Details
-
Bug
-
Resolution: Fixed
-
P2
-
18
-
b21
-
os_x
-
Not verified
Backports
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8277768 | 17.0.3-oracle | Anton Tarasov | P2 | Resolved | Fixed | b01 |
| JDK-8277717 | 17.0.2 | Anton Tarasov | P2 | Closed | Fixed | b06 |
| JDK-8287656 | 11.0.17-oracle | Dmitry Markov | P2 | Closed | Fixed | b01 |
| JDK-8288265 | 8u351 | Dmitry Markov | P2 | Closed | Fixed | b01 |
Description
In the method:
+[CommonComponentAccessibility getCAccessible:withEnv:]
the code can crash:
if ((*env)->IsInstanceOf(env, jaccessible, sjc_CAccessible)) {
because jaccessible is a weak ref and i is not checked for validity here.
Below I'm listing a dump that we get from the JetBrains OpenJDK fork (where it has been fixed). The problem is reproduced rarely however it is quite clear from the code:
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libsystem_kernel.dylib 0x00007fff202f3462 __pthread_kill + 10
1 libsystem_pthread.dylib 0x00007fff20321610 pthread_kill + 263
2 libsystem_c.dylib 0x00007fff20274720 abort + 120
3 libjvm.dylib 0x0000000113646920 os::abort(bool, void*, void const*) + 22 (os_bsd.cpp:1094)
4 libjvm.dylib 0x000000011378a042 VMError::report_and_die(int, char const*, char const*, __va_list_tag*, Thread*, unsigned char*, void*, void*, char const*, int, unsigned long) + 2896 (vmError.cpp:1613)
5 libjvm.dylib 0x00000001137894ce VMError::report_and_die(Thread*, unsigned int, unsigned char*, void*, void*, char const*, ...) + 148 (vmError.cpp:1274)
6 libjvm.dylib 0x000000011378a117 VMError::report_and_die(Thread*, unsigned int, unsigned char*, void*, void*) + 33 (vmError.cpp:1280)
7 libjvm.dylib 0x000000011364a730 JVM_handle_bsd_signal + 543 (os_bsd_x86.cpp:803)
8 libjvm.dylib 0x00000001136483c8 signalHandler(int, __siginfo*, void*) + 45 (os_bsd.cpp:2854)
9 libsystem_platform.dylib 0x00007fff20365d7d _sigtramp + 29
10 ??? 0x00000001b6dd1858 0 + 7362910296
11 libawt_lwawt.dylib 0x000000013dcf0019 +[JavaComponentAccessibility getCAccessible:withEnv:] + 849 (JavaComponentAccessibility.m:269)
12 libawt_lwawt.dylib 0x000000013dcf1348 +[JavaComponentAccessibility createWithParent:accessible:role:index:withEnv:withView:isWrapped:] + 608 (JavaComponentAccessibility.m:385)
13 libawt_lwawt.dylib 0x000000013dcedd38 -[JavaCellAccessibility accessibilityChildren] + 185 (JavaCellAccessibility.m:18)
14 com.apple.AppKit 0x00007fff22cd865a -[NSAccessibilityAttributeAccessorInfo getAttributeValue:forObject:] + 58
15 com.apple.AppKit 0x00007fff2327807a ___NSAccessibilityEntryPointValueForAttribute_block_invoke.811 + 1691
16 com.apple.AppKit 0x00007fff23273ce3 NSAccessibilityPerformEntryPointObject + 16
17 com.apple.AppKit 0x00007fff22f33a26 _NSAccessibilityEntryPointValueForAttribute + 168
18 com.apple.AppKit 0x00007fff23069ab2 _NSAccessibilityChildrenInNavigationOrderAttributeValue + 40
19 com.apple.AppKit 0x00007fff22cd958a NSAccessibilityGetObjectValueForAttribute + 2724
20 com.apple.AppKit 0x00007fff22cd865a -[NSAccessibilityAttributeAccessorInfo getAttributeValue:forObject:] + 58
