FULL PRODUCT VERSION :
java version "1.4.2_03"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_03-b02)
Java HotSpot(TM) Client VM (build 1.4.2_03-b02, mixed mode)

ADDITIONAL OS VERSION INFORMATION :
 customer  Windows 2000 [Version 5.00.2195]

EXTRA RELEVANT SYSTEM CONFIGURATION :
using: jai_imageio-1_0_01-beta-lib-windows-i586


A DESCRIPTION OF THE PROBLEM :
Different but reproducible VM crashes when loading JPEG/JPEG-LS images.

Looks a lot like bug 4953061, but that one occured on a unix system and is marked as fixed.


STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
See bug 4953061;

- get the test images from ftp://medical.nema.org/MEDICAL/Dicom/DataSets/WG04/compsamples_jpegls.tar and compsamples_jpeg.tar

- extract archives to directories with the same name as the archives (also see the source code for the file names).

- get the provided sample code.

- change the baseDir string to the base location where you stored the images.

- execute the test app (with more memory than default):
%JAVA_HOME%\bin\java -Xmx400m TestImageReader


EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
No VM crash.
ACTUAL -
Often occuring VM crash.

ERROR MESSAGES/STACK TRACES THAT OCCUR :
The VM crash msgs seem to vary between different runs of the same test.
most often,
Function=[Unknown.]    or
Function=RtlFreeHeap+0x31D


Two sample dumps:

An unexpected exception has been detected in native code outside the VM.
Unexpected Signal : EXCEPTION_ACCESS_VIOLATION (0xc0000005) occurred at PC=0x186
4BC92
Function=[Unknown.]
Library=C:\java\j2sdk1.4.2\jre\lib\ext\clib_jiio.dll

NOTE: We are unable to locate the function name  customer  for the error
      just occurred. Please refer to release documentation for possible
      reason and solutions.


Current Java thread:
        at com.sun.medialib.codec.jpeg.Decoder.njpeg_decode(Native Method)
        at com.sun.medialib.codec.jpeg.Decoder.decode(Decoder.java:87)
        at com.sun.media.imageioimpl.plugins.jpeg.CLibJPEGImageReader.decode(CLi
bJPEGImageReader.java:73)
        - locked <0x10012180> (a com.sun.media.imageioimpl.plugins.jpeg.CLibJPEG
ImageReader)
        at com.sun.media.imageioimpl.plugins.clib.CLibImageReader.getImage(CLibI
mageReader.java:275)
        - locked <0x10012180> (a com.sun.media.imageioimpl.plugins.jpeg.CLibJPEG
ImageReader)
        at com.sun.media.imageioimpl.plugins.clib.CLibImageReader.read(CLibImage
Reader.java:339)
        - locked <0x10012180> (a com.sun.media.imageioimpl.plugins.jpeg.CLibJPEG
ImageReader)
        at javax.imageio.ImageReader.read(ImageReader.java:919)
        at TestImageReader.main(TestImageReader.java:129)

Dynamic libraries:
0x00400000 - 0x00406000         c:\java\j2sdk1.4.2\bin\java.exe
0x77F80000 - 0x77FFB000         C:\WINNT\System32\ntdll.dll
0x77DB0000 - 0x77E0D000         C:\WINNT\system32\ADVAPI32.dll
0x77E80000 - 0x77F36000         C:\WINNT\system32\KERNEL32.DLL
0x77D30000 - 0x77DA1000         C:\WINNT\system32\RPCRT4.DLL
0x78000000 - 0x78046000         C:\WINNT\system32\MSVCRT.dll
0x08000000 - 0x08138000         c:\java\j2sdk1.4.2\jre\bin\client\jvm.dll
0x77E10000 - 0x77E75000         C:\WINNT\system32\USER32.dll
0x77F40000 - 0x77F7C000         C:\WINNT\system32\GDI32.DLL
0x77570000 - 0x775A0000         C:\WINNT\System32\WINMM.dll
0x10000000 - 0x10007000         c:\java\j2sdk1.4.2\jre\bin\hpi.dll
0x007C0000 - 0x007CE000         c:\java\j2sdk1.4.2\jre\bin\verify.dll
0x007D0000 - 0x007E9000         c:\java\j2sdk1.4.2\jre\bin\java.dll
0x007F0000 - 0x007FD000         c:\java\j2sdk1.4.2\jre\bin\zip.dll
0x18470000 - 0x18493000         C:\java\j2sdk1.4.2\jre\bin\cmm.dll
0x185A0000 - 0x185BE000         C:\java\j2sdk1.4.2\jre\bin\jpeg.dll
0x185C0000 - 0x186A5000         C:\java\j2sdk1.4.2\jre\lib\ext\clib_jiio.dll
0x186B0000 - 0x187BF000         C:\java\j2sdk1.4.2\jre\bin\awt.dll
0x77800000 - 0x7781E000         C:\WINNT\System32\WINSPOOL.DRV
0x76620000 - 0x76630000         C:\WINNT\system32\MPR.DLL
0x75E60000 - 0x75E7A000         C:\WINNT\System32\IMM32.dll
0x77A50000 - 0x77B45000         C:\WINNT\system32\ole32.dll
0x77920000 - 0x77943000         C:\WINNT\system32\imagehlp.dll
0x72A00000 - 0x72A2D000         C:\WINNT\system32\DBGHELP.dll
0x690A0000 - 0x690AB000         C:\WINNT\System32\PSAPI.DLL

