Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8189159

HTMLEditor inside FXCanvas crashes JVM

    Details

    • Subcomponent:
      web
    • CPU:
      x86_64
    • OS:
      linux

      Description

      FULL PRODUCT VERSION :
      1.8.0_152
      1.8.0_144
      1.8.0_121

      ADDITIONAL OS VERSION INFORMATION :
      Ubuntu 16.04.3 LTS (Linux 4.4.0-87-generic #110-Ubuntu SMP x86_64 x86_64 x86_64 GNU/Linux)
      Red Hat 6
      Red Hat 7

      A DESCRIPTION OF THE PROBLEM :
      We are developing a (Eclipse 3)-SWT Application, where we use FXCanvas to embedd a JavaFX HTMLEditor. We are experiencing JVM crashes and after debugging we found out that they are related to the HTMLEditor:

      The HTMLEditor constructs a toolbar and makes native calls to the WebKit libraries. There it queries
      if certain actions (e.g. cut, copy) are enabled. For some reason due to timing issues, the native
      call sometimes crash (see actual result).

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      1) Create a SWT Java Application (see source code)
      2) add swt.jar to the class path (http://download.eclipse.org/eclipse/downloads/)
      3) add jfxswt.jar from the jre to the class path
      4) Run Application

      The provided source code is not the only way to run into this bug, however it's the only way to reproduce it in a simple reliable way. In fact, in our application we are only embedding ONE HTMLEditor instance and it crashes.

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      Dialog appears and shows 5 HTMLEditor Instances, in a vertical layout
      ACTUAL -
      JVM Crashes

      ERROR MESSAGES/STACK TRACES THAT OCCUR :
      pure virtual method called
      terminate called without an active exception

      ------------------------

      Debugging the core Dump Shows the following Backtrace:
      [Thread debugging using libthread_db enabled]
      Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
      Core was generated by `/home/dominic/programs/jdk/jre1.8.0_152/bin/java -Dfile.encoding=ANSI_X3.4-1968'.
      Program terminated with signal SIGABRT, Aborted.
      #0 0x00007f83158cb428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
      54 ../sysdeps/unix/sysv/linux/raise.c: Datei oder Verzeichnis nicht gefunden.
      [Current thread is 1 (Thread 0x7f8316488700 (LWP 18481))]
      (gdb) bt
      #0 0x00007f83158cb428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
      #1 0x00007f83158cd02a in __GI_abort () at abort.c:89
      #2 0x00007f83151ee4b5 in os::abort(bool) () from /home/dominic/programs/jdk/jre1.8.0_152/lib/amd64/server/libjvm.so
      #3 0x00007f831538c4b3 in VMError::report_and_die() () from /home/dominic/programs/jdk/jre1.8.0_152/lib/amd64/server/libjvm.so
      #4 0x00007f83151f43ff in JVM_handle_linux_signal () from /home/dominic/programs/jdk/jre1.8.0_152/lib/amd64/server/libjvm.so
      #5 0x00007f83151ea483 in signalHandler(int, siginfo*, void*) () from /home/dominic/programs/jdk/jre1.8.0_152/lib/amd64/server/libjvm.so
      #6 <signal handler called>
      #7 0x0000000000000000 in ?? ()
      #8 0x00007f82961700d2 in WebCore::Editor::dispatchCPPEvent(WTF::AtomicString const&, WebCore::DataTransferAccessPolicy) ()
         from /home/dominic/programs/jdk/jre1.8.0_152/lib/amd64/libjfxwebkit.so
      #9 0x00007f82961701f7 in WebCore::Editor::canDHTMLCopy() () from /home/dominic/programs/jdk/jre1.8.0_152/lib/amd64/libjfxwebkit.so
      #10 0x00007f829617e490 in WebCore::enabledCopy(WebCore::Frame&, WebCore::Event*, WebCore::EditorCommandSource) ()
         from /home/dominic/programs/jdk/jre1.8.0_152/lib/amd64/libjfxwebkit.so
      #11 0x00007f8296aeee28 in Java_com_sun_webkit_WebPage_twkQueryCommandEnabled () from /home/dominic/programs/jdk/jre1.8.0_152/lib/amd64/libjfxwebkit.so
      #12 0x00007f8300390774 in ?? ()
      #13 0x00007f8316482188 in ?? ()
      #14 0x00007f83003807d0 in ?? ()
      #15 0x00007f83003807d0 in ?? ()
      #16 0x000000076f044fa0 in ?? ()
      #17 0x000000076f1020d8 in ?? ()
      #18 0x00007f8316482148 in ?? ()
      #19 0x0000000000000000 in ?? ()


