoCompartment are invalid here: http://hg.mozilla.org/releases/mozilla-release/diff/0d61ae018d9f/dom/plugins/base/nsJSNPRuntime.cpp ... which results in a crash in/before the JSAutoCompartment ctor when trying to get the compartment: http://hg.mozilla.org/releases/mozilla-release/diff/ef35ba222ac8/js/src/gc/Heap.h
Comment 3•11 years ago
|
||
Waldemar, do you know if this previously worked, i.e. if it's a regression in Java or Firefox?
Flags: needinfo?(wdick)
Reporter | ||
Comment 4•11 years ago
|
||
Hi, i tried Firefox 3.0, 3.6 and 17 ESR on Windows 7. Firefox 3.0 crashes, when the applet is loaded. Firefox 3.6 and 17 crash, when the page is reloaded. I will try to get a crash report on Linux.
Flags: needinfo?(wdick)
Reporter | ||
Comment 5•11 years ago
|
||
On my Debian 7 system I tried: - Firefox 3.6 -> page reload doesn't crash - Firefox 12.0 -> page reload doesn't crash - Firefox 15.0 -> page reload doesn't crash - Firefox 16.0 -> page reload doesn't crash - Firefox 17.0 -> page reload doesn't crash - Firefox 18.0 -> https://crash-stats.mozilla.com/report/index/bp-c284e9cc-d308-4a5e-abbe-196362130305 - Firefox 19.0 (again)-> https://crash-stats.mozilla.com/report/index/bp-ce9c0235-71d0-466a-a408-44a812130305 On Windows 7 Firefox crashed on every page reload. On Debian I have to try a couple of time, before it crashes.
Comment 6•11 years ago
|
||
Thank you for the info. It sounds like you don't have any crash ids at all for this on Windows in about:crashes?
Updated•11 years ago
|
Priority: -- → P2
Reporter | ||
Comment 7•11 years ago
|
||
Sorry, tried harder and crashed 16.0 and 17.0 too: 16: https://crash-stats.mozilla.com/report/index/bp-e617aa27-3cf1-417c-ad7b-4c6b82130305 17: https://crash-stats.mozilla.com/report/index/bp-80d50ca4-5273-419c-844e-2480d2130305
Reporter | ||
Comment 8•11 years ago
|
||
(In reply to Georg Fritzsche [:gfritzsche] from comment #6) > It sounds like you don't have any crash ids at all for this on Windows in > about:crashes? No, the crashes are not reported on Windows. If it helps, I can try to record a trace with WinDbg.
Comment 9•11 years ago
|
||
I can't produce on Windows 7 x64 over a few page reloads with: * Fx 18.0.2, 19, Nightly * the current Java 7U17 (10.7.2.2) and 7U15 Stacks with Mozilla symbols[1] would be great if you could provide them. [1] https://developer.mozilla.org/en-US/docs/Using_the_Mozilla_symbol_server
Reporter | ||
Comment 10•11 years ago
|
||
This is a windbg trace. I don't know if it is useful at all, because some symbols are missing and I maybe missed the right exceptin break point.
Reporter | ||
Comment 11•11 years ago
|
||
(In reply to Georg Fritzsche [:gfritzsche] from comment #9) > I can't produce on Windows 7 x64 over a few page reloads with: > * Fx 18.0.2, 19, Nightly > * the current Java 7U17 (10.7.2.2) and 7U15 Do you have a smartcard reader connected? It doesn't crash on you, when you it "Reload" after the message "Please insert a smartcard into the card reader." is shown? If you don't have smartcard reader, I can send you one.
Comment 12•11 years ago
|
||
Thanks for the trace. I'm not very familiar with the WinDbg out (so i'd appreciate another look from someone else), but the exception analys says it's a crash (access violation) in java.exe: > 3:088> |* !analyze -v -f [...] > PROCESS_NAME: java.exe [...] > ExceptionCode: c0000005 (Access violation) ... so it would be a separate (Oracle) issue. Or is Firefox still crashing afterwards? I don't see any stack related to us in the trace.
Comment 13•11 years ago
|
||
(In reply to Georg Fritzsche [:gfritzsche] from comment #12) > but the exception analys says > it's a crash (access violation) in java.exe: Background: ".childdbg 1" tells WinDbg to attach to child processes and java.exe is launched as a child process by the Java plugin - that's why this is caught in this trace.
Comment 14•11 years ago
|
||
(In reply to Waldemar Dick from comment #11) > Do you have a smartcard reader connected? It doesn't crash on you, when you > it "Reload" after the message "Please insert a smartcard into the card > reader." is shown? I don't have a smartcard reader and i don't see such a message on the linked site: http://cloudsuite.intarsys.de/cloudsuite-snippets/jsui_basic_signature_do.xhtml But if this crash is limited to java.exe the Windows issue should be filed with Oracle anyway.
Comment 15•11 years ago
|
||
bsmedberg, per comment 12 the windows crash is an Oracle bug, right? (With the original report being a Linux crash in Fx)
Flags: needinfo?(benjamin)
Comment 16•11 years ago
|
||
(In reply to Waldemar Dick from comment #0) > Our Java applet uses JNA to load the native PC/SC library. The crash happens > only, > if the applet locates a smartcard reader. So, to reproduce the crash, you > have to have a connected smartcard reader. Sorry Waldemar, i initially over-read that part. You don't think there is any chance you could reproduce this without a smartcard reader? Otherwise it's much harder to work on this with different testers, contributors, etc.
