Bug 86745

Summary: Possible exception/segfault in jurt jpipe.dll under Windows with pipe connection
Product: LibreOffice Reporter: Juergen Funk <juergen.funk_ml>
Component: sdkAssignee: Juergen Funk <juergen.funk_ml>
Status: ASSIGNED --- QA Contact:
Severity: normal    
Priority: medium CC: sbergman, serval2412
Version: 4.5.0.0.alpha0+ Master   
Hardware: x86 (IA32)   
OS: Windows (All)   
Whiteboard: target:4.5.0
i915 platform: i915 features:
Attachments: Test this exception with this JAVA Class

Description Juergen Funk 2014-11-26 15:34:18 UTC 
Created attachment 110072 [details]
Test this exception with this JAVA Class

On Windows when you start a java-uno-connection via pipe then on some machines you can get the following exception/segfault in the jpipe.dll. 

Detailed Description (sorry for the German UI language settings):
Problemereignisname:	APPCRASH
  Anwendungsname:	javaw.exe
  Anwendungsversion:	7.0.110.21
  Anwendungszeitstempel:	50f13a25
  Fehlermodulname:	jpipe.dll
  Fehlermodulversion:	4.2.5.2
  Fehlermodulzeitstempel:	53bc1d00
  Ausnahmecode:	c00000fd
  Ausnahmeoffset:	000011c7
  Betriebsystemversion:	6.1.7601.2.1.0.256.48
  Gebietsschema-ID:	1031
  Zusatzinformation 1:	022d
  Zusatzinformation 2:	022d20d2f136501747c7b284fa79af41
  Zusatzinformation 3:	171f
  Zusatzinformation 4:	171fb495ef00f99cffbb09f85224e710

The problem is reprocible with LO 4.2.5 and current master.

How to reproduce:

- Download http://wollmux.googlecode.com/files/wollmux-config-de-utf8-11.11a.tar.gz and extracting in your home-dir e.g. C:\Users\<user-name>
- Copy the WollMuxBar.jar in your preferred directory
- Start with:
"c:\Program Files (x86)\Java\jdk1.7.0_67/bin\java.exe" -cp "WollMuxBar.jar;<Your-Path>\lo-core\instdir\URE\java\juh.jar;<Your-Path>\lo-core\instdir\program\classes\unoil.jar" de.muenchen.allg.itd51.wollmux.dialog.WollMuxBar
- Sometimes now the segfault appears

When the bar appears you are a lucky guy, but you were not able to reproduce the bug - it is a sporadic bug.



Analysis result / solution:

In the jpipe.dll DLLMain there's a call to the WinApi's LoadLibraryExW function and that is not allowed. Please see http://msdn.microsoft.com/en-us/library/windows/desktop/ms682583(v=vs.85).aspx in the Remarks section. It is clearly mentioned there, that the behaviour for such usage is not defined and risky.
Comment 1 Julien Nabet 2014-11-26 21:22:24 UTC 
Here's some code pointer I suppose:
http://opengrok.libreoffice.org/xref/core/jurt/source/pipe/wrapper/wrapper.c#44

Stephan: one for you?
Comment 2 Stephan Bergmann 2014-11-27 08:05:58 UTC 
Yes, I faintly remember that the DllMain restrictions were well known when the code was originally written, but it was considered "appears to work anyway."

But should be possible to move the code from DllMain into getFunction.  Jürgen, do you want to work on that?
Comment 3 Juergen Funk 2014-11-27 10:47:16 UTC 
- Remove the LoadLibrary from DLLMain (from windows not recommended) 
- Set function-ptr variable (faster) 
- Improve the comment why we need two dll's (jpipe.dll and jpipx.dll)

gerrit: https://gerrit.libreoffice.org/#/c/13148/
Comment 4 Juergen Funk 2014-11-28 13:27:57 UTC 
In Patch set 2
i have remove the function pointer
gerrit: see Comment 2
Comment 5 Commit Notification 2014-12-05 13:19:02 UTC 
Juergen Funk committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=b21f2439ad2681f906c63c2192ef141d9abb9e37

fdo#86745 - Possible exception/segfault in jurt jpipe.dll under Windows ...

It will be available in 4.5.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.