Java Solaris Communities Sun Store Join SDN My Profile Why Join?
» search tips 
Sun Developer Network
Developers Home > Products & Technologies > Java Technology > Community > Bug Database >
Join SDNWhy Join
 
Bug Database
Bug Detail
Quick Lists
Top 25 Bugs
Top 25 RFE's
Recently Closed Bugs
Printable Page Printable Page


Bug Database
Welcome
 
»  Login
»  Report a Bug
»  FAQs
  Bug Watch List:
» Watch this Bug
 Bug Votes:
 This bug is Closed.You cannot Vote for it.
Bug ID: 4904136
Votes 0
Synopsis [1.3.1_09]JVM crashes when big number is specified in fillRect()
Category java:classes_2d
Reported Against 1.3.1_09
Release Fixed 1.3.1_12
State 10-Fix Delivered, bug
Priority: 4-Low
Related Bugs
Submit Date 11-AUG-2003
Description 
JVM crashed when a big number is specified as one of arg. of fillRect() 
in 1.3.1_09.

The error messages is,

=== hs_err_pid1952.log =======>

An unexpected exception has been detected in native code outside the VM.
Unexpected Signal : EXCEPTION_ACCESS_VIOLATION occurred at PC=0x6d022cba
Function name=Java_sun_java2d_loops_IntDiscreteRenderer_devSetRect
Library=J:\java\jdk1.3.1_09\win32\jre\bin\awt.dll

Current Java thread:
        at sun.java2d.loops.IntDiscreteRenderer.devSetRect(Native Method)
        at sun.java2d.loops.ICRFillRectRasterContext.invoke(IntDiscreteRenderer.
java:256)
        at sun.awt.image.BufferedImageGraphics2D.fillRect(BufferedImageGraphics2
D.java:648)
        at sun.java2d.pipe.ValidatePipe.fillRect(ValidatePipe.java:37)
        at sun.java2d.SunGraphics2D.fillRect(SunGraphics2D.java:1555)
        at Test.paint(Test.java:27)
        at sun.awt.RepaintArea.paint(RepaintArea.java:293)
        at sun.awt.windows.WComponentPeer.handleEvent(WComponentPeer.java:191)
        at java.awt.Component.dispatchEventImpl(Component.java:2658)
        at java.awt.Container.dispatchEventImpl(Container.java:1208)
        at java.awt.Window.dispatchEventImpl(Window.java:923)
        at java.awt.Component.dispatchEvent(Component.java:2492)
        at java.awt.EventQueue.dispatchEvent(EventQueue.java:334)
        at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchTh
read.java:126)
        at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThre
ad.java:93)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:88)
        at java.awt.EventDispatchThread.run(EventDispatchThread.java:80)

Dynamic libraries:
0x00400000 - 0x00405000         J:\java\jdk1.3.1_09\win32\bin\java.exe
0x77F50000 - 0x77FE4000         F:\WINDOWS\System32\ntdll.dll
0x77E20000 - 0x77F43000         F:\WINDOWS\system32\kernel32.dll
0x77D80000 - 0x77E1B000         F:\WINDOWS\system32\ADVAPI32.dll
0x78000000 - 0x78086000         F:\WINDOWS\system32\RPCRT4.dll
0x77BC0000 - 0x77C13000         F:\WINDOWS\system32\MSVCRT.dll
0x6D420000 - 0x6D4F9000         J:\java\jdk1.3.1_09\win32\jre\bin\hotspot\jvm.dl
l
0x77CF0000 - 0x77D7B000         F:\WINDOWS\system32\USER32.dll
0x77C20000 - 0x77C60000         F:\WINDOWS\system32\GDI32.dll
0x76AF0000 - 0x76B1A000         F:\WINDOWS\System32\WINMM.dll
0x762E0000 - 0x762FC000         F:\WINDOWS\System32\IMM32.DLL
0x60740000 - 0x60748000         F:\WINDOWS\System32\LPK.DLL
0x72EF0000 - 0x72F4A000         F:\WINDOWS\System32\USP10.dll
0x6D220000 - 0x6D227000         J:\java\jdk1.3.1_09\win32\jre\bin\hpi.dll
0x6D3B0000 - 0x6D3BD000         J:\java\jdk1.3.1_09\win32\jre\bin\verify.dll
0x6D250000 - 0x6D268000         J:\java\jdk1.3.1_09\win32\jre\bin\java.dll
0x6D3C0000 - 0x6D3CD000         J:\java\jdk1.3.1_09\win32\jre\bin\zip.dll
0x6D020000 - 0x6D12B000         J:\java\jdk1.3.1_09\win32\jre\bin\awt.dll
0x72F50000 - 0x72F73000         F:\WINDOWS\System32\WINSPOOL.DRV
0x77160000 - 0x77281000         F:\WINDOWS\system32\ole32.dll
0x58730000 - 0x58764000         F:\WINDOWS\System32\uxtheme.dll
0x6D1E0000 - 0x6D21B000         J:\java\jdk1.3.1_09\win32\jre\bin\fontmanager.dl
l

