P2 A simple JAI 1.1.2 application will crash when loading and processing an invalid image file (.jpg tested). The application programmer has no known way to handle this - an exception should be thrown that we can catch.
Worse than an uncaught exception, the result of simply processing an invalid file is a crash of the native JVM.
The testcase and test file are attached:
/// Testcase:
import java.awt.image.RenderedImage;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import javax.media.jai.JAI;
import com.sun.media.jai.codec.MemoryCacheSeekableStream;
import com.sun.media.jai.codec.SeekableStream;
public class JAICrashTest {
public static void main(String[] args) throws IOException {
String fileName = args[0];
byte[] data = loadFile(fileName);
InputStream istream = new ByteArrayInputStream(data);
int availableBytes = istream.available();
// Load the source image from a Stream.
SeekableStream st = new MemoryCacheSeekableStream(istream);
st.read(new byte[availableBytes], 0, availableBytes);
RenderedImage im = JAI.create("stream", st);
if( (im.getWidth() <= 0 || im.getHeight() <= 0)){
System.out.println("Something wrong..");
return;
}
System.out.println("Okay..");
}
public static byte[] loadFile(String name) throws IOException
{
File f= new File(name);
byte[] result = new byte[(int) f.length()];
FileInputStream is = new FileInputStream(f);
is.read(result);
is.close();
return result;
}
}
//// Output:
sr-egmp03-07(5.9)$ cat ./go
export JAI_HOME=/home/kevinwa/javastuff/jai-1_1_2/lib
export CLASSPATH=$JAI_HOME/jai_core.jar:$JAI_HOME/jai_codec.jar:$JAI_HOME/mlibwrapper_jai.jar:$CLASSPATH
export LD_LIBRARY_PATH=$JAI_HOME:$CLASSPATH:$LD_LIBRARY_PATH
java JAICrashTest 00000005.jpg
sr-egmp03-07(5.9)$ ./go
Unexpected Signal : 11 occurred at PC=0xFEDB24BC
Function=[Unknown. Nearest: JVM_IsSameClassPackage+0x7050]
Library=/net/cafebabe.uk/export/apps/products/java/jdk/prodn/j2sdk1.4.2_03/jre/lib/sparc/client/libjvm.so
Current Java thread:
at sun.awt.image.codec.JPEGImageDecoderImpl.readJPEGStream(Native Method)
- locked <0xf19a1268> (a sun.awt.image.codec.JPEGImageDecoderImpl)
at sun.awt.image.codec.JPEGImageDecoderImpl.decodeAsBufferedImage(JPEGImageDecoderImpl.java:210)
- locked <0xf19a1268> (a sun.awt.image.codec.JPEGImageDecoderImpl)
at com.sun.media.jai.codecimpl.JPEGImage.<init>(JPEGImageDecoder.java:114)
- locked <0xf19a0770> (a java.lang.Object)
at com.sun.media.jai.codecimpl.JPEGImageDecoder.decodeAsRenderedImage(JPEGImageDecoder.java:53)
at com.sun.media.jai.opimage.CodecRIFUtil.create(CodecRIFUtil.java:96)
at com.sun.media.jai.opimage.JPEGRIF.create(JPEGRIF.java:52)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at javax.media.jai.FactoryCache.invoke(FactoryCache.java:130)
at javax.media.jai.OperationRegistry.invokeFactory(OperationRegistry.java:1682)
at javax.media.jai.ThreadSafeOperationRegistry.invokeFactory(ThreadSafeOperationRegistry.java:481)
at javax.media.jai.registry.RIFRegistry.create(RIFRegistry.java:340)
at com.sun.media.jai.opimage.StreamRIF.create(StreamRIF.java:110)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at javax.media.jai.FactoryCache.invoke(FactoryCache.java:130)
at javax.media.jai.OperationRegistry.invokeFactory(OperationRegistry.java:1682)
at javax.media.jai.ThreadSafeOperationRegistry.invokeFactory(ThreadSafeOperationRegistry.java:481)
at javax.media.jai.registry.RIFRegistry.create(RIFRegistry.java:340)
at javax.media.jai.RenderedOp.createInstance(RenderedOp.java:830)
- locked <0xf191c870> (a javax.media.jai.RenderedOp)
at javax.media.jai.RenderedOp.createRendering(RenderedOp.java:878)
- locked <0xf191c870> (a javax.media.jai.RenderedOp)
at javax.media.jai.RenderedOp.getWidth(RenderedOp.java:2190)
at JAICrashTest.main(JAICrashTest.java:27)
Dynamic libraries:
0x10000 java
0xff380000 /usr/lib/libthread.so.1
0xff3b0000 /usr/lib/libdl.so.1
0xff280000 /usr/lib/libc.so.1
0xff350000 /usr/platform/SUNW,Ultra-Enterprise/lib/libc_psr.so.1
0xfec00000 /net/cafebabe.uk/export/apps/products/java/jdk/prodn/j2sdk1.4.2_03/jre/lib/sparc/client/libjvm.so
0xff230000 /usr/lib/libCrun.so.1
0xff210000 /usr/lib/libsocket.so.1
0xff100000 /usr/lib/libnsl.so.1
0xff0b0000 /usr/lib/libm.so.1
0xff1e0000 /usr/lib/libsched.so.1
0xff260000 /usr/lib/libw.so.1
0xff090000 /usr/lib/libmp.so.2
0xff070000 /usr/lib/librt.so.1
0xff050000 /usr/lib/libaio.so.1
0xff030000 /usr/lib/libmd5.so.1
0xfebe0000 /usr/platform/SUNW,Ultra-Enterprise/lib/libmd5_psr.so.1
0xfeba0000 /net/cafebabe.uk/export/apps/products/java/jdk/prodn/j2sdk1.4.2_03/jre/lib/sparc/native_threads/libhpi.so
0xfeb60000 /net/cafebabe.uk/export/apps/products/java/jdk/prodn/j2sdk1.4.2_03/jre/lib/sparc/libverify.so
0xfeb20000 /net/cafebabe.uk/export/apps/products/java/jdk/prodn/j2sdk1.4.2_03/jre/lib/sparc/libjava.so
0xfeaf0000 /net/cafebabe.uk/export/apps/products/java/jdk/prodn/j2sdk1.4.2_03/jre/lib/sparc/libzip.so
0xf1700000 /net/cafebabe.uk/export/apps/products/java/jdk/prodn/j2sdk1.4.2_03/jre/lib/sparc/libawt.so
0xfc580000 /net/cafebabe.uk/export/apps/products/java/jdk/prodn/j2sdk1.4.2_03/jre/lib/sparc/libmlib_image.so
0xfe290000 /net/cafebabe.uk/export/apps/products/java/jdk/prodn/j2sdk1.4.2_03/jre/lib/sparc/motif21/libmawt.so
0xf1480000 /usr/dt/lib/libXm.so.4
0xfc790000 /usr/openwin/lib/libXt.so.4
0xfe1d0000 /usr/openwin/lib/libXext.so.0
0xfe1b0000 /usr/openwin/lib/libXtst.so.1
0xf1380000 /usr/openwin/lib/libX11.so.4
0xfc6a0000 /usr/openwin/lib/libdps.so.5
0xfbfe0000 /usr/openwin/lib/libSM.so.6
0xfbfb0000 /usr/openwin/lib/libICE.so.6
0xfbeb0000 /net/cafebabe.uk/export/apps/products/java/jdk/prodn/j2sdk1.4.2_03/jre/lib/sparc/libcmm.so
0xfbdb0000 /net/cafebabe.uk/export/apps/products/java/jdk/prodn/j2sdk1.4.2_03/jre/lib/sparc/libjpeg.so
Heap at VM Abort:
Heap
def new generation total 2112K, used 1797K [0xf1800000, 0xf1a20000, 0xf1f10000)
eden space 2048K, 84% used [0xf1800000, 0xf19b16c0, 0xf1a00000)
from space 64K, 100% used [0xf1a00000, 0xf1a10000, 0xf1a10000)
to space 64K, 0% used [0xf1a10000, 0xf1a10000, 0xf1a20000)
tenured generation total 1408K, used 485K [0xf1f10000, 0xf2070000, 0xf5800000)
the space 1408K, 34% used [0xf1f10000, 0xf1f895a8, 0xf1f89600, 0xf2070000)
compacting perm gen total 4096K, used 3317K [0xf5800000, 0xf5c00000, 0xf9800000)
the space 4096K, 81% used [0xf5800000, 0xf5b3d790, 0xf5b3d800, 0xf5c00000)
Local Time = Mon Jan 19 11:05:20 2004
Elapsed Time = 8
#
# HotSpot Virtual Machine Error : 11
# Error ID : 4F530E43505002EF 01
# Please report this error at
# http://java.sun.com/cgi-bin/bugreport.cgi
#
# Java VM: Java HotSpot(TM) Client VM (1.4.2_03-b02 mixed mode)
#
# An error report file has been saved as hs_err_pid62954.log.
# Please refer to the file for further information.
#
./go[4]: 62954 Abort
sr-egmp03-07(5.9)$
Testcase .java and .class file are attached, with sample bad JPG.
Customer has provided addtional stack traces, attached.
- relates to
-
JDK-4836529 Reading corrupted JPEG cause VM crash
-
- Resolved
-