-
Bug
-
Resolution: Cannot Reproduce
-
P4
-
None
-
1.1.1, 1.2.0
-
x86, sparc
-
solaris_2.5, solaris_2.5.1
It appears as though my X server is in a weird state, but nevertheless...
Trying to run *any* applet with any 1.1 or 1.2 appletviewer causes a core dump.
From the code path in dbx, it appears that the "loadFont()" function in
src/solaris/native/sun/awt/awt_font.c is returning NULL, which means that
the XLoadQueryFont is failing for even the fallback default font name of
-*-helvetica-*-*-*-*-*-*-12-*-*-*-iso8859-1
Below is a sample core dump output, followed by some interaction with dbx
in the same situation. The violation occurs on line 479 of multi_font.c
(in the Aug 21 JDK build); it is trying to dereference the return value of
a loadFont() call, which return NULL.
This shouldn't cause a core dump, so the return value from loadFont() should
be checked.
appletviewer http://jse.east/~jones/java/appletinner/index.html
SIGSEGV 11* segmentation violation
si_signo [11]: SIGSEGV 11* segmentation violation
si_errno [0]: Error 0
si_code [1]: SEGV_MAPERR [addr: 0x14]
stackbase=F0000000, stackpointer=EFFFE1A0
Full thread dump:
"thread applet-AppletInner" (TID:0xee7062c8, sys_thread_t:0x3af028, state:CW
) prio=4
at java.lang.Object.wait(Native Method)
at java.lang.Object.wait(Object.java:309)
at sun.applet.AppletPanel.getNextEvent(AppletPanel.java:216)
at sun.applet.AppletPanel.run(AppletPanel.java:240)
at java.lang.Thread.run(Thread.java:465)
"AWT-Motif" (TID:0xee70b4b8, sys_thread_t:0x38cef0, state:MW) prio=5
at sun.awt.motif.MToolkit.run(Native Method)
at java.lang.Thread.run(Thread.java:465)
"AWT-Input" (TID:0xee70b380, sys_thread_t:0x38cde8, state:MW) prio=5
at sun.awt.motif.InputThread.run(Native Method)
"AWT-EventQueue-0" (TID:0xee70b338, sys_thread_t:0x386f58, state:CW) prio=5
at java.lang.Object.wait(Native Method)
at java.lang.Object.wait(Object.java:309)
at java.awt.EventQueue.getNextEvent(EventQueue.java:114)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:44)
"Keep-Alive-Timer:jse.east" (TID:0xee70c758, sys_thread_t:0xc6608, state:CW)
prio=8
at java.lang.Thread.sleep(Native Method)
at sun.net.www.http.ClientVector.run(KeepAliveCache.java:200)
at java.lang.Thread.run(Thread.java:465)
"Finalizer" (TID:0xee700310, sys_thread_t:0x45ad0, state:CW) prio=1
at java.lang.Object.wait(Native Method)
at java.lang.Ref$Queue.remove(Ref.java:92)
at java.lang.Ref$Queue.remove(Ref.java:99)
at java.lang.Finalizer$FinalizerThread.run(Finalizer.java:130)
"Ref handler" (TID:0xee7003c0, sys_thread_t:0x429a8, state:CW) prio=10
at java.lang.Object.wait(Native Method)
at java.lang.Object.wait(Object.java:309)
at java.lang.Ref$RefHandler.run(Ref.java:123)
"Async Garbage Collector" (TID:0xee700448, sys_thread_t:0x3d868, state:CW) p
rio=1
"Idle thread" (TID:0xee7001d0, sys_thread_t:0x3c380, state:R) prio=0
"Clock" (TID:0xee700058, sys_thread_t:0x62410, state:CW) prio=12
"main" (TID:0xee700088, sys_thread_t:0x209f8, state:R) prio=5 *current threa
d*
at sun.awt.motif.MComponentPeer.setFont(Native Method)
at sun.awt.motif.MFramePeer.<init>(MFramePeer.java:63)
at sun.awt.motif.MToolkit.createFrame(MToolkit.java:115)
at java.awt.Frame.addNotify(Frame.java:195)
at java.awt.Window.pack(Window.java:124)
at sun.applet.AppletViewer.<init>(AppletViewer.java:196)
at sun.applet.StdAppletViewerFactory.createAppletViewer(AppletViewer.jav
a:81)
at sun.applet.AppletViewer.parse(AppletViewer.java:941)
at sun.applet.AppletViewer.parse(AppletViewer.java:907)