        at java.awt.Component.dispatchEvent(Component.java:2492)
        at java.awt.EventQueue.dispatchEvent(EventQueue.java:334)
        at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchTh
read.java:126)
        at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThre
ad.java:93)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:88)
        at java.awt.EventDispatchThread.run(EventDispatchThread.java:80)

Dynamic libraries:
0x00400000 - 0x00405000         J:\java\jdk1.3.1_09\win32\bin\java.exe
0x77F50000 - 0x77FE4000         F:\WINDOWS\System32\ntdll.dll
0x77E20000 - 0x77F43000         F:\WINDOWS\system32\kernel32.dll
0x77D80000 - 0x77E1B000         F:\WINDOWS\system32\ADVAPI32.dll
0x78000000 - 0x78086000         F:\WINDOWS\system32\RPCRT4.dll
0x77BC0000 - 0x77C13000         F:\WINDOWS\system32\MSVCRT.dll
0x6D420000 - 0x6D4F9000         J:\java\jdk1.3.1_09\win32\jre\bin\hotspot\jvm.dl
l
0x77CF0000 - 0x77D7B000         F:\WINDOWS\system32\USER32.dll
0x77C20000 - 0x77C60000         F:\WINDOWS\system32\GDI32.dll
0x76AF0000 - 0x76B1A000         F:\WINDOWS\System32\WINMM.dll
0x762E0000 - 0x762FC000         F:\WINDOWS\System32\IMM32.DLL
0x60740000 - 0x60748000         F:\WINDOWS\System32\LPK.DLL
0x72EF0000 - 0x72F4A000         F:\WINDOWS\System32\USP10.dll
0x6D220000 - 0x6D227000         J:\java\jdk1.3.1_09\win32\jre\bin\hpi.dll
0x6D3B0000 - 0x6D3BD000         J:\java\jdk1.3.1_09\win32\jre\bin\verify.dll
0x6D250000 - 0x6D268000         J:\java\jdk1.3.1_09\win32\jre\bin\java.dll
0x6D3C0000 - 0x6D3CD000         J:\java\jdk1.3.1_09\win32\jre\bin\zip.dll
0x6D020000 - 0x6D12B000         J:\java\jdk1.3.1_09\win32\jre\bin\awt.dll
0x72F50000 - 0x72F73000         F:\WINDOWS\System32\WINSPOOL.DRV
0x77160000 - 0x77281000         F:\WINDOWS\system32\ole32.dll
0x58730000 - 0x58764000         F:\WINDOWS\System32\uxtheme.dll
0x6D1E0000 - 0x6D21B000         J:\java\jdk1.3.1_09\win32\jre\bin\fontmanager.dl
l
0x74660000 - 0x746A4000         F:\WINDOWS\System32\MSCTF.dll
0x08FB0000 - 0x08FDB000         F:\WINDOWS\System32\msctfime.ime
0x3A700000 - 0x3A754000         F:\WINDOWS\System32\imjp81.ime
0x648F0000 - 0x649BC000         F:\WINDOWS\System32\IMJP81K.DLL
0x772F0000 - 0x7737B000         F:\WINDOWS\system32\COMCTL32.DLL
0x77380000 - 0x77B60000         F:\WINDOWS\system32\SHELL32.DLL
0x08FF0000 - 0x09054000         F:\WINDOWS\system32\SHLWAPI.dll
0x78090000 - 0x78174000         F:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-C
ontrols_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
0x76C40000 - 0x76C62000         F:\WINDOWS\system32\imagehlp.dll
0x6D6B0000 - 0x6D72D000         F:\WINDOWS\system32\DBGHELP.dll
0x77BB0000 - 0x77BB7000         F:\WINDOWS\system32\VERSION.dll
0x76BA0000 - 0x76BAB000         F:\WINDOWS\System32\PSAPI.DLL

