|
Quick Lists
|
|
Bug ID:
|
6658726
|
|
Votes
|
3
|
|
Synopsis
|
ColorConvertOp causes JVM to abort
|
|
Category
|
java:classes_2d
|
|
Reported Against
|
|
|
Release Fixed
|
7(b54),
6u14(b02) (Bug ID:2172436)
|
|
State
|
10-Fix Delivered,
bug
|
|
Priority:
|
3-Medium
|
|
Related Bugs
|
|
|
Submit Date
|
04-FEB-2008
|
|
Description
|
FULL PRODUCT VERSION :
java version "1.6.0_04"
Java(TM) SE Runtime Environment (build 1.6.0_04-b12)
Java HotSpot(TM) Server VM (build 10.0-b19, mixed mode)
AND
java version "1.7.0-ea"
Java(TM) SE Runtime Environment (build 1.7.0-ea-b24)
Java HotSpot(TM) Server VM (build 12.0-b01, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Linux gatekeeper 2.6.22.9-91.fc7 #1 SMP Thu Sep 27 23:10:59 EDT 2007 i686 athlon i386 GNU/Linux
A DESCRIPTION OF THE PROBLEM :
the JVM crashes trying to use ImageIO.read with specific JPG images. the image in question has an sRGB embedded profile. the same image displays fine using Preview.App under OSX for instance.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
ImageInputStream imageInputStream = new MemoryCacheImageInputStream(new ByteArrayInputStream(blob.getBytes(1L, (int)blob.length())));
BufferedImage sourceImage = ImageIO.read(imageInputStream);
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
the image to be read successfully or at worst throwing an exception
ACTUAL -
the JVM crashes and aborts.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
*** glibc detected *** java: corrupted double-linked list: 0x90843e60 ***
======= Backtrace: =========
/lib/libc.so.6[0x940867]
/lib/libc.so.6(__libc_malloc+0x7e)[0x941ebe]
/usr/local/jdk1.6.0_04/jre/lib/i386/libcmm.so[0x90600f65]
/usr/local/jdk1.6.0_04/jre/lib/i386/libcmm.so[0x905bb460]
/usr/local/jdk1.6.0_04/jre/lib/i386/libcmm.so[0x905b4690]
/usr/local/jdk1.6.0_04/jre/lib/i386/libcmm.so[0x905b3e34]
/usr/local/jdk1.6.0_04/jre/lib/i386/libcmm.so[0x905f79e6]
/usr/local/jdk1.6.0_04/jre/lib/i386/libcmm.so[0x905f7f4d]
/usr/local/jdk1.6.0_04/jre/lib/i386/libcmm.so[0x905f82a2]
/usr/local/jdk1.6.0_04/jre/lib/i386/libcmm.so[0x905fdc70]
/usr/local/jdk1.6.0_04/jre/lib/i386/libcmm.so(Java_sun_awt_color_CMM_cmmGetTransform+0xee)[0x906031ee]
[0xb4f123aa]
[0xb4f0ade9]
[0xb4f0af0d]
[0xb4f0ada7]
[0xb4f08249]
/usr/local/jdk1.6.0_04/jre/lib/i386/server/libjvm.so[0x637338d]
/usr/local/jdk1.6.0_04/jre/lib/i386/server/libjvm.so[0x64fd168]
/usr/local/jdk1.6.0_04/jre/lib/i386/server/libjvm.so[0x6373220]
/usr/local/jdk1.6.0_04/jre/lib/i386/server/libjvm.so[0x639cab7]
/usr/local/jdk1.6.0_04/jre/lib/i386/server/libjvm.so[0x638354a]
/usr/local/jdk1.6.0_04/jre/lib/i386/libjpeg.so(Java_com_sun_imageio_plugins_jpeg_JPEGImageReader_readImage+0xa36)[0x905872d6]
[0xb4f123aa]
[0xb4f0ace1]
[0xb4f0ada7]
[0xb4f0ada7]
[0xb4f0ada7]
[0xb4f08249]
/usr/local/jdk1.6.0_04/jre/lib/i386/server/libjvm.so[0x637338d]
/usr/local/jdk1.6.0_04/jre/lib/i386/server/libjvm.so[0x64fd168]
/usr/local/jdk1.6.0_04/jre/lib/i386/server/libjvm.so[0x6373220]
/usr/local/jdk1.6.0_04/jre/lib/i386/server/libjvm.so[0x639c846]
/usr/local/jdk1.6.0_04/jre/lib/i386/server/libjvm.so[0x638e048]
java(JavaMain+0x2c8)[0x8049b98]
/lib/libpthread.so.0[0xa6544b]
/lib/libc.so.6(clone+0x5e)[0x9a880e]
======= Memory map: ========
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import java.awt.image.BufferedImage;
import java.io.FileInputStream;
import javax.imageio.ImageIO;
import javax.imageio.stream.ImageInputStream;
import javax.imageio.stream.MemoryCacheImageInputStream;
public class ExportImagesTest
{
/**
* @param args
*/
public static void main(String[] args)
{
try
{
ImageInputStream imageInputStream = new MemoryCacheImageInputStream(new FileInputStream("broken.jpg"));
BufferedImage sourceImage = ImageIO.read(imageInputStream);
}
catch (Exception e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
---------- END SOURCE ----------
Posted Date : 2008-02-04 13:30:56.0
|
|
Work Around
|
N/A
|
|
Evaluation
|
The crash occurs in the CMM library code and seems to be caused by the embedded
color profile.
However, without sample image, it is quite hard to figure out actual reason
of the crash. There could be some peculiarities in the color profile that CMM
unable to handle, or there could be some issues in the Image IO plugin that lead
to corruption of the embeddedcolor profile.
We need a sample image in order to be able to investigate this problem,
so I move this CR to incomplete state.
Posted Date : 2008-11-23 07:38:43.0
Investigation of the sample image shows that embedded color profile
has some peculiarities which may cause crash in the kcms library.
Extracted profile and simplified test are attached.
Posted Date : 2008-11-24 08:41:25.0
The peculiarity of profile in question is that tone curve tags
for red, green, and blue components have incorrect signature:
instead of "curv" it has leading space char (" curv"). The kcms
code failed to recognize given tags as a tone curves and handles
them incorrectly, that leads to failure of a kcms transform creation.
Observed crash is manifestation of inconsistencies in error handling
strategy on several levels of kcms: to recovery after a error some
routines attempt to de-allocate data buffers which are referenced by a
duplicated pointers and aren't de-allocated in normal circumstances.
This cause heap corruption when actual data containers are destroyed
on a higher level.
However, there is a way to resolve this particular problem:
we can make the tag handlers more tolerant to incorrect tag signatures,
i.e. tag signature may be trimmed that makes possible to handle it without
any failures.
Posted Date : 2009-01-29 08:58:28.0
|
|
Comments
|
Submitted On 19-NOV-2008
scohen
We're experiencing the exact same problem. I can provide a sample image if required.
The following code works:
JPEGCodec.createJPEGDecoder(new ByteArrayInputStream(imageData)).decodeAsBufferedImage();
while
ImageIO.read(new ByteArrayInputStream(imageData)); fails.
Submitted On 25-NOV-2008
wilecoyote
i can provide a sample image too.
PLEASE NOTE: JDK6 is formerly known as Project Mustang
|
|
|
|