Heap at VM Abort:
Heap
 def new generation   total 576K, used 25K [0x10010000, 0x100b0000, 0x104f0000)
  eden space 512K,   5% used [0x10010000, 0x100167c0, 0x10090000)
  from space 64K,   0% used [0x10090000, 0x10090000, 0x100a0000)
  to   space 64K,   0% used [0x100a0000, 0x100a0000, 0x100b0000)
 tenured generation   total 1408K, used 792K [0x104f0000, 0x10650000, 0x14010000
)
   the space 1408K,  56% used [0x104f0000, 0x105b63c8, 0x105b6400, 0x10650000)
 compacting perm gen  total 4096K, used 2394K [0x14010000, 0x14410000, 0x1801000
0)
   the space 4096K,  58% used [0x14010000, 0x14266b68, 0x14266c00, 0x14410000)

Local Time = Tue Jun 15 15:32:54 2004
Elapsed Time = 0
#
# The exception above was detected in native code outside the VM
#
# Java VM: Java HotSpot(TM) Client VM (1.4.2_03-b02 mixed mode)
#
# An error report file has been saved as hs_err_pid1560.log.
# Please refer to the file for further information.
#







An unexpected exception has been detected in native code outside the VM.
Unexpected Signal : EXCEPTION_ACCESS_VIOLATION (0xc0000005) occurred at PC=0x77F
CB9AE
Function=RtlFreeHeap+0x31D
Library=C:\WINNT\System32\ntdll.dll

Current Java thread:
        at com.sun.medialib.codec.jpeg.Decoder.njpeg_decode_init(Native Method)
        at com.sun.medialib.codec.jpeg.Decoder.<init>(Decoder.java:54)
        at com.sun.media.imageioimpl.plugins.jpeg.CLibJPEGImageReader.getInfoIma
ge(CLibJPEGImageReader.java:123)
        - locked <0x10092190> (a com.sun.media.imageioimpl.plugins.jpeg.CLibJPEG
ImageReader)
        at com.sun.media.imageioimpl.plugins.jpeg.CLibJPEGImageReader.getRawImag
eType(CLibJPEGImageReader.java:187)
        - locked <0x10092190> (a com.sun.media.imageioimpl.plugins.jpeg.CLibJPEG
ImageReader)
        at com.sun.media.imageioimpl.plugins.clib.CLibImageReader.read(CLibImage
Reader.java:335)
        - locked <0x10092190> (a com.sun.media.imageioimpl.plugins.jpeg.CLibJPEG
ImageReader)
        at javax.imageio.ImageReader.read(ImageReader.java:919)
        at TestImageReader.main(TestImageReader.java:129)

Dynamic libraries:
0x00400000 - 0x00406000         c:\java\j2sdk1.4.2\bin\java.exe
0x77F80000 - 0x77FFB000         C:\WINNT\System32\ntdll.dll
0x77DB0000 - 0x77E0D000         C:\WINNT\system32\ADVAPI32.dll
0x77E80000 - 0x77F36000         C:\WINNT\system32\KERNEL32.DLL
0x77D30000 - 0x77DA1000         C:\WINNT\system32\RPCRT4.DLL
0x78000000 - 0x78046000         C:\WINNT\system32\MSVCRT.dll
0x08000000 - 0x08138000         c:\java\j2sdk1.4.2\jre\bin\client\jvm.dll
0x77E10000 - 0x77E75000         C:\WINNT\system32\USER32.dll
0x77F40000 - 0x77F7C000         C:\WINNT\system32\GDI32.DLL
0x77570000 - 0x775A0000         C:\WINNT\System32\WINMM.dll
0x10000000 - 0x10007000         c:\java\j2sdk1.4.2\jre\bin\hpi.dll
0x007C0000 - 0x007CE000         c:\java\j2sdk1.4.2\jre\bin\verify.dll
0x007D0000 - 0x007E9000         c:\java\j2sdk1.4.2\jre\bin\java.dll
0x007F0000 - 0x007FD000         c:\java\j2sdk1.4.2\jre\bin\zip.dll
0x18470000 - 0x18493000         C:\java\j2sdk1.4.2\jre\bin\cmm.dll
0x185A0000 - 0x185BE000         C:\java\j2sdk1.4.2\jre\bin\jpeg.dll
0x185C0000 - 0x186A5000         C:\java\j2sdk1.4.2\jre\lib\ext\clib_jiio.dll
0x186B0000 - 0x187BF000         C:\java\j2sdk1.4.2\jre\bin\awt.dll
0x77800000 - 0x7781E000         C:\WINNT\System32\WINSPOOL.DRV
0x76620000 - 0x76630000         C:\WINNT\system32\MPR.DLL
0x75E60000 - 0x75E7A000         C:\WINNT\System32\IMM32.dll
0x77A50000 - 0x77B45000         C:\WINNT\system32\ole32.dll
0x77920000 - 0x77943000         C:\WINNT\system32\imagehlp.dll
0x72A00000 - 0x72A2D000         C:\WINNT\system32\DBGHELP.dll
0x690A0000 - 0x690AB000         C:\WINNT\System32\PSAPI.DLL

Heap at VM Abort:
Heap
 def new generation   total 2304K, used 580K [0x10010000, 0x10280000, 0x104f0000
)
  eden space 2112K,  25% used [0x10010000, 0x100955c8, 0x10220000)
  from space 192K,  24% used [0x10250000, 0x1025bda0, 0x10280000)
  to   space 192K,   0% used [0x10220000, 0x10220000, 0x10250000)
 tenured generation   total 29320K, used 783K [0x104f0000, 0x12192000, 0x1401000
0)
   the space 29320K,   2% used [0x104f0000, 0x105b3c68, 0x105b3e00, 0x12192000)
 compacting perm gen  total 4096K, used 2390K [0x14010000, 0x14410000, 0x1801000
0)
   the space 4096K,  58% used [0x14010000, 0x14265950, 0x14265a00, 0x14410000)

Local Time = Tue Jun 15 15:30:21 2004
Elapsed Time = 9
#
# The exception above was detected in native code outside the VM
#
# Java VM: Java HotSpot(TM) Client VM (1.4.2_03-b02 mixed mode)
#
# An error report file has been saved as hs_err_pid1448.log.
# Please refer to the file for further information.

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
// Slightly modified source from bug report 4953061 to process multiple images

import java.io.*;
import java.util.Iterator;

import javax.imageio.ImageIO;
import javax.imageio.ImageReader;
import javax.imageio.stream.ImageInputStream;

public class TestImageReader
{

    public static void main(String[] args)
    {
        try
        {
            // sources: ftp://medical.nema.org/MEDICAL/Dicom/DataSets/WG04/*.tar

			// change this to your local image dir
			String baseDir = "C:/_media/Pictures/ByFormat/dicom/ref-images-wg04/";

            String[] jpegFiles = new String[] {
				"compsamples_jpeg/IMAGES/JPLL/CT1_JPLL",
				"compsamples_jpeg/IMAGES/JPLL/CT2_JPLL",
				"compsamples_jpeg/IMAGES/JPLL/MG1_JPLL",
				"compsamples_jpeg/IMAGES/JPLL/MR1_JPLL",
				"compsamples_jpeg/IMAGES/JPLL/MR2_JPLL",
				"compsamples_jpeg/IMAGES/JPLL/MR3_JPLL",
				"compsamples_jpeg/IMAGES/JPLL/MR4_JPLL",
				"compsamples_jpeg/IMAGES/JPLL/NM1_JPLL",
				"compsamples_jpeg/IMAGES/JPLL/RG1_JPLL",
				"compsamples_jpeg/IMAGES/JPLL/RG2_JPLL",
				"compsamples_jpeg/IMAGES/JPLL/RG3_JPLL",
				"compsamples_jpeg/IMAGES/JPLL/SC1_JPLL",
				"compsamples_jpeg/IMAGES/JPLL/XA1_JPLL",

				"compsamples_jpeg/IMAGES/JPLY/MG1_JPLY",
				"compsamples_jpeg/IMAGES/JPLY/MR1_JPLY",
				"compsamples_jpeg/IMAGES/JPLY/MR2_JPLY",
				"compsamples_jpeg/IMAGES/JPLY/MR3_JPLY",
				"compsamples_jpeg/IMAGES/JPLY/MR4_JPLY",
				"compsamples_jpeg/IMAGES/JPLY/NM1_JPLY",
				"compsamples_jpeg/IMAGES/JPLY/RG2_JPLY",
				"compsamples_jpeg/IMAGES/JPLY/RG3_JPLY",
				"compsamples_jpeg/IMAGES/JPLY/SC1_JPLY",
				"compsamples_jpeg/IMAGES/JPLY/XA1_JPLY",

				"compsamples_jpegls/IMAGES/JLSL/CT1_JLSL",
				"compsamples_jpegls/IMAGES/JLSL/CT2_JLSL",
				"compsamples_jpegls/IMAGES/JLSL/MG1_JLSL",
				"compsamples_jpegls/IMAGES/JLSL/MR1_JLSL",
				"compsamples_jpegls/IMAGES/JLSL/MR2_JLSL",
				"compsamples_jpegls/IMAGES/JLSL/MR3_JLSL",
				"compsamples_jpegls/IMAGES/JLSL/MR4_JLSL",
				"compsamples_jpegls/IMAGES/JLSL/NM1_JLSL",
				"compsamples_jpegls/IMAGES/JLSL/RG1_JLSL",
				"compsamples_jpegls/IMAGES/JLSL/RG2_JLSL",
				"compsamples_jpegls/IMAGES/JLSL/RG3_JLSL",
				"compsamples_jpegls/IMAGES/JLSL/SC1_JLSL",
				"compsamples_jpegls/IMAGES/JLSL/XA1_JLSL",

				"compsamples_jpegls/IMAGES/JLSN/CT1_JLSN",
				"compsamples_jpegls/IMAGES/JLSN/CT2_JLSN",
				"compsamples_jpegls/IMAGES/JLSN/MG1_JLSN",
				"compsamples_jpegls/IMAGES/JLSN/MR1_JLSN",
				"compsamples_jpegls/IMAGES/JLSN/MR2_JLSN",
				"compsamples_jpegls/IMAGES/JLSN/MR3_JLSN",
				"compsamples_jpegls/IMAGES/JLSN/MR4_JLSN",
				"compsamples_jpegls/IMAGES/JLSN/NM1_JLSN",
				"compsamples_jpegls/IMAGES/JLSN/RG1_JLSN",
				"compsamples_jpegls/IMAGES/JLSN/RG2_JLSN",
				"compsamples_jpegls/IMAGES/JLSN/RG3_JLSN",
				"compsamples_jpegls/IMAGES/JLSN/SC1_JLSN",
				"compsamples_jpegls/IMAGES/JLSN/XA1_JLSN"
			};

			// try reading all jpeg files
			for (int i=0; i<jpegFiles.length; i++) {
				String fileName = baseDir+jpegFiles[i];
				System.out.println("Loading jpeg "+fileName);
            	File file = new File(fileName);
            	int imageDataOffset = getPosition(file, 0xFFD9); // jpeg start tag
            	ImageReader r = getReader("jpg", "CLibJPEGImageReader");
            	ImageInputStream iis = ImageIO.createImageInputStream(file);
            	iis.seek(imageDataOffset); // seek to encoded Pixel data
            	r.setInput(iis);
            	System.out.println("read:" + r.read(0));
			}


        } catch (Throwable e)
        {
            e.printStackTrace();
        }
    }

    private static int getPosition(File file, int tagNumber) {
		try {
			byte b0 = (byte)((tagNumber & 0xFF00)>>8);
			byte b1 = (byte)(tagNumber & 0xFF);
			byte previous;
			byte current = 0;
			int pos = 0;
			FileInputStream fis = new FileInputStream(file);
			do {
				previous = current;
				current = (byte)fis.read();
				pos++;
			} while (!(current==b1 && previous==b0));
			fis.close();
			System.out.println("found tag @ "+(pos-2));
			return pos-2;
		} catch (Exception e) {
			return -1;
		}
	}

    private static ImageReader getReader(String suffixName, String className) {
        for (Iterator it = ImageIO.getImageReadersBySuffix(suffixName); it.hasNext();) {
            ImageReader r = (ImageReader) it.next();
            System.out.println("reader:"+r.getClass().getName());
            if (r.getClass().getName().endsWith(className))
            {
                return r;
            }
        }
        throw new RuntimeException("Could not find ImageReader:" + className);
    }
}
---------- END SOURCE ----------
(Incident Review ID: 280050) 
======================================================================

N/A

--- BEGIN ---   xxxxx@xxxxx   2004-07-23

One of those crashes was tracked down to a place where the input bitstream
looked like "feff 00e0 0000 0100", which caused the JPEG decoder to read out
of bounds of a table.  And more instances of "feff 00e0" were observed in
the middle of the JPEG bitstream of that file and other DICOM files.

It turns out that (FFFE,E000) is a Data Element Tag in DICOM for items.
See section 7.5 of Part 5 of the DICOM standard on the following page for
details.

    http://medical.nema.org/dicom/2003.html

In fact, there is the following in the README file for the DICOM data set
used by the test case:

    "The compressed images are encapsulated as per the standard
    requirements in PS 3.5; even though all the images are single
    frame in some cases the compressed bitstream is fragmented
    into multiple items."

Therefore, simply chopping off the DICOM header does not yield a real JPEG
bitstream in some cases.  There might be some DICOM tags left.

--- END ---   xxxxx@xxxxx   2004-07-23

----------
  xxxxx@xxxxx   2004-08-10

With the jclib4jai.20040809 build, most crashes can been avoided.  The decoder
gives partially correct results, instead of throwing an exception, upon the
test images provided.  It is done so for two reasons: 1) the DICOM tags left
in the data segment can not be detected immediately; 2) detecting this kind of
errors and throwing an exception can be costly and hurt performance on good
data.

The fact that dicom tags still exist in the jpg streams passed to java is only a result of the sample program being very much simplified simplified to demonstrate the occuring VM crashes.

In our real application, the dicom files are properly parsed and only the pure jpg/j2k image data is passed to java; however the parsing process is too complex to be put in a small test app.

The real problem is therefore not the image decoder failing on the dicom tags (although a VM crash should not be tolerated anyway), but the java VM crashing on assumably proper jpg/j2k/jpg-lossles/jpg-ls streams. 

I'm very sorry if the sample program suggested or maybe even introduced an other failure cause, but the program can be easily adapted to extract the data part from the start of the jpg data (FFD9) to the first occurrence of the jpg end marker (FFD8) and feeding that single-image data (without dicom tags) into the java image parser, which will still lead to VM crashes and/or corrupt images.

The problem seems to be fixed with the now available Java Advanced Imaging Image I/O API 1.0_01 RC (can't find the build number of it, but the clib_jiio.dll is dated 2004-08-17). Thanks!

Download at http://java.sun.com/developer/earlyAccess/jai_imageio/index.html

Note: the example above will not cause a VM-crash anymore; but it will not show all images properly since some of the examples contain a single image split up over multiple items (usually per 64K), which causes the sample code to pass the dicom-item-tags directly to the java image decoder (which usually causes it to fail).

To properly show those images, your software needs to collect all data from the multiple items, combine them and then feed that clean data stream into the java image parser.