[Webkit-unassigned] [Bug 12636] New: Incorrect JNI handling of arrays causes browser crash

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Feb 6 12:24:59 PST 2007 

http://bugs.webkit.org/show_bug.cgi?id=12636

           Summary: Incorrect JNI handling of arrays causes browser crash
           Product: WebKit
           Version: 420+ (nightly)
          Platform: Macintosh
        OS/Version: Mac OS X 10.4
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: dacarson at gmail.com


When I try to call a Java function that takes an array, the method signature is
not created corrected, resulting in a crash when invoking the JVM.

Java function:
public void arrayFunction(String [] array)

Correct JNI signature:
([Ljava/lang/String;)V

WebKit's generated signature:
(L[Ljava/lang/String;;)V

presently, jni_utility is handling an array like any other generic java object,
and thus wrapping it in a L<generic_object>;

GDB trace below:
Invalid memory access of location 00000000 eip=9b6833a9
Program received signal:  "EXC_BAD_ACCESS".
(gdb) where
#0  0x9b6833a9 in JVM_MonitorWait ()
#1  0x9b7072f9 in JVM_IsConstructorIx ()
#2  0x17434a46 in MethodSwizzle ()
#3  0x00521120 in KJS::Bindings::dispatchJNICall (targetAppletView=0x2116a80,
obj=0x1751043c, isStatic=false, returnType=void_type, methodID=0x0,
args=0x1712d7f0, result=@0xbfffedf8, exceptionDescription=@0xbfffedf4) at
/Users/dacarson/WebKit/JavaScriptCore/bindings/jni/jni_objc.mm:54
#4  0x00516737 in KJS::Bindings::JavaInstance::invokeMethod (this=0x21497f0,
exec=0xbffff130, methodList=@0x1712d7b0, args=@0xbfffef38) at
/Users/dacarson/WebKit/JavaScriptCore/bindings/jni/jni_instance.cpp:154
#5  0x0051729b in KJS::RuntimeMethod::callAsFunction (this=0x1712d780,
exec=0xbffff130, thisObj=0x170a8160, args=@0xbfffef38) at
/Users/dacarson/WebKit/JavaScriptCore/bindings/runtime_method.cpp:89
#6  0x004f8160 in KJS::JSObject::call (this=0x1712d780, exec=0xbffff130,
thisObj=0x170a8160, args=@0xbfffef38) at
/Users/dacarson/WebKit/JavaScriptCore/kjs/object.cpp:97
#7  0x004edfe7 in KJS::FunctionCallDotNode::evaluate (this=0x1713ad00,
exec=0xbffff130) at /Users/dacarson/WebKit/JavaScriptCore/kjs/nodes.cpp:780


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list