21 com.apple.AppKit 0x00007fff2327807a ___NSAccessibilityEntryPointValueForAttribute_block_invoke.811 + 1691
22 com.apple.AppKit 0x00007fff23273ce3 NSAccessibilityPerformEntryPointObject + 16
23 com.apple.AppKit 0x00007fff22f33a26 _NSAccessibilityEntryPointValueForAttribute + 168
24 com.apple.AppKit 0x00007fff2306bf05 -[NSObject(NSAccessibilityInternal) _accessibilityValueForAttribute:clientError:] + 341
25 com.apple.AppKit 0x00007fff23070eb6 CopyAppKitUIElementAttributeValueNoCatch + 98
26 com.apple.AppKit 0x00007fff2306de6b CopyAttributeValue + 142
27 com.apple.HIServices 0x00007fff256ada2b _AXXMIGCopyAttributeValue + 409
28 com.apple.HIServices 0x00007fff256cf82b _XCopyAttributeValue + 443
29 com.apple.HIServices 0x00007fff2568e704 mshMIGPerform + 174
30 com.apple.CoreFoundation 0x00007fff2041a188 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE1_PERFORM_FUNCTION__ + 41
31 com.apple.CoreFoundation 0x00007fff2041a065 __CFRunLoopDoSource1 + 595
32 com.apple.CoreFoundation 0x00007fff20418709 __CFRunLoopRun + 2402
33 com.apple.CoreFoundation 0x00007fff204176ce CFRunLoopRunSpecific + 563
34 com.apple.HIToolbox 0x00007fff2869c6d0 RunCurrentEventLoopInMode + 292
35 com.apple.HIToolbox 0x00007fff2869c4cc ReceiveNextEventCommon + 709
36 com.apple.HIToolbox 0x00007fff2869c1ef _BlockUntilNextEventMatchingListInModeWithFilter + 64
37 com.apple.AppKit 0x00007fff22c34de9 _DPSNextEvent + 883
38 com.apple.AppKit 0x00007fff22c335af -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1366
39 libosxapp.dylib 0x000000013e14e1ea -[NSApplicationAWT nextEventMatchingMask:untilDate:inMode:dequeue:] + 121 (NSApplicationAWT.m:385)
40 com.apple.AppKit 0x00007fff22c25b0a -[NSApplication run] + 586
41 libosxapp.dylib 0x000000013e14dfcf +[NSApplicationAWT runAWTLoopWithApp:] + 165 (NSApplicationAWT.m:343)
42 libawt_lwawt.dylib 0x000000013dd024c2 +[AWTStarter starter:headless:] + 496
43 libosxapp.dylib 0x000000013e14fd6c +[ThreadUtilities invokeBlockCopy:] + 15 (ThreadUtilities.m:98)
44 com.apple.Foundation 0x00007fff211c54d9 __NSThreadPerformPerform + 204
45 com.apple.CoreFoundation 0x00007fff20419a0c __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
46 com.apple.CoreFoundation 0x00007fff20419974 __CFRunLoopDoSource0 + 180
47 com.apple.CoreFoundation 0x00007fff204196ef __CFRunLoopDoSources0 + 248
48 com.apple.CoreFoundation 0x00007fff20418121 __CFRunLoopRun + 890
49 com.apple.CoreFoundation 0x00007fff204176ce CFRunLoopRunSpecific + 563
50 libjli.dylib 0x000000010a42e8a4 ParkEventLoop + 98 (java_md_macosx.c:323) [inlined]
51 libjli.dylib 0x000000010a42e8a4 MacOSXStartup + 178 (java_md_macosx.c:356) [inlined]
52 libjli.dylib 0x000000010a42e8a4 CreateExecutionEnvironment + 381 (java_md_macosx.c:403)
53 libjli.dylib 0x000000010a42acab JLI_Launch + 1287 (java.c:276)
54 java 0x000000010a419f64 main + 372 (main.c:206)
55 libdyld.dylib 0x00007fff2033c621 start + 1
+[CommonComponentAccessibility getCAccessible:withEnv:]
the code can crash:
if ((*env)->IsInstanceOf(env, jaccessible, sjc_CAccessible)) {
because jaccessible is a weak ref and i is not checked for validity here.
