P2
A Java applet is loaded into the Microsoft Internet Explorer. It starts a StarOffice (version 8 beta, milestone 85) and communicates with it through a pipe. The java code uses native methods to do this. These are contained in the jpipe.dll.
In order to reproduce this, you need to install a StarOffice and load the the applet.html into the Internet Explorer. After installing StarOffice, start it and walk through the wizard to set it up properly (migration, registration, etc.).Make sure you are using a Java 1.4.2_06.
When the applet is loaded, that is there are a text field and a couple of buttons displayed, then reload the page several times. The access violation usually occurrs after the second reload.
With 1.4.2_07 this crash happend occasionally but with 1.5 it never occurred.
The stack did not show any useful information, since the jvm did not contain debug information. Even when using the „debug build“, the plugin library always loads the release version of the jvm.
I verified that the crash did not happen in the native methods. That is, I stepped through the assembler code after the native function returned. The debugger gave me this information for the access violation:
FAULTING_IP:
jvm+74027
08074027 ff30 push dword ptr [eax]
EXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff)
ExceptionAddress: 08074027 (jvm+0x00074027)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000000
Attempt to read from address 00000000
FAULTING_THREAD: 00000bb4
DEFAULT_BUCKET_ID: APPLICATION_FAULT
PROCESS_NAME: IExplorer.EXE
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
READ_ADDRESS: 00000000
BUGCHECK_STR: ACCESS_VIOLATION
THREAD_ATTRIBUTES:
LAST_CONTROL_TRANSFER: from 06622c5c to 08074027
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
065ffb38 06622c5c 02aa0cd8 00000000 0662790c jvm+0x74027
065ffb6c 02e09ffd 02aa0cd8 065ffbb8 065ffbb4 jpipe!Java_com_sun_star_lib_connections_pipe_PipeConnection_readJNI+0x1fc [d:\nfs-share\src85\jurt\source\pipe\com_sun_star_lib_connections_pipe_pipeconnection.c @ 415]
065ffba0 02e02eff 00000000 02e07529 00000001 0x2e09ffd
065ffbd8 02e03205 00000001 10ba4bf0 10ba2090 0x2e02eff
065ffc08 02e02eff 00000000 00000000 10ba20b0 0x2e03205
065ffc38 02e03205 00000000 00000000 00000000 0x2e02eff
065ffc70 02e02f2a 00000000 00000000 00000000 0x2e03205
065ffca8 02e03230 00000000 10011ef8 00000000 0x2e02f2a
065ffce8 02e02f2a 00000000 00000000 00000000 0x2e03230
065ffd3c 02e001ae 00000000 10b9b880 16856158 0x2e02f2a
065ffd58 08071309 065ffd8c 065fff38 0000000a 0x2e001ae
065ffdd8 080ac21e 0000000a 00000000 065ffe90 jvm+0x71309
065ffe1c 08071216 0807121b 065fff30 065ffe44 jvm!JVM_FindSignal+0x1eeba
065ffe38 08070f12 065fff30 058d95fc 065ffe90 jvm+0x71216
065ffe70 08070f4b 065fff30 058d95ec 08123e10 jvm+0x70f12
065ffeec 08089d3a 065fff30 058d95e8 058d95ec jvm+0x70f4b
065fff40 080cff57 02aa0c40 02aa0c40 02aa0c40 jvm!JVM_StartThread+0x191
065fff6c 080cff25 02aa0c40 080aa59c 02aa0f40 jvm!JVM_RegisterPerfMethods+0x210bd
065fff80 77c3a3b0 02aa0c40 0690ef18 02e02f2a jvm!JVM_RegisterPerfMethods+0x2108b
065fffb4 7c80b50b 02aa0ea0 0690ef18 02e02f2a msvcrt!_endthreadex+0xa9
065fffec 00000000 77c3a341 02aa0ea0 00000000 kernel32!BaseThreadStart+0x37
FOLLOWUP_IP:
jvm+74027
08074027 ff30 push dword ptr [eax]
SYMBOL_STACK_INDEX: 0
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: jvm+74027
MODULE_NAME: jvm
IMAGE_NAME: jvm.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 415a1b65
STACK_COMMAND: ~30s ; kb
FAILURE_BUCKET_ID: ACCESS_VIOLATION_jvm+74027
BUCKET_ID: ACCESS_VIOLATION_jvm+74027
Followup: MachineOwner
###@###.### 2005-04-01 13:10:46 GMT
###@###.### 2005-04-01 16:26:27 GMT
In order to reproduce this, you need to install a StarOffice and load the the applet.html into the Internet Explorer. After installing StarOffice, start it and walk through the wizard to set it up properly (migration, registration, etc.).Make sure you are using a Java 1.4.2_06.
When the applet is loaded, that is there are a text field and a couple of buttons displayed, then reload the page several times. The access violation usually occurrs after the second reload.
With 1.4.2_07 this crash happend occasionally but with 1.5 it never occurred.
The stack did not show any useful information, since the jvm did not contain debug information. Even when using the „debug build“, the plugin library always loads the release version of the jvm.
I verified that the crash did not happen in the native methods. That is, I stepped through the assembler code after the native function returned. The debugger gave me this information for the access violation:
FAULTING_IP:
jvm+74027
08074027 ff30 push dword ptr [eax]
EXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff)
ExceptionAddress: 08074027 (jvm+0x00074027)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000000
Attempt to read from address 00000000
FAULTING_THREAD: 00000bb4
DEFAULT_BUCKET_ID: APPLICATION_FAULT
PROCESS_NAME: IExplorer.EXE
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
READ_ADDRESS: 00000000
BUGCHECK_STR: ACCESS_VIOLATION
THREAD_ATTRIBUTES:
LAST_CONTROL_TRANSFER: from 06622c5c to 08074027
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
065ffb38 06622c5c 02aa0cd8 00000000 0662790c jvm+0x74027
065ffb6c 02e09ffd 02aa0cd8 065ffbb8 065ffbb4 jpipe!Java_com_sun_star_lib_connections_pipe_PipeConnection_readJNI+0x1fc [d:\nfs-share\src85\jurt\source\pipe\com_sun_star_lib_connections_pipe_pipeconnection.c @ 415]
065ffba0 02e02eff 00000000 02e07529 00000001 0x2e09ffd
065ffbd8 02e03205 00000001 10ba4bf0 10ba2090 0x2e02eff
065ffc08 02e02eff 00000000 00000000 10ba20b0 0x2e03205
065ffc38 02e03205 00000000 00000000 00000000 0x2e02eff
065ffc70 02e02f2a 00000000 00000000 00000000 0x2e03205
065ffca8 02e03230 00000000 10011ef8 00000000 0x2e02f2a
065ffce8 02e02f2a 00000000 00000000 00000000 0x2e03230
065ffd3c 02e001ae 00000000 10b9b880 16856158 0x2e02f2a
065ffd58 08071309 065ffd8c 065fff38 0000000a 0x2e001ae
065ffdd8 080ac21e 0000000a 00000000 065ffe90 jvm+0x71309
065ffe1c 08071216 0807121b 065fff30 065ffe44 jvm!JVM_FindSignal+0x1eeba
065ffe38 08070f12 065fff30 058d95fc 065ffe90 jvm+0x71216
065ffe70 08070f4b 065fff30 058d95ec 08123e10 jvm+0x70f12
065ffeec 08089d3a 065fff30 058d95e8 058d95ec jvm+0x70f4b
065fff40 080cff57 02aa0c40 02aa0c40 02aa0c40 jvm!JVM_StartThread+0x191
065fff6c 080cff25 02aa0c40 080aa59c 02aa0f40 jvm!JVM_RegisterPerfMethods+0x210bd
065fff80 77c3a3b0 02aa0c40 0690ef18 02e02f2a jvm!JVM_RegisterPerfMethods+0x2108b
065fffb4 7c80b50b 02aa0ea0 0690ef18 02e02f2a msvcrt!_endthreadex+0xa9
065fffec 00000000 77c3a341 02aa0ea0 00000000 kernel32!BaseThreadStart+0x37
FOLLOWUP_IP:
jvm+74027
08074027 ff30 push dword ptr [eax]
SYMBOL_STACK_INDEX: 0
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: jvm+74027
MODULE_NAME: jvm
IMAGE_NAME: jvm.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 415a1b65
STACK_COMMAND: ~30s ; kb
FAILURE_BUCKET_ID: ACCESS_VIOLATION_jvm+74027
BUCKET_ID: ACCESS_VIOLATION_jvm+74027
Followup: MachineOwner
###@###.### 2005-04-01 13:10:46 GMT
###@###.### 2005-04-01 16:26:27 GMT