at sun.applet.AppletViewer.main(AppletViewer.java:1084)
Monitor Cache Dump:
sun.awt.motif.MToolkit@EE70B8F8/EE796098: owner "main" (0x209f8, 1 entry)
Waiting to enter:
"AWT-Input"
"AWT-Motif"
Registered Monitor Dump:
utf8 hash table: <unowned>
JNI pinning lock: <unowned>
JNI global reference lock: <unowned>
BinClass lock: <unowned>
Class linking lock: <unowned>
Code rewrite lock: <unowned>
Heap lock: <unowned>
Monitor IO lock: <unowned>
Child death monitor: <unowned>
Event monitor: <unowned>
I/O monitor: <unowned>
Alarm monitor: <unowned>
Waiting to be notified:
"Clock"
Sbrk lock: <unowned>
Monitor cache expansion lock: <unowned>
Thread queue lock: <unowned>
Monitor registry: owner "main" (0x209f8, 1 entry)
Thread Alarm Q:
sys_thread_t 0x3d868 [Timeout in 680 ms]
sys_thread_t 0xc6608 [Timeout in 2163 ms]
Abort
signal SEGV (no mapping at the fault address) in awtJNI_GetFontList at line 479
in file "multi_font.c"
479 if (xf->min_byte1 == 0 && xf->max_byte1 == 0) {
(dbx) print fdata->flist[i].xlfd
fdata->flist[i].xlfd = 0x3711c8 "-*-helvetica-*-*-*-*-*-*-12-*-*-*-iso8859-1"
(dbx) where
=>[1] awtJNI_GetFontList(env = 0x20a20, font = 0x23ebc), line 479 in "multi_font
.c"
[2] Java_sun_awt_motif_MComponentPeer_setFont(env = 0x20a20, this = 0xefffed6c
, f = 0x23ebc), line 554 in "awt_Component.c"
[3] invoke_O_V(o = 0xee30ebd8, mb = 0x3796e8, args_size = 2, ee = 0x20a20), li
ne 311 in "invokers.c"
[4] invokeLazyNativeMethod(o = 0xee30ebd8, mb = 0x3796e8, args_size = 2, ee =
0x20a20), line 496 in "classruntime.c"
[5] ExecuteJava_C(initial_pc = 0xeffff530 "\x30000059", ee = 0x20a20), line 14
47 in "executeJava.c"
[6] do_execute_java_method_vararg(ee = 0x20a20, obj = 0xee3050b8, method_name
= 0x56c18 "main", method_signature = 0x59f90 "([Ljava/lang/String;)V", mb = 0x69
b10, isStaticCall = TRUE, args = 0xeffff640, otherBits = (nil), shortFloats = FA
LSE), line 574 in "interpreter.c"
[7] do_execute_java_method(ee = 0x20a20, obj = 0xee3050b8, method_name = (nil)
, signature = (nil), mb = 0x69b10, isStaticCall = TRUE, ...), line 406 in "inter
preter.c"
[8] java_main(argc = 0, argv = 0xeffff86c), line 713 in "javai.c"
[9] main(argc = 3, argv = 0xeffff864, envp = 0xeffff874), line 25 in "java.c"
(dbx) print xf
xf = (nil)
(dbx) where
=>[1] awtJNI_GetFontList(env = 0x20a20, font = 0x23ebc), line 479 in "multi_font
.c"
[2] Java_sun_awt_motif_MComponentPeer_setFont(env = 0x20a20, this = 0xefffed6c
, f = 0x23ebc), line 554 in "awt_Component.c"
[3] invoke_O_V(o = 0xee30ebd8, mb = 0x3796e8, args_size = 2, ee = 0x20a20), li
ne 311 in "invokers.c"
[4] invokeLazyNativeMethod(o = 0xee30ebd8, mb = 0x3796e8, args_size = 2, ee =
0x20a20), line 496 in "classruntime.c"
[5] ExecuteJava_C(initial_pc = 0xeffff530 "\x30000059", ee = 0x20a20), line 14
47 in "executeJava.c"
[6] do_execute_java_method_vararg(ee = 0x20a20, obj = 0xee3050b8, method_name
= 0x56c18 "main", method_signature = 0x59f90 "([Ljava/lang/String;)V", mb = 0x69
b10, isStaticCall = TRUE, args = 0xeffff640, otherBits = (nil), shortFloats = FA
LSE), line 574 in "interpreter.c"
[7] do_execute_java_method(ee = 0x20a20, obj = 0xee3050b8, method_name = (nil)
, signature = (nil), mb = 0x69b10, isStaticCall = TRUE, ...), line 406 in "inter
preter.c"
[8] java_main(argc = 0, argv = 0xeffff86c), line 713 in "javai.c"
[9] main(argc = 3, argv = 0xeffff864, envp = 0xeffff874), line 25 in "java.c"
(dbx)
eric.hawkes@eng 1997-10-17 Accepted the bug. After looking at the code, it
appears that a fix may exist.
Trying to run *any* applet with any 1.1 or 1.2 appletviewer causes a core dump.
From the code path in dbx, it appears that the "loadFont()" function in
src/solaris/native/sun/awt/awt_font.c is returning NULL, which means that
the XLoadQueryFont is failing for even the fallback default font name of
-*-helvetica-*-*-*-*-*-*-12-*-*-*-iso8859-1
Below is a sample core dump output, followed by some interaction with dbx
in the same situation. The violation occurs on line 479 of multi_font.c
(in the Aug 21 JDK build); it is trying to dereference the return value of
a loadFont() call, which return NULL.
This shouldn't cause a core dump, so the return value from loadFont() should
be checked.
appletviewer http://jse.east/~jones/java/appletinner/index.html
SIGSEGV 11* segmentation violation
si_signo [11]: SIGSEGV 11* segmentation violation
si_errno [0]: Error 0
si_code [1]: SEGV_MAPERR [addr: 0x14]
stackbase=F0000000, stackpointer=EFFFE1A0
Full thread dump:
"thread applet-AppletInner" (TID:0xee7062c8, sys_thread_t:0x3af028, state:CW
) prio=4
at java.lang.Object.wait(Native Method)
at java.lang.Object.wait(Object.java:309)
at sun.applet.AppletPanel.getNextEvent(AppletPanel.java:216)
at sun.applet.AppletPanel.run(AppletPanel.java:240)
at java.lang.Thread.run(Thread.java:465)
"AWT-Motif" (TID:0xee70b4b8, sys_thread_t:0x38cef0, state:MW) prio=5
at sun.awt.motif.MToolkit.run(Native Method)
at java.lang.Thread.run(Thread.java:465)
"AWT-Input" (TID:0xee70b380, sys_thread_t:0x38cde8, state:MW) prio=5
at sun.awt.motif.InputThread.run(Native Method)
"AWT-EventQueue-0" (TID:0xee70b338, sys_thread_t:0x386f58, state:CW) prio=5
at java.lang.Object.wait(Native Method)
at java.lang.Object.wait(Object.java:309)
at java.awt.EventQueue.getNextEvent(EventQueue.java:114)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:44)
"Keep-Alive-Timer:jse.east" (TID:0xee70c758, sys_thread_t:0xc6608, state:CW)
prio=8
at java.lang.Thread.sleep(Native Method)
at sun.net.www.http.ClientVector.run(KeepAliveCache.java:200)
at java.lang.Thread.run(Thread.java:465)
"Finalizer" (TID:0xee700310, sys_thread_t:0x45ad0, state:CW) prio=1
at java.lang.Object.wait(Native Method)
at java.lang.Ref$Queue.remove(Ref.java:92)
at java.lang.Ref$Queue.remove(Ref.java:99)
at java.lang.Finalizer$FinalizerThread.run(Finalizer.java:130)
"Ref handler" (TID:0xee7003c0, sys_thread_t:0x429a8, state:CW) prio=10
at java.lang.Object.wait(Native Method)
at java.lang.Object.wait(Object.java:309)
at java.lang.Ref$RefHandler.run(Ref.java:123)
"Async Garbage Collector" (TID:0xee700448, sys_thread_t:0x3d868, state:CW) p
rio=1
"Idle thread" (TID:0xee7001d0, sys_thread_t:0x3c380, state:R) prio=0
"Clock" (TID:0xee700058, sys_thread_t:0x62410, state:CW) prio=12
"main" (TID:0xee700088, sys_thread_t:0x209f8, state:R) prio=5 *current threa
d*
at sun.awt.motif.MComponentPeer.setFont(Native Method)
at sun.awt.motif.MFramePeer.<init>(MFramePeer.java:63)
at sun.awt.motif.MToolkit.createFrame(MToolkit.java:115)
at java.awt.Frame.addNotify(Frame.java:195)
at java.awt.Window.pack(Window.java:124)
at sun.applet.AppletViewer.<init>(AppletViewer.java:196)
at sun.applet.StdAppletViewerFactory.createAppletViewer(AppletViewer.jav
a:81)
at sun.applet.AppletViewer.parse(AppletViewer.java:941)
at sun.applet.AppletViewer.parse(AppletViewer.java:907)
at sun.applet.AppletViewer.main(AppletViewer.java:1084)
Monitor Cache Dump:
sun.awt.motif.MToolkit@EE70B8F8/EE796098: owner "main" (0x209f8, 1 entry)
Waiting to enter:
"AWT-Input"
"AWT-Motif"
Registered Monitor Dump:
utf8 hash table: <unowned>
JNI pinning lock: <unowned>
JNI global reference lock: <unowned>
BinClass lock: <unowned>
Class linking lock: <unowned>
Code rewrite lock: <unowned>
Heap lock: <unowned>
Monitor IO lock: <unowned>
Child death monitor: <unowned>
Event monitor: <unowned>
I/O monitor: <unowned>
Alarm monitor: <unowned>
Waiting to be notified:
"Clock"
Sbrk lock: <unowned>
Monitor cache expansion lock: <unowned>
Thread queue lock: <unowned>
Monitor registry: owner "main" (0x209f8, 1 entry)
Thread Alarm Q:
sys_thread_t 0x3d868 [Timeout in 680 ms]
sys_thread_t 0xc6608 [Timeout in 2163 ms]
Abort
signal SEGV (no mapping at the fault address) in awtJNI_GetFontList at line 479
in file "multi_font.c"
479 if (xf->min_byte1 == 0 && xf->max_byte1 == 0) {
(dbx) print fdata->flist[i].xlfd
fdata->flist[i].xlfd = 0x3711c8 "-*-helvetica-*-*-*-*-*-*-12-*-*-*-iso8859-1"
(dbx) where
=>[1] awtJNI_GetFontList(env = 0x20a20, font = 0x23ebc), line 479 in "multi_font
.c"
[2] Java_sun_awt_motif_MComponentPeer_setFont(env = 0x20a20, this = 0xefffed6c
, f = 0x23ebc), line 554 in "awt_Component.c"
[3] invoke_O_V(o = 0xee30ebd8, mb = 0x3796e8, args_size = 2, ee = 0x20a20), li
ne 311 in "invokers.c"
[4] invokeLazyNativeMethod(o = 0xee30ebd8, mb = 0x3796e8, args_size = 2, ee =
0x20a20), line 496 in "classruntime.c"
[5] ExecuteJava_C(initial_pc = 0xeffff530 "\x30000059", ee = 0x20a20), line 14
47 in "executeJava.c"
[6] do_execute_java_method_vararg(ee = 0x20a20, obj = 0xee3050b8, method_name
= 0x56c18 "main", method_signature = 0x59f90 "([Ljava/lang/String;)V", mb = 0x69
b10, isStaticCall = TRUE, args = 0xeffff640, otherBits = (nil), shortFloats = FA
LSE), line 574 in "interpreter.c"
[7] do_execute_java_method(ee = 0x20a20, obj = 0xee3050b8, method_name = (nil)
, signature = (nil), mb = 0x69b10, isStaticCall = TRUE, ...), line 406 in "inter
preter.c"
[8] java_main(argc = 0, argv = 0xeffff86c), line 713 in "javai.c"
[9] main(argc = 3, argv = 0xeffff864, envp = 0xeffff874), line 25 in "java.c"
(dbx) print xf
xf = (nil)
(dbx) where
=>[1] awtJNI_GetFontList(env = 0x20a20, font = 0x23ebc), line 479 in "multi_font
.c"
[2] Java_sun_awt_motif_MComponentPeer_setFont(env = 0x20a20, this = 0xefffed6c
, f = 0x23ebc), line 554 in "awt_Component.c"
[3] invoke_O_V(o = 0xee30ebd8, mb = 0x3796e8, args_size = 2, ee = 0x20a20), li
ne 311 in "invokers.c"
[4] invokeLazyNativeMethod(o = 0xee30ebd8, mb = 0x3796e8, args_size = 2, ee =
0x20a20), line 496 in "classruntime.c"
[5] ExecuteJava_C(initial_pc = 0xeffff530 "\x30000059", ee = 0x20a20), line 14
47 in "executeJava.c"
[6] do_execute_java_method_vararg(ee = 0x20a20, obj = 0xee3050b8, method_name
= 0x56c18 "main", method_signature = 0x59f90 "([Ljava/lang/String;)V", mb = 0x69
b10, isStaticCall = TRUE, args = 0xeffff640, otherBits = (nil), shortFloats = FA
LSE), line 574 in "interpreter.c"
[7] do_execute_java_method(ee = 0x20a20, obj = 0xee3050b8, method_name = (nil)
, signature = (nil), mb = 0x69b10, isStaticCall = TRUE, ...), line 406 in "inter
preter.c"
[8] java_main(argc = 0, argv = 0xeffff86c), line 713 in "javai.c"
[9] main(argc = 3, argv = 0xeffff864, envp = 0xeffff874), line 25 in "java.c"
(dbx)
eric.hawkes@eng 1997-10-17 Accepted the bug. After looking at the code, it
appears that a fix may exist.
- duplicates
-
-
- Closed
-
- relates to
-
-
- Closed
-