Local Time = Mon Aug 11 15:42:09 2003
Elapsed Time = 6
#
# The exception above was detected in native code outside the VM
#
# Java VM: Java HotSpot(TM) Client VM (1.3.1_09-b03 mixed mode)
#


<===============================


According to users investigation, this issues occurs when we set the
invalid number data of REctangle in java.awt.Graphics.Graphics.fillRect().

 1)  x + width is greater than the maximun of 32 bits integer
 2)  y + height is greater than the maxmun number of 32 bits integer

Further investigation,  Java_sun_java2d_loops_IntDiscreteRenderer_devSetRect 
does not check if the above numbers.
At the entrance of the function, it checks the range of Rectangle.
but it doesn't seem to check when the following number becomes greater than 
the maximun of jint.
  1') jint x + jint w
  2') jint y + jint h

If the above value is greater than jint max, dataPtr[x] is invalid address
and access violation occurs.


TO REPRODUCE:
  Compile the attached file, "Test.java",  and invoke "java Test" in 1.3.1_09.

NOTE:
  This issue does not occur in 1.4.2fcs.

===========================================================================
Work Around 
N/A
Evaluation 
This issues occurs when we set the invalid number data of 
Rectangle in java.awt.Graphics.Graphics.fillRect().
A backport was requested as this issue does not reproduce in 1.4.X
but could not be provided as the whole structure of Java2D 1.4.X had changed,
thus a new workaround with the existing files has been provided.
Class IntDiscreteRenderer in IntDiscreteRenderer.java calls devSetRect which 
is a native method (JNI call in IntDiscreteRenderer.c )
We add a few checks for checking for width and height and set limits for the width and height in both IntDiscreteRenderer.c and ShortDiscreteRenderer.c which eventually prevents the crash.
Fujitsu had sent the workaround for this issue

  xxxxx@xxxxx   2004-01-16
Comments
  
  Include a link with my name & email   

Submitted On 25-APR-2007 
i got this bin\awt.dll old file not found. However a file of the same name was found. no update was done since file contents do not match. i got this during an update session of your funtime or real time enviro. Can you please advise me of something I can do to fix this issue? THANK YOU SO MUCH for any info to help me.


Submitted On 25-APR-2007 
Also i got this too Error 1722 Window Internet Package. Any help there too please? THANKS a million!



PLEASE NOTE: JDK6 is formerly known as Project Mustang





About Sun  |  About This Site  |  Newsletters  |  Contact Us  |  Employment
How to Buy  |  Licensing  |  Terms of Use  |  Privacy  |  Trademarks
 

 
Copyright 1994-2008 Sun Microsystems, Inc.
A Sun Developer Network Site

Unless otherwise licensed, code in all technical manuals herein (including articles, FAQs, samples) is provided under this License.
 
XML Content Feeds