Flags: needinfo?(wdick)
Priority: P2 → P3
Comment 17•11 years ago
|
||
Also, does this reproduce on Firefox Aurora? [1] We are making Java run out-of-process again on non-Windows platform, so it's possible that it is something that's not happening under those circumstances. [1] http://www.mozilla.org/en-US/firefox/channel/#aurora
Comment 18•11 years ago
|
||
Correct, the Windows crash is 1) not this bug 2) an Oracle bug that we don't want to track in Mozilla bugzilla. The original bug here is different: it may be an Java bug or ours, and if it's a Java bug it still might be possible to defend against it.
Flags: needinfo?(benjamin)
Reporter | ||
Comment 19•11 years ago
|
||
Hi, (In reply to Georg Fritzsche [:gfritzsche] [away Mar 8 - Mar 17] from comment #16) > Otherwise it's much harder to work on this with different testers, > contributors, etc. I know and I will try to reproduce it without a smartcard reader. (In reply to Georg Fritzsche [:gfritzsche] [away Mar 8 - Mar 17] from comment #17) > Also, does this reproduce on Firefox Aurora? [1] > We are making Java run out-of-process again on non-Windows platform, so it's > possible that it is something that's not happening under those circumstances. I will check Firefox Aurora in the next hour. (In reply to Benjamin Smedberg [:bsmedberg] from comment #18) > Correct, the Windows crash is 1) not this bug 2) an Oracle bug that we don't > want to track in Mozilla bugzilla. > > The original bug here is different: it may be an Java bug or ours, and if > it's a Java bug it still might be possible to defend against it. Firefox behaves differently, when WinDbg is connected. Can I help you any other way? Something like remote debugging on a my machine?
Flags: needinfo?(wdick)
Comment 20•11 years ago
|
||
(In reply to Waldemar Dick from comment #19) > I know and I will try to reproduce it without a smartcard reader. [...] > (In reply to Georg Fritzsche [:gfritzsche] [away Mar 8 - Mar 17] from > comment #17) > > Also, does this reproduce on Firefox Aurora? [1] > > We are making Java run out-of-process again on non-Windows platform, so it's > > possible that it is something that's not happening under those circumstances. > > I will check Firefox Aurora in the next hour. Did you have any luck on those two things? > Firefox behaves differently, when WinDbg is connected. So Fx is crashing from this on Windows too? Can you catch a stack for that if you don't attach to child processes (i.e. leave out ".childdbg 1")?
Reporter | ||
Comment 21•11 years ago
|
||
(In reply to Georg Fritzsche [:gfritzsche] [away Mar 8 - Mar 17] from comment #20) > > > Also, does this reproduce on Firefox Aurora? [1] > > I will check Firefox Aurora in the next hour. > > Did you have any luck on those two things? No. Firefox Aurora crashed too and I didn't get a Firefox crash-report. > > Firefox behaves differently, when WinDbg is connected. > > So Fx is crashing from this on Windows too? Can you catch a stack for that > if you don't attach to child processes (i.e. leave out ".childdbg 1")? I will try.
Reporter | ||
Comment 22•11 years ago
|
||
Hello, it took a while, but now I can reproduce the bug without a smartcard reader. To reproduce the bug, go to: http://cloudsuite.intarsys.de/cloudsuite-snippets/firefox-crash.xhtml You have to enable Java to load the Java Applet. I mocked the PC/SC events and signed my code changes with a self signed certificate, so you have to trust a insecure certificate. If this is a problem, I can sign the code with our corporate certificate, but this will take some time. Wait until you see the message "Please insert a smartcard into the card reader." and then press the Reload button. Firefox should crash then. Hope this helps. Greetings Waldemar Dick
Comment 23•11 years ago
|
||
I can reproduce with the STR in comment 22 on Windows but there's no Crash Reporter.
Comment 24•11 years ago
|
||
(In reply to Waldemar Dick from comment #22) > Hope this helps. Definitely, thank you.
Comment 25•11 years ago
|
||
I can't reproduce in Nightly. Can you still reproduce? What is your crash ID now?
Flags: needinfo?(wdick)
Reporter | ||
Comment 26•11 years ago
|
||
(In reply to Scoobidiver from comment #25) > I can't reproduce in Nightly. > Can you still reproduce? What is your crash ID now? Hi, sorry for the late answer. I tried Aurora 24.0a2 (2013-08-04) and it still crashes withou a crash ID. I will attach the jvm stack dump.
Flags: needinfo?(wdick)
Reporter | ||
Comment 27•11 years ago
|
||
Attachment #721101 -
Attachment is obsolete: true
Reporter | ||
Comment 28•11 years ago
|
||
The demo page http://cloudsuite.intarsys.de/cloudsuite-snippets/firefox-crash.xhtml won't start the Java applet right now. I will fix it this week.
Comment 29•7 years ago
|
||
I'm marking this bug as WONTFIX per bug #1269807. For more information see - https://blog.mozilla.org/futurereleases/2015/10/08/npapi-plugins-in-firefox/
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•