[Webkit-unassigned] [Bug 72742] New: OS X Java update 1.6.0_29 reproducibly crashes Cocoa Webview applications that encounter any Java applet

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Nov 18 11:07:06 PST 2011 

https://bugs.webkit.org/show_bug.cgi?id=72742

           Summary: OS X Java update 1.6.0_29 reproducibly crashes Cocoa
                    Webview applications that encounter any Java applet
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh
        OS/Version: Mac OS X 10.7
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: Java
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: mkm at ipa.net


After applying OS X Java update 1.6.0_29 on OS X 10.6 or OS X 10.7 systems running Safari 5.1, applications that use the Cocoa Webview and link against the version of Webkit provided by the system will crash if the Webview attempts to execute any Java applet.  The problem affects Firefox 8 as well (see http://support.mozilla.com/en-US/questions/895216), but does not affect Safari 5.1.  The problem appears to be with the interaction between the browser code and the updated Java plugin.

An excerpt from a typical crash report looks like this:

...
Code Type:       X86 (Native)
Parent Process:  launchd [237]
...
Date/Time:       2011-11-18 12:48:40.577 -0600
OS Version:      Mac OS X 10.6.8 (10K549)
...
Exception Type:  EXC_BREAKPOINT (SIGTRAP)
Exception Codes: 0x0000000000000002, 0x0000000000000000
Crashed Thread:  0  Java: AWT-AppKit  Dispatch queue: com.apple.main-thread
...
Thread 0 Crashed:  Java: AWT-AppKit  Dispatch queue: com.apple.main-thread
0   com.apple.CoreFoundation          0x91114ee4 CFRelease + 196
1   ...pple.java.JavaPlugin2_NPAPI    0x154ab2a9 MozPluginInstance::pdDelete() + 77
2   ...pple.java.JavaPlugin2_NPAPI    0x154a754d MozPluginInstance::~MozPluginInstance() + 47
3   ...pple.java.JavaPlugin2_NPAPI    0x154a6d71 NPP_Destroy + 32
4   com.apple.WebKit                  0x99252c55 -[WebNetscapePluginDocumentView(Internal) _destroyPlugin] + 101
5   com.apple.WebKit                  0x9925770d -[WebNetscapePluginDocumentView destroyPlugin] + 445
6   com.apple.Foundation              0x956d5e5c _nsnote_callback + 345
7   com.apple.CoreFoundation          0x91163763 __CFXNotificationPost + 947
8   com.apple.CoreFoundation          0x9116316a _CFXNotificationPostNotification + 186
9   com.apple.Foundation              0x956cac50 -[NSNotificationCenter postNotificationName:object:userInfo:] + 128
10  com.apple.Foundation              0x956d805d -[NSNotificationCenter postNotificationName:object:] + 56
11  com.apple.AppKit                  0x9254b112 -[NSWindow _close] + 239
12  com.apple.AppKit                  0x9256cfc2 -[NSWindow __close] + 241
13  com.apple.AppKit                  0x9256cec1 -[NSWindow _close:] + 171
14  com.apple.AppKit                  0x92379a26 -[NSApplication sendAction:to:from:] + 112
15  com.apple.AppKit                  0x92459255 -[NSControl sendAction:to:] + 108
16  com.apple.AppKit                  0x92454d02 -[NSCell _sendActionFrom:] + 169
17  com.apple.AppKit                  0x92453ff9 -[NSCell trackMouse:inRect:ofView:untilMouseUp:] + 1808
18  com.apple.AppKit                  0x924a96ed -[NSButtonCell trackMouse:inRect:ofView:untilMouseUp:] + 524
19  com.apple.AppKit                  0x92452a4f -[NSControl mouseDown:] + 812
20  com.apple.AppKit                  0x924a920f -[_NSThemeWidget mouseDown:] + 104
21  com.apple.AppKit                  0x92450a58 -[NSWindow sendEvent:] + 5549
22  com.Respondus.LockDownBrowser     0x00046780 -[LDBDocWindow sendEvent:] + 336
23  com.apple.AppKit                  0x9236960b -[NSApplication sendEvent:] + 6431
24  com.apple.AppKit                  0x922fd253 -[NSApplication run] + 917
25  com.apple.AppKit                  0x922f5289 NSApplicationMain + 574
26  com.Respondus.LockDownBrowser     0x0001630f main + 30
27  com.Respondus.LockDownBrowser     0x00002ce2 _start + 216
28  com.Respondus.LockDownBrowser     0x00002c09 start + 41
...
Thread 0 crashed with X86 Thread State (32-bit):
  eax: 0x00000000  ebx: 0x91114e2d  ecx: 0x001d77f0  edx: 0x00000000
  edi: 0x1501b540  esi: 0x00000000  ebp: 0xbfffeeb8  esp: 0xbfffeea0
   ss: 0x0000001f  efl: 0x00000246  eip: 0x91114ee4   cs: 0x00000017
   ds: 0x0000001f   es: 0x0000001f   fs: 0x00000000   gs: 0x00000037
  cr2: 0x155035dc
...
Binary Images:
0x154a4000 - 0x154afff7  com.apple.java.JavaPlugin2_NPAPI 13.6.0 (13.6.0) <2E5BA23B-1B4D-5B5C-1320-2BD29B58EECF> /System/Library/Java/Support/Deploy.bundle/Contents/Resources/JavaPlugin2_NPAPI.plugin/Contents/MacOS/JavaPlugin2_NPAPI
0x154b9000 - 0x154c2ff7  com.apple.java.JavaRuntimeSupport 13.6.0 (13.6.0) <CDCAEF11-3990-70E5-F966-5CCBB5ADB638> /System/Library/Frameworks/JavaVM.framework/Versions/A/Frameworks/JavaRuntimeSupport.framework/Versions/A/JavaRuntimeSupport
...

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list