Below I'm listing a dump that we get from the JetBrains OpenJDK fork (where it has been fixed). The problem is reproduced rarely however it is quite clear from the code:
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libsystem_kernel.dylib 0x00007fff202f3462 __pthread_kill + 10
1 libsystem_pthread.dylib 0x00007fff20321610 pthread_kill + 263
2 libsystem_c.dylib 0x00007fff20274720 abort + 120
3 libjvm.dylib 0x0000000113646920 os::abort(bool, void*, void const*) + 22 (os_bsd.cpp:1094)
4 libjvm.dylib 0x000000011378a042 VMError::report_and_die(int, char const*, char const*, __va_list_tag*, Thread*, unsigned char*, void*, void*, char const*, int, unsigned long) + 2896 (vmError.cpp:1613)
5 libjvm.dylib 0x00000001137894ce VMError::report_and_die(Thread*, unsigned int, unsigned char*, void*, void*, char const*, ...) + 148 (vmError.cpp:1274)
6 libjvm.dylib 0x000000011378a117 VMError::report_and_die(Thread*, unsigned int, unsigned char*, void*, void*) + 33 (vmError.cpp:1280)
7 libjvm.dylib 0x000000011364a730 JVM_handle_bsd_signal + 543 (os_bsd_x86.cpp:803)
8 libjvm.dylib 0x00000001136483c8 signalHandler(int, __siginfo*, void*) + 45 (os_bsd.cpp:2854)
9 libsystem_platform.dylib 0x00007fff20365d7d _sigtramp + 29
10 ??? 0x00000001b6dd1858 0 + 7362910296
11 libawt_lwawt.dylib 0x000000013dcf0019 +[JavaComponentAccessibility getCAccessible:withEnv:] + 849 (JavaComponentAccessibility.m:269)
12 libawt_lwawt.dylib 0x000000013dcf1348 +[JavaComponentAccessibility createWithParent:accessible:role:index:withEnv:withView:isWrapped:] + 608 (JavaComponentAccessibility.m:385)
13 libawt_lwawt.dylib 0x000000013dcedd38 -[JavaCellAccessibility accessibilityChildren] + 185 (JavaCellAccessibility.m:18)
14 com.apple.AppKit 0x00007fff22cd865a -[NSAccessibilityAttributeAccessorInfo getAttributeValue:forObject:] + 58
15 com.apple.AppKit 0x00007fff2327807a ___NSAccessibilityEntryPointValueForAttribute_block_invoke.811 + 1691
16 com.apple.AppKit 0x00007fff23273ce3 NSAccessibilityPerformEntryPointObject + 16
17 com.apple.AppKit 0x00007fff22f33a26 _NSAccessibilityEntryPointValueForAttribute + 168
18 com.apple.AppKit 0x00007fff23069ab2 _NSAccessibilityChildrenInNavigationOrderAttributeValue + 40
19 com.apple.AppKit 0x00007fff22cd958a NSAccessibilityGetObjectValueForAttribute + 2724
20 com.apple.AppKit 0x00007fff22cd865a -[NSAccessibilityAttributeAccessorInfo getAttributeValue:forObject:] + 58
21 com.apple.AppKit 0x00007fff2327807a ___NSAccessibilityEntryPointValueForAttribute_block_invoke.811 + 1691
22 com.apple.AppKit 0x00007fff23273ce3 NSAccessibilityPerformEntryPointObject + 16
23 com.apple.AppKit 0x00007fff22f33a26 _NSAccessibilityEntryPointValueForAttribute + 168
24 com.apple.AppKit 0x00007fff2306bf05 -[NSObject(NSAccessibilityInternal) _accessibilityValueForAttribute:clientError:] + 341
25 com.apple.AppKit 0x00007fff23070eb6 CopyAppKitUIElementAttributeValueNoCatch + 98
26 com.apple.AppKit 0x00007fff2306de6b CopyAttributeValue + 142
27 com.apple.HIServices 0x00007fff256ada2b _AXXMIGCopyAttributeValue + 409
28 com.apple.HIServices 0x00007fff256cf82b _XCopyAttributeValue + 443
29 com.apple.HIServices 0x00007fff2568e704 mshMIGPerform + 174
30 com.apple.CoreFoundation 0x00007fff2041a188 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE1_PERFORM_FUNCTION__ + 41
31 com.apple.CoreFoundation 0x00007fff2041a065 __CFRunLoopDoSource1 + 595
32 com.apple.CoreFoundation 0x00007fff20418709 __CFRunLoopRun + 2402
33 com.apple.CoreFoundation 0x00007fff204176ce CFRunLoopRunSpecific + 563
34 com.apple.HIToolbox 0x00007fff2869c6d0 RunCurrentEventLoopInMode + 292
35 com.apple.HIToolbox 0x00007fff2869c4cc ReceiveNextEventCommon + 709
36 com.apple.HIToolbox 0x00007fff2869c1ef _BlockUntilNextEventMatchingListInModeWithFilter + 64
37 com.apple.AppKit 0x00007fff22c34de9 _DPSNextEvent + 883
38 com.apple.AppKit 0x00007fff22c335af -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1366
39 libosxapp.dylib 0x000000013e14e1ea -[NSApplicationAWT nextEventMatchingMask:untilDate:inMode:dequeue:] + 121 (NSApplicationAWT.m:385)
40 com.apple.AppKit 0x00007fff22c25b0a -[NSApplication run] + 586
41 libosxapp.dylib 0x000000013e14dfcf +[NSApplicationAWT runAWTLoopWithApp:] + 165 (NSApplicationAWT.m:343)
42 libawt_lwawt.dylib 0x000000013dd024c2 +[AWTStarter starter:headless:] + 496
43 libosxapp.dylib 0x000000013e14fd6c +[ThreadUtilities invokeBlockCopy:] + 15 (ThreadUtilities.m:98)
44 com.apple.Foundation 0x00007fff211c54d9 __NSThreadPerformPerform + 204
45 com.apple.CoreFoundation 0x00007fff20419a0c __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
46 com.apple.CoreFoundation 0x00007fff20419974 __CFRunLoopDoSource0 + 180
47 com.apple.CoreFoundation 0x00007fff204196ef __CFRunLoopDoSources0 + 248
48 com.apple.CoreFoundation 0x00007fff20418121 __CFRunLoopRun + 890
49 com.apple.CoreFoundation 0x00007fff204176ce CFRunLoopRunSpecific + 563
50 libjli.dylib 0x000000010a42e8a4 ParkEventLoop + 98 (java_md_macosx.c:323) [inlined]
51 libjli.dylib 0x000000010a42e8a4 MacOSXStartup + 178 (java_md_macosx.c:356) [inlined]
52 libjli.dylib 0x000000010a42e8a4 CreateExecutionEnvironment + 381 (java_md_macosx.c:403)
53 libjli.dylib 0x000000010a42acab JLI_Launch + 1287 (java.c:276)
54 java 0x000000010a419f64 main + 372 (main.c:206)
55 libdyld.dylib 0x00007fff2033c621 start + 1
Attachments
Issue Links
- backported by
-
JDK-8277768 crash in [CommonComponentAccessibility getCAccessible:withEnv:]
-
- Resolved
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
- links to
-
Commit
openjdk/jdk17u/f1d9e37a
-
Commit
openjdk/jdk/7c88a59b
-
Review
openjdk/jdk17u/299
-
Review
openjdk/jdk/6083
(3 links to)