      REPRODUCIBILITY :
      This bug can be reproduced always.

      ---------- BEGIN SOURCE ----------
      import org.eclipse.swt.SWT;
      import org.eclipse.swt.layout.FillLayout;
      import org.eclipse.swt.widgets.Display;
      import org.eclipse.swt.widgets.Shell;

      import javafx.embed.swt.FXCanvas;
      import javafx.scene.Scene;
      import javafx.scene.layout.VBox;
      import javafx.scene.web.HTMLEditor;

      public class HTMLEditorCrash {
      public static void main(String[] args) {
      // Create SWT Shell
      Shell shell = new Shell(new Display());
      shell.setLayout(new FillLayout());

      // Create FXCanvas with scene
      new FXCanvas(shell, SWT.NONE).setScene(createScene());

      // Open Shell
      shell.open();
      while (!shell.isDisposed()) {
      if (!shell.getDisplay()
      .readAndDispatch()) {
      shell.getDisplay()
      .sleep();
      }
      }
      shell.getDisplay()
      .dispose();
      }

      public static Scene createScene() {
      VBox box = new VBox();

      // Crashes the VM
      box.getChildren()
      .add(new HTMLEditor());
      box.getChildren()
      .add(new HTMLEditor());
      box.getChildren()
      .add(new HTMLEditor());
      box.getChildren()
      .add(new HTMLEditor());
      box.getChildren()
      .add(new HTMLEditor());

      return new Scene(box, 500, 500);
      }
      }

      ---------- END SOURCE ----------

      CUSTOMER SUBMITTED WORKAROUND :
      Instead of adding the HTMLEditor directly:
      box.getChildren() .add(new HTMLEditor());

      Do the following:
      HTMLEditor editor = new HTMLEditor();
      Platform.runLater(() -> box.getChildren().add(editor));

      Explaination:
      new HTMLEditor() will implicitly create an instance of HTMLEditorSkin. This will execute the HTMLEditorSkin constructor, which will call HTMLEditorSkin::enableToolbar(true) (HTMLEditorSkin.java:452).
      Adding the HTMLEditor instance to box.getChildren() will trigger the layout method, which results in calling HTMLEditorSkin::populateToolbars().
      This is where the timing issues occur. There are two possibilities:
      1) if populateToolbars is called before enableToolbar, the enableToolBar method will call HTMLEditorSkin::isCommandEnabled(...) which will call WebPage, resulting in calls of WebKit C Libraries.
      2) if enableToolbar is called before populateToolbars, the command enablement will not be checked due to a garding condition (HTMLEditorSkin.java:1000).

      The provided workaround leads to always calling enableToolbar at first, hence the erorr does not appear.


        Attachments

        1. hs_err_pid26951.log
          127 kB
        2. hs_err_pid6544.log
          97 kB
        3. HtmlEditor.png
          HtmlEditor.png
          138 kB
        4. HTMLEditorCrash.java
          1 kB
        5. swt.jar
          1.87 MB
        6. swt-win64-3.6.2.jar
          1.68 MB

          Issue Links

            Activity

              People

              • Assignee:
                ghb Guru Hb
                Reporter:
                webbuggrp Webbug Group
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: