Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-7174250

Calling JSObject.getMember(null) in an applet crashes the plugin and the browser

XMLWordPrintable

    • b44
    • x86
    • windows_7
    • Verified

        FULL PRODUCT VERSION :
        java version "1.7.0_04"
        Java(TM) SE Runtime Environment (build 1.7.0_04-b22)
        Java HotSpot(TM) Client VM (build 23.0-b21, mixed mode, sharing)

        Java(TM) Platform SE 7 U4 10.4.0.22

        ADDITIONAL OS VERSION INFORMATION :
        Windows 7 64-bit [Version 6.1.7601]

        EXTRA RELEVANT SYSTEM CONFIGURATION :
        Firefox 13.0 (32-bit)

        A DESCRIPTION OF THE PROBLEM :
        If an applet uses netscape.javascript.JSObject to interact with JavaScript/DOM objects in its host web page, but passes null to one of JSObject's methods where a property name is expected, the browser process will crash due to a null pointer dereference in jvm.dll.

        STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
        Load an applet that calls netscape.javascript.JSObject.getMember(String) with a null member name argument.

        EXPECTED VERSUS ACTUAL BEHAVIOR :
        EXPECTED -
        The method call gracefully returns null or throws an appropriate exception.
        ACTUAL -
        An access violation occurs in jvm.dll, terminating the browser process.

        REPRODUCIBILITY :
        This bug can be reproduced always.

        ---------- BEGIN SOURCE ----------
        public class CrashApplet extends java.applet.Applet {

            public void start() {
                netscape.javascript.JSObject.getWindow(this).getMember(null);
            }

        }
        ---------- END SOURCE ----------

        CUSTOMER SUBMITTED WORKAROUND :
        Null-check "name" arguments before passing them to JSObject.

              jmcglynn Joe Mcglynn (Inactive)
              webbuggrp Webbug Group
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved:
                Imported:
                Indexed: