Mailing-List: contact commits-help@harmony.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@harmony.apache.org
Message-ID: <29021076.1176826936067.JavaMail.jira@brutus>
Date: Tue, 17 Apr 2007 09:22:16 -0700 (PDT)
From: "Gregory Shimansky (JIRA)" <jira@apache.org>
To: commits@harmony.apache.org
Subject: [jira] Commented: (HARMONY-2669) [classlib][charsets] Working with
 charset ISO-2022-CN crashes DRLVM
In-Reply-To: <13715204.1166024781746.JavaMail.jira@brutus>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit


    [ https://issues.apache.org/jira/browse/HARMONY-2669?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12489454 ] 

Gregory Shimansky commented on HARMONY-2669:
--------------------------------------------

The bug appears to be in this code of Java_com_ibm_icu4jni_converters_NativeConverter_setSubstitutionBytes (see icu4jni, the patched version for memory leaks):

        jbyte* u_subChars = (*env)->GetPrimitiveArrayCritical(env,subChars,NULL);
        if(u_subChars){
             char* mySubChars= (char*)malloc(sizeof(char)*length);
             toChars((UChar*)u_subChars,&mySubChars[0],length);
             ucnv_setSubstChars(cnv,mySubChars, (char)length,&errorCode);
             if(U_FAILURE(errorCode)){
/* !!! */       (*env)->ReleasePrimitiveArrayCritical(env,subChars,mySubChars /* Here should be u_subChars */ ,0); /* !!! */
                return errorCode;
             }
             free(mySubChars);
        }

ICU mistakenly passes a pointer to an array allocated in this function. But on windows in debug mode MSVC has some paranoiac checks that heap pointer allocated in one DLL (ICU) cannot be freed in another DLL (DRLVM). So when VM tries to free mySubChars it fails paranoiac MSVC check.

I checked ICU 3.6 and the code is still the same. Probably we could use patched ICUInterface34.dll and report a bug on ICU. I am not sure how many other places in ICU share the same pattern.

> [classlib][charsets] Working with charset ISO-2022-CN crashes DRLVM
> -------------------------------------------------------------------
>
>                 Key: HARMONY-2669
>                 URL: https://issues.apache.org/jira/browse/HARMONY-2669
>             Project: Harmony
>          Issue Type: Bug
>          Components: Classlib
>         Environment: Windows XP i686
>            Reporter: Salikh Zakirov
>         Assigned To: Gregory Shimansky
>         Attachments: Enc.java
>
>
> The attached test crashes debug version of DRLVM on a heap pointer validity check on free().
> With the following stack:
>  	harmonyvm.dll!_CrtIsValidHeapPointer(const void * pUserData=0x02876958)  Line 1807	C
>  	harmonyvm.dll!_free_dbg_lk(void * pUserData=0x02876958, int nBlockUse=0x00000001)  Line 1132 + 0x9 bytes	C
>  	harmonyvm.dll!_free_dbg(void * pUserData=0x02876958, int nBlockUse=0x00000001)  Line 1070 + 0xd bytes	C
>  	harmonyvm.dll!free(void * pUserData=0x02876958)  Line 1025 + 0xb bytes	C
>  	harmonyvm.dll!ReleaseByteArrayElements(JNIEnv_External * env=0x011c2cc0, _jobject * array=0x0013f40c, char * elems=0x02876958, int mode=0x00000000)  Line 908 + 0x9 bytes	C++
> >	harmonyvm.dll!ReleasePrimitiveArrayCritical(JNIEnv_External * jenv=0x011c2cc0, _jobject * array=0x0013f40c, void * carray=0x02876958, int mode=0x00000000)  Line 1305 + 0x15 bytes	C++
>  	ICUInterface34.dll!0285211e() 	
> Running the same test with J9 produces
> Exception in thread "main" java.lang.IllegalArgumentException: U_ILLEGAL_ARGUMENT_ERROR
>         at com.ibm.icu4jni.common.ErrorCode.getException(Unknown Source)
>         at com.ibm.icu4jni.charset.CharsetEncoderICU.implReplaceWith(Unknown Source)
>         at java.nio.charset.CharsetEncoder.replaceWith(CharsetEncoder.java:856)
>         at Enc.main(Enc.java:9)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.