Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6669444

Firefox crashes when doing a typeof=="object" check on an object

    XMLWordPrintable

Details

    • b08
    • b21
    • x86
    • windows_xp
    • Verified

    Description

      FULL PRODUCT VERSION :
      java version "1.6.0_10-ea"
      Java(TM) SE Runtime Environment (build 1.6.0_10-ea-b11)
      Java HotSpot(TM) Client VM (build 11.0-b11, mixed mode, sharing)

      ADDITIONAL OS VERSION INFORMATION :
      Microsoft Windows XP [Version 5.1.2600]

      EXTRA RELEVANT SYSTEM CONFIGURATION :
      Current Firefox trunk version or SeaMonkey trunk version

      A DESCRIPTION OF THE PROBLEM :
      With the following test case Firefox crashes. I believe the new Java plugin is to blame here:
      <?xml version="1.0"?>
      <?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
      <window
          orient="horizontal"
          xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">

      <script>
      var jsenv = new Object();
      jsenv.HAS_JAVA = (typeof java == "object");
      </script>
      </window>

      If I execute this JS code within a normal HTML document, it does not crash. Within a XUL document it crashes.

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      1. Save the test case as javacrash.xul (the .xul extension is important here)
      2. Open the test case in a current Firefox trunk build or beta version
      3. Watch it crash

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      Not crash.
      ACTUAL -
      It crashes ;-).

      ERROR MESSAGES/STACK TRACES THAT OCCUR :
      Stacktrace from WinDBG:
      WARNING: Stack unwind information not available. Following frames may be wrong.
      0012e2f0 6da32c53 npjp2!NP_GetEntryPoints+0x33d
      0012e32c 6da31ee2 npjp2!Java_sun_plugin2_main_server_MozillaBrowserService_getBrowserAuthentication+0x1b9
      *** WARNING: Unable to verify checksum for F:\mozilla\tree-cvsmo\mozilla\objsuite-debug\dist\bin\components\gkplugin.dll
      0012e34c 025333a6 npjp2!NP_Shutdown+0x4b
      0012e414 0253288a gkplugin!ns4xPluginInstance::InitializePlugin(class nsIPluginInstancePeer * peer = 0x0614e670)+0x446 [f:\mozilla\tree-cvsmo\mozilla\modules\plugin\base\src\ns4xplugininstance.cpp @ 1096]
      0012e420 025462ad gkplugin!ns4xPluginInstance::Initialize(class nsIPluginInstancePeer * peer = 0x0614e670)+0x3a [f:\mozilla\tree-cvsmo\mozilla\modules\plugin\base\src\ns4xplugininstance.cpp @ 869]
      0012e82c 0254571a gkplugin!nsPluginHostImpl::TrySetUpPluginInstance(char * aMimeType = 0x02584b9c "application/x-java-vm", class nsIURI * aURL = 0x00000000, class nsIPluginInstanceOwner * aOwner = 0x042c8e78)+0x99d [f:\mozilla\tree-cvsmo\mozilla\modules\plugin\base\src\nspluginhostimpl.cpp @ 4076]
      0012e884 025545df gkplugin!nsPluginHostImpl::SetUpPluginInstance(char * aMimeType = 0x02584b9c "application/x-java-vm", class nsIURI * aURL = 0x00000000, class nsIPluginInstanceOwner * aOwner = 0x042c8e78)+0x4a [f:\mozilla\tree-cvsmo\mozilla\modules\plugin\base\src\nspluginhostimpl.cpp @ 3880]
      *** WARNING: Unable to verify checksum for F:\mozilla\tree-cvsmo\mozilla\objsuite-debug\dist\bin\components\gklayout.dll
      0012e8e0 01cea0cc gkplugin!nsPluginHostImpl::InstantiateDummyJavaPlugin(class nsIPluginInstanceOwner * aOwner = 0x042c8e78)+0x6f [f:\mozilla\tree-cvsmo\mozilla\modules\plugin\base\src\nspluginhostimpl.cpp @ 6888]
      0012e948 01cc8d15 gklayout!nsGlobalWindow::InitJavaProperties(void)+0x11c [f:\mozilla\tree-cvsmo\mozilla\dom\src\base\nsglobalwindow.cpp @ 5589]
      *** WARNING: Unable to verify checksum for F:\mozilla\tree-cvsmo\mozilla\objsuite-debug\dist\bin\components\xpc3250.dll
      0012eba0 03ba62a4 gklayout!nsWindowSH::NewResolve(class nsIXPConnectWrappedNative * wrapper = 0x00dc3e58, struct JSContext * cx = 0x054258f8, struct JSObject * obj = 0x06bb1200, long id = 74776644, unsigned int flags = 4, struct JSObject ** objp = 0x0012ecc8, int * _retval = 0x0012ec24)+0x18f5 [f:\mozilla\tree-cvsmo\mozilla\dom\src\base\nsdomclassinfo.cpp @ 6139]
      *** WARNING: Unable to verify checksum for F:\mozilla\tree-cvsmo\mozilla\objsuite-debug\dist\bin\js3250.dll
      0012ecd0 00504c79 xpc3250!XPC_WN_Helper_NewResolve(struct JSContext * cx = 0x054258f8, struct JSObject * obj = 0x06bb1200, long idval = 74776644, unsigned int flags = 4, struct JSObject ** objp = 0x0012ed3c)+0x264 [f:\mozilla\tree-cvsmo\mozilla\js\src\xpconnect\src\xpcwrappednativejsops.cpp @ 1068]
      0012ed48 0050552b js3250!js_LookupPropertyWithFlags(struct JSContext * cx = 0x054258f8, struct JSObject * obj = 0x06bb1200, long id = 74776644, unsigned int flags = 4, struct JSObject ** objp = 0x0012ed7c, struct JSProperty ** propp = 0x0012ed6c)+0x389 [f:\mozilla\tree-cvsmo\mozilla\js\src\jsobj.c @ 3291]
      0012ed88 004e4874 js3250!js_FindPropertyHelper(struct JSContext * cx = 0x054258f8, long id = 74776644, struct JSObject ** objp = 0x0012f324, struct JSObject ** pobjp = 0x0012f3a8, struct JSProperty ** propp = 0x0012f310, struct JSPropCacheEntry ** entryp = 0x0012f148)+0x5b [f:\mozilla\tree-cvsmo\mozilla\js\src\jsobj.c @ 3405]
      0012f3ec 004d435c js3250!js_Interpret(struct JSContext * cx = 0x054258f8, unsigned char * pc = 0x042c737b ";", long * result = 0x0012f424)+0xf774 [f:\mozilla\tree-cvsmo\mozilla\js\src\jsinterp.c @ 4748]
      0012f488 0048c167 js3250!js_Execute(struct JSContext * cx = 0x054258f8, struct JSObject * chain = 0x06bb1200, struct JSScript * script = 0x042c7320, struct JSStackFrame * down = 0x00000000, unsigned int flags = 0, long * result = 0x0012f4e8)+0x29c [f:\mozilla\tree-cvsmo\mozilla\js\src\jsinterp.c @ 1649]
      0012f4ac 01d01934 js3250!JS_ExecuteScript(struct JSContext * cx = 0x054258f8, struct JSObject * obj = 0x06bb1200, struct JSScript * script = 0x042c7320, long * rval = 0x0012f4e8)+0x57 [f:\mozilla\tree-cvsmo\mozilla\js\src\jsapi.c @ 4823]
      0012f500 01c9698f gklayout!nsJSContext::ExecuteScript(void * aScriptObject = 0x06d432a0, void * aScopeObject = 0x06bb1200, class nsAString_internal * aRetValue = 0x00000000, int * aIsUndefined = 0x00000000)+0x134 [f:\mozilla\tree-cvsmo\mozilla\dom\src\base\nsjsenvironment.cpp @ 1666]
      0012f528 01c96b62 gklayout!nsXULDocument::ExecuteScript(class nsIScriptContext * aContext = 0x053fcce8, void * aScriptObject = 0x06d432a0)+0xcf [f:\mozilla\tree-cvsmo\mozilla\content\xul\document\src\nsxuldocument.cpp @ 3436]
      0012f560 01c9520b gklayout!nsXULDocument::ExecuteScript(class nsXULPrototypeScript * aScript = 0x06127b10)+0x1c2 [f:\mozilla\tree-cvsmo\mozilla\content\xul\document\src\nsxuldocument.cpp @ 3459]
      0012f640 01c8e8f6 gklayout!nsXULDocument::ResumeWalk(void)+0x56b [f:\mozilla\tree-cvsmo\mozilla\content\xul\document\src\nsxuldocument.cpp @ 2912]

      The log folder from the Java plugin was empty (I enabled logging before).

      REPRODUCIBILITY :
      This bug can be reproduced always.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. JDK-6675834 (Nightly) : Some of the Liveconnect scenarios are making browser to hang when run with new Plug-in

          • P2 - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              kbr Kenneth Russell (Inactive)
              ryeung Roger Yeung (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                Imported:
                Indexed: