Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-7174250

Calling JSObject.getMember(null) in an applet crashes the plugin and the browser

    Details

    • Subcomponent:
    • Resolved In Build:
      b44
    • CPU:
      x86
    • OS:
      windows_7
    • Verification:
      Verified

      Backports

        Description

        FULL PRODUCT VERSION :
        java version "1.7.0_04"
        Java(TM) SE Runtime Environment (build 1.7.0_04-b22)
        Java HotSpot(TM) Client VM (build 23.0-b21, mixed mode, sharing)

        Java(TM) Platform SE 7 U4 10.4.0.22

        ADDITIONAL OS VERSION INFORMATION :
        Windows 7 64-bit [Version 6.1.7601]

        EXTRA RELEVANT SYSTEM CONFIGURATION :
        Firefox 13.0 (32-bit)

        A DESCRIPTION OF THE PROBLEM :
        If an applet uses netscape.javascript.JSObject to interact with JavaScript/DOM objects in its host web page, but passes null to one of JSObject's methods where a property name is expected, the browser process will crash due to a null pointer dereference in jvm.dll.

        STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
        Load an applet that calls netscape.javascript.JSObject.getMember(String) with a null member name argument.

        EXPECTED VERSUS ACTUAL BEHAVIOR :
        EXPECTED -
        The method call gracefully returns null or throws an appropriate exception.
        ACTUAL -
        An access violation occurs in jvm.dll, terminating the browser process.

        REPRODUCIBILITY :
        This bug can be reproduced always.

        ---------- BEGIN SOURCE ----------
        public class CrashApplet extends java.applet.Applet {

            public void start() {
                netscape.javascript.JSObject.getWindow(this).getMember(null);
            }

        }
        ---------- END SOURCE ----------

        CUSTOMER SUBMITTED WORKAROUND :
        Null-check "name" arguments before passing them to JSObject.

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  jmcglynn Joe Mcglynn (Inactive)
                  Reporter:
                  webbuggrp Webbug Group
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Imported:
                    Indexed: