Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8040619

JVM fatal error due to bug in libfontmanager.so

    Details

      Description

      FULL PRODUCT VERSION :
      java version " 1.6.0_45 "
      Java(TM) SE Runtime Environment (build 1.6.0_45-b06)
      Java HotSpot(TM) 64-Bit Server VM (build 20.45-b01, mixed mode)


      FULL OS VERSION :
      Linux znas.local 2.6.32-358.2.1.el6.x86_64 #1 SMP Tue Mar 12 14:18:09 CDT 2013 x86_64 x86_64 x86_64 GNU/Linux


      EXTRA RELEVANT SYSTEM CONFIGURATION :
      Invoked through SSH (= not X11 specific)
      Error occurred on many other systems as well


      A DESCRIPTION OF THE PROBLEM :
      This is an error in a native library (libfontmanager.so) that is used in the Oracle JRE to render glyphs of java.awt.Font instances. It does not occur in OpenJDK.

      Drawing a glyph vector for a badly formatted TrueType font can result in a fatal error (crash) of the JVM, with the following message:

      # C [libfontmanager.so+0x242c8] imaginary long double+0xd8


      THE PROBLEM WAS REPRODUCIBLE WITH -Xint FLAG: Yes

      REGRESSION. Last worked in version 7

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      Use an Oracle JVM.

      1. Load a TrueType font with bad/missing cmap data into a java.awt.Font. (such fonts are usually embedded in PDF)
      2. Try to draw a glyph of this font. Glyph codes like 1 are not unusual.
      3. Experience a JVM crash.

      You may also use pdfbox 1.8.1 and try to render one of the PDFs attached in https://issues.apache.org/jira/browse/PDFBOX-1426 -- the same problem.


      EXPECTED VERSUS ACTUAL BEHAVIOR :
      No JVM crash.

      ERROR MESSAGES/STACK TRACES THAT OCCUR :
      #
      # A fatal error has been detected by the Java Runtime Environment:
      #
      # SIGSEGV (0xb) at pc=0x00007fe0514aa2c8, pid=21666, tid=140602005587712
      #
      # JRE version: 6.0_45-b06
      # Java VM: Java HotSpot(TM) 64-Bit Server VM (20.45-b01 mixed mode linux-amd64 compressed oops)
      # Problematic frame:
      # C [libfontmanager.so+0x242c8] imaginary long double+0xd8
      #
      # If you would like to submit a bug report, please visit:
      # http://java.sun.com/webapps/bugreport/crash.jsp
      # The crash happened outside the Java Virtual Machine in native code.
      # See problematic frame for where to report the bug.
      #

      --------------- T H R E A D ---------------

      Current thread (0x00007fe070006800): JavaThread " main " [_thread_in_native, id=21667, stack(0x00007fe074890000,0x00007fe074991000)]

      siginfo:si_signo=SIGSEGV: si_errno=0, si_code=1 (SEGV_MAPERR), si_addr=0x0000000000000014

      Registers:
      RAX=0x0000000000000000, RBX=0x0000000000000000, RCX=0x0000000000000008, RDX=0x0000000000000008
      RSP=0x00007fe07498ef30, RBP=0x00007fe0701be018, RSI=0x00000000636d6170, RDI=0x00007fe0701bd710
      R8 =0x0000000000000000, R9 =0x0000000000000001, R10=0x000000000000178a, R11=0x0000000000000206
      R12=0x0000000000000062, R13=0x00007fe07498ef6e, R14=0x0000000000000000, R15=0x00007fe0701be018
      RIP=0x00007fe0514aa2c8, EFLAGS=0x0000000000010246, CSGSFS=0x0000000000000033, ERR=0x0000000000000004
        TRAPNO=0x000000000000000e

        Top of Stack: (sp=0x00007fe07498ef30)
      0x00007fe07498ef30: 0000000000000000 00007fe0701d0eb8
      0x00007fe07498ef40: 00007fe051500379 0000000000000000
      0x00007fe07498ef50: 0000000000000000 00007fe051499dba
      0x00007fe07498ef60: 00007fe070005140 0000000174e33933
      0x00007fe07498ef70: 00007fe070005140 00007fe07498f188
      0x00007fe07498ef80: 00007fe07498efa0 00007fe074bc6f2e
      0x00007fe07498ef90: 00007fe075264d58 00007fe07498f0e0
      0x00007fe07498efa0: 00007fe07498f080 00007fe074e65ae6
      0x00007fe07498efb0: 00007fe075432af0 0000000000000000
      0x00007fe07498efc0: 00007fe0701d0eb8 0000000000000009
      0x00007fe07498efd0: 0000000000000000 0000000000010000
      0x00007fe07498efe0: 00007fe07498f160 00007fe0514994a8
      0x00007fe07498eff0: 000000000000044a 000000394f47a36b
      0x00007fe07498f000: 0001000000000000 000000000000178a
      0x00007fe07498f010: 00007fe0701d18d8 00007fe0701be018
      0x00007fe07498f020: 0000000000000fff 0000000000000000
      0x00007fe07498f030: 00000000001d6000 00000000000017c0
      0x00007fe07498f040: 0000000000000000 0000000000000000
      0x00007fe07498f050: 0000000000000001 0000008e0000017a
      0x00007fe07498f060: 0000007c00000066 0000006f00000077
      0x00007fe07498f070: 0000000000000000 0000000000001780
      0x00007fe07498f080: 000000000000178a 00007fe070000020
      0x00007fe07498f090: 00000000000005e0 00007fe0701bd710
      0x00007fe07498f0a0: 0000000000000178 000000394f47a911
      0x00007fe07498f0b0: 0000000000001780 00007fe0701bd710
      0x00007fe07498f0c0: 0000000000000000 00007fe0514ad17a
      0x00007fe07498f0d0: 0000000000001780 0000000000000008
      0x00007fe07498f0e0: 00007fe0701bd710 00007fe0514ad014
      0x00007fe07498f0f0: 0000000000000468 00007fe0701d18d8
      0x00007fe07498f100: 0000000000000178 00007fe051496afc
      0x00007fe07498f110: 0000000050ff8001 0000000070005140
      0x00007fe07498f120: 00007fe0701d1000 0000000000000000

      Instructions: (pc=0x00007fe0514aa2c8)
      0x00007fe0514aa2a8: eb bf e8 91 0d 00 00 eb b8 be 70 61 6d 63 48 89
      0x00007fe0514aa2b8: ef e8 e2 f9 ff ff 45 31 c0 48 8b bd f8 00 00 00
      0x00007fe0514aa2c8: 8b 48 14 8b 50 10 48 8b b5 e8 00 00 00 e8 e6 f3
      0x00007fe0514aa2d8: ff ff 48 8b bd f8 00 00 00 8b b5 a8 00 00 00 0f

      Register to memory mapping:

      RAX=0x0000000000000000 is an unknown value
      RBX=0x0000000000000000 is an unknown value
      RCX=0x0000000000000008 is an unknown value
      RDX=0x0000000000000008 is an unknown value
      RSP=0x00007fe07498ef30 is pointing into the stack for thread: 0x00007fe070006800
      RBP=0x00007fe0701be018 is an unknown value
      RSI=0x00000000636d6170 is an unknown value
      RDI=0x00007fe0701bd710 is an unknown value
      R8 =0x0000000000000000 is an unknown value
      R9 =0x0000000000000001 is an unknown value
      R10=0x000000000000178a is an unknown value
      R11=0x0000000000000206 is an unknown value
      R12=0x0000000000000062 is an unknown value
      R13=0x00007fe07498ef6e is pointing into the stack for thread: 0x00007fe070006800
      R14=0x0000000000000000 is an unknown value
      R15=0x00007fe0701be018 is an unknown value


      Stack: [0x00007fe074890000,0x00007fe074991000], sp=0x00007fe07498ef30, free space=1019k
      Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
      C [libfontmanager.so+0x242c8] imaginary long double+0xd8
      C 0x0000000000000000 JNU_ThrowClassNotFoundException+0xaeb7a000

      Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
      j sun.font.FileFont.getGlyphImage(JI)J+0
      j sun.font.FileFontStrike.getGlyphImagePtr(I)J+115
      j sun.font.FileFontStrike.getGlyphMetrics(IZ)Ljava/awt/geom/Point2D$Float;+29
      j sun.font.FileFontStrike.getGlyphMetrics(I)Ljava/awt/geom/Point2D$Float;+3
      j sun.font.StandardGlyphVector$GlyphStrike.addDefaultGlyphAdvance(ILjava/awt/geom/Point2D$Float;)V+5
      j sun.font.StandardGlyphVector.initPositions()V+162
      j sun.font.StandardGlyphVector.setupGlyphImages([J[F[D)Ljava/lang/Object;+1
      j sun.font.GlyphList.setFromGlyphVector(Lsun/java2d/loops/FontInfo;Ljava/awt/font/GlyphVector;FF)V+90
      j sun.java2d.pipe.GlyphListPipe.drawGlyphVector(Lsun/java2d/SunGraphics2D;Ljava/awt/font/GlyphVector;FF)V+129
      j sun.java2d.pipe.ValidatePipe.drawGlyphVector(Lsun/java2d/SunGraphics2D;Ljava/awt/font/GlyphVector;FF)V+17
      j sun.java2d.SunGraphics2D.drawGlyphVector(Ljava/awt/font/GlyphVector;FF)V+23
      j crash.FontCrash.main([Ljava/lang/String;)V+71
      v ~StubRoutines::call_stub

      --------------- P R O C E S S ---------------

      Java Threads: ( => current thread )
        0x00007fe0700df000 JavaThread " Java2D Disposer " daemon [_thread_blocked, id=21678, stack(0x00007fe051385000,0x00007fe051486000)]
        0x00007fe07008c800 JavaThread " Low Memory Detector " daemon [_thread_blocked, id=21676, stack(0x00007fe051e6c000,0x00007fe051f6d000)]
        0x00007fe07008a800 JavaThread " C2 CompilerThread1 " daemon [_thread_blocked, id=21675, stack(0x00007fe051f6d000,0x00007fe05206e000)]
        0x00007fe070087800 JavaThread " C2 CompilerThread0 " daemon [_thread_blocked, id=21674, stack(0x00007fe05206e000,0x00007fe05216f000)]
        0x00007fe070085800 JavaThread " Signal Dispatcher " daemon [_thread_blocked, id=21673, stack(0x00007fe06c09a000,0x00007fe06c19b000)]
        0x00007fe070069000 JavaThread " Finalizer " daemon [_thread_blocked, id=21672, stack(0x00007fe06c19b000,0x00007fe06c29c000)]
        0x00007fe070067000 JavaThread " Reference Handler " daemon [_thread_blocked, id=21671, stack(0x00007fe06c29c000,0x00007fe06c39d000)]
      =>0x00007fe070006800 JavaThread " main " [_thread_in_native, id=21667, stack(0x00007fe074890000,0x00007fe074991000)]

      Other Threads:
        0x00007fe070060800 VMThread [stack: 0x00007fe06c39d000,0x00007fe06c49e000] [id=21670]
        0x00007fe070097800 WatcherThread [stack: 0x00007fe051d6b000,0x00007fe051e6c000] [id=21677]

      VM state:not at safepoint (normal execution)

      VM Mutex/Monitor currently owned by a thread: None

      Heap
       PSYoungGen total 36736K, used 1897K [0x00000007d7000000, 0x00000007d9900000, 0x0000000800000000)
        eden space 31488K, 6% used [0x00000007d7000000,0x00000007d71da570,0x00000007d8ec0000)
        from space 5248K, 0% used [0x00000007d93e0000,0x00000007d93e0000,0x00000007d9900000)
        to space 5248K, 0% used [0x00000007d8ec0000,0x00000007d8ec0000,0x00000007d93e0000)
       PSOldGen total 83968K, used 0K [0x0000000785000000, 0x000000078a200000, 0x00000007d7000000)
        object space 83968K, 0% used [0x0000000785000000,0x0000000785000000,0x000000078a200000)
       PSPermGen total 21248K, used 6381K [0x000000077fe00000, 0x00000007812c0000, 0x0000000785000000)
        object space 21248K, 30% used [0x000000077fe00000,0x000000078043b788,0x00000007812c0000)

      Code Cache [0x00007fe06d000000, 0x00007fe06d270000, 0x00007fe070000000)
       total_blobs=318 nmethods=4 adapters=269 free_code_cache=49854464 largest_free_block=384

      Dynamic libraries:
      40000000-40009000 r-xp 00000000 00:20 130663 /tank/ck/work/jdk/jdk1.6.0_45/bin/java
      40108000-4010a000 rwxp 00008000 00:20 130663 /tank/ck/work/jdk/jdk1.6.0_45/bin/java
      4200d000-4202e000 rwxp 00000000 00:00 0 [heap]
      77fe00000-7812c0000 rwxp 00000000 00:00 0
      7812c0000-785000000 rwxp 00000000 00:00 0
      785000000-78a200000 rwxp 00000000 00:00 0
      78a200000-7d7000000 rwxp 00000000 00:00 0
      7d7000000-7d9900000 rwxp 00000000 00:00 0
      7d9900000-800000000 rwxp 00000000 00:00 0
      394f000000-394f020000 r-xp 00000000 08:a2 907678 /lib64/ld-2.12.so
      394f21f000-394f220000 r-xp 0001f000 08:a2 907678 /lib64/ld-2.12.so
      394f220000-394f221000 rwxp 00020000 08:a2 907678 /lib64/ld-2.12.so
      394f221000-394f222000 rwxp 00000000 00:00 0
      394f400000-394f58a000 r-xp 00000000 08:a2 907679 /lib64/libc-2.12.so
      394f58a000-394f789000 ---p 0018a000 08:a2 907679 /lib64/libc-2.12.so
      394f789000-394f78d000 r-xp 00189000 08:a2 907679 /lib64/libc-2.12.so
      394f78d000-394f78e000 rwxp 0018d000 08:a2 907679 /lib64/libc-2.12.so
      394f78e000-394f793000 rwxp 00000000 00:00 0
      394f800000-394f802000 r-xp 00000000 08:a2 907682 /lib64/libdl-2.12.so
      394f802000-394fa02000 ---p 00002000 08:a2 907682 /lib64/libdl-2.12.so
      394fa02000-394fa03000 r-xp 00002000 08:a2 907682 /lib64/libdl-2.12.so
      394fa03000-394fa04000 rwxp 00003000 08:a2 907682 /lib64/libdl-2.12.so
      394fc00000-394fc17000 r-xp 00000000 08:a2 907681 /lib64/libpthread-2.12.so
      394fc17000-394fe17000 ---p 00017000 08:a2 907681 /lib64/libpthread-2.12.so
      394fe17000-394fe18000 r-xp 00017000 08:a2 907681 /lib64/libpthread-2.12.so
      394fe18000-394fe19000 rwxp 00018000 08:a2 907681 /lib64/libpthread-2.12.so
      394fe19000-394fe1d000 rwxp 00000000 00:00 0
      3950400000-3950483000 r-xp 00000000 08:a2 907684 /lib64/libm-2.12.so
      3950483000-3950682000 ---p 00083000 08:a2 907684 /lib64/libm-2.12.so
      3950682000-3950683000 r-xp 00082000 08:a2 907684 /lib64/libm-2.12.so
      3950683000-3950684000 rwxp 00083000 08:a2 907684 /lib64/libm-2.12.so
      3950800000-3950807000 r-xp 00000000 08:a2 907691 /lib64/librt-2.12.so
      3950807000-3950a06000 ---p 00007000 08:a2 907691 /lib64/librt-2.12.so
      3950a06000-3950a07000 r-xp 00006000 08:a2 907691 /lib64/librt-2.12.so
      3950a07000-3950a08000 rwxp 00007000 08:a2 907691 /lib64/librt-2.12.so
      3952400000-395241d000 r-xp 00000000 08:a2 196675 /usr/lib64/libxcb.so.1.1.0
      395241d000-395261d000 ---p 0001d000 08:a2 196675 /usr/lib64/libxcb.so.1.1.0
      395261d000-395261e000 rwxp 0001d000 08:a2 196675 /usr/lib64/libxcb.so.1.1.0
      3952800000-3952816000 r-xp 00000000 08:a2 907712 /lib64/libnsl-2.12.so
      3952816000-3952a15000 ---p 00016000 08:a2 907712 /lib64/libnsl-2.12.so
      3952a15000-3952a16000 r-xp 00015000 08:a2 907712 /lib64/libnsl-2.12.so
      3952a16000-3952a17000 rwxp 00016000 08:a2 907712 /lib64/libnsl-2.12.so
      3952a17000-3952a19000 rwxp 00000000 00:00 0
      3952c00000-3952d37000 r-xp 00000000 08:a2 197716 /usr/lib64/libX11.so.6.3.0
      3952d37000-3952f37000 ---p 00137000 08:a2 197716 /usr/lib64/libX11.so.6.3.0
      3952f37000-3952f3d000 rwxp 00137000 08:a2 197716 /usr/lib64/libX11.so.6.3.0
      3954400000-3954412000 r-xp 00000000 08:a2 197778 /usr/lib64/libXext.so.6.4.0
      3954412000-3954612000 ---p 00012000 08:a2 197778 /usr/lib64/libXext.so.6.4.0
      3954612000-3954613000 rwxp 00012000 08:a2 197778 /usr/lib64/libXext.so.6.4.0
      395bc00000-395bc0e000 r-xp 00000000 08:a2 199962 /usr/lib64/libXi.so.6.1.0
      395bc0e000-395be0e000 ---p 0000e000 08:a2 199962 /usr/lib64/libXi.so.6.1.0
      395be0e000-395be0f000 rwxp 0000e000 08:a2 199962 /usr/lib64/libXi.so.6.1.0
      7fe034000000-7fe034021000 rwxp 00000000 00:00 0
      7fe034021000-7fe038000000 ---p 00000000 00:00 0
      7fe03c000000-7fe03c021000 rwxp 00000000 00:00 0
      7fe03c021000-7fe040000000 ---p 00000000 00:00 0
      7fe040000000-7fe040021000 rwxp 00000000 00:00 0
      7fe040021000-7fe044000000 ---p 00000000 00:00 0
      7fe044000000-7fe044151000 rwxp 00000000 00:00 0
      7fe044151000-7fe048000000 ---p 00000000 00:00 0
      7fe048000000-7fe048078000 rwxp 00000000 00:00 0
      7fe048078000-7fe04c000000 ---p 00000000 00:00 0
      7fe04c000000-7fe04c021000 rwxp 00000000 00:00 0
      7fe04c021000-7fe050000000 ---p 00000000 00:00 0
      7fe051166000-7fe05116d000 r-xp 00000000 00:20 188825 /tank/ck/work/jdk/jdk1.6.0_45/jre/lib/amd64/libnio.so
      7fe05116d000-7fe05126c000 ---p 00007000 00:20 188825 /tank/ck/work/jdk/jdk1.6.0_45/jre/lib/amd64/libnio.so
      7fe05126c000-7fe05126e000 rwxp 00006000 00:20 188825 /tank/ck/work/jdk/jdk1.6.0_45/jre/lib/amd64/libnio.so
      7fe05126e000-7fe051281000 r-xp 00000000 00:20 188824 /tank/ck/work/jdk/jdk1.6.0_45/jre/lib/amd64/libnet.so
      7fe051281000-7fe051382000 ---p 00013000 00:20 188824 /tank/ck/work/jdk/jdk1.6.0_45/jre/lib/amd64/libnet.so
      7fe051382000-7fe051385000 rwxp 00014000 00:20 188824 /tank/ck/work/jdk/jdk1.6.0_45/jre/lib/amd64/libnet.so
      7fe051385000-7fe051388000 ---p 00000000 00:00 0
      7fe051388000-7fe051486000 rwxp 00000000 00:00 0
      7fe051486000-7fe05151a000 r-xp 00000000 00:20 188833 /tank/ck/work/jdk/jdk1.6.0_45/jre/lib/amd64/libfontmanager.so
      7fe05151a000-7fe05161a000 ---p 00094000 00:20 188833 /tank/ck/work/jdk/jdk1.6.0_45/jre/lib/amd64/libfontmanager.so
      7fe05161a000-7fe051633000 rwxp 00094000 00:20 188833 /tank/ck/work/jdk/jdk1.6.0_45/jre/lib/amd64/libfontmanager.so
      7fe051633000-7fe051644000 rwxp 00000000 00:00 0
      7fe051644000-7fe051646000 r-xp 00000000 08:a2 197701 /usr/lib64/libXau.so.6.0.0
      7fe051646000-7fe051846000 ---p 00002000 08:a2 197701 /usr/lib64/libXau.so.6.0.0
      7fe051


      ( This report has more than 16,000 characters and has been truncated. )

        Attachments

          Activity

            People

            • Assignee:
              bae Andrew Brygin
              Reporter:
              webbuggrp Webbug Group
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: