DisabledCalendarIcon uses dangerous ColorConvertOp (JVM crash)
atijms Apr 21, 2010 8:27 AMDisabledCalendarIcon.java in at least RichFaces 3.3.1, 3.3.2 and the latest 3.3.3 uses the dangerous ColorConvertOp class, which is known for its ability to crash a JVM. It concerns this code fragment:
protected BufferedImage paintImage(Object[] colors) { BufferedImage image = super.paintImage(colors); image = new ColorConvertOp(ColorSpace.getInstance(ColorSpace.CS_GRAY), null).filter(image, null); return image; }
On some machines, but not all, a call to e.g. http://localhost:8080/a4j/g/3_3_1.GAorg.richfaces.renderkit.html.iconimages.DisabledCalendarIcon/DATB/eAF79eoVw6znAA!XBEA_.jsf immediately and 100% reproducible crashes the JVM:
# # A fatal error has been detected by the Java Runtime Environment: # # SIGSEGV (0xb) at pc=0x00007ff73ad5f628, pid=3035, tid=1194969424 # # JRE version: 6.0_18-b07 # Java VM: Java HotSpot(TM) 64-Bit Server VM (16.0-b13 mixed mode linux-amd64 compressed oops) # Problematic frame: # C [libpthread.so.0+0x7628] pthread_join+0x28 # # If you would like to submit a bug report, please visit: # http://java.sun.com/webapps/bugreport/crash.jsp # The crash happened outside the Java Virtual Machine in native code. # See problematic frame for where to report the bug. # --------------- T H R E A D --------------- Current thread (0x00007ff70ef30800): JavaThread "ajp-0.0.0.0-8009-6" daemon [_thread_in_native, id=3183, stack(0x000000004729c000,0x000000004739d000)] siginfo:si_signo=SIGSEGV: si_errno=0, si_code=1 (SEGV_MAPERR), si_addr=0x000000004b59f9e0 Registers: RAX=0x0000000000000000, RBX=0x000000004b59f950, RCX=0x0000000000000003, RDX=0x0000000000000001 RSP=0x0000000047398640, RBP=0x0000000000000001, RSI=0x00000000473986a0, RDI=0x000000004b59f950 R8 =0x00007ff704c9f380, R9 =0x0000000000000ce8, R10=0x0000000000000000, R11=0x0000000000000202 R12=0x0000000000000000, R13=0x0000000047398710, R14=0x000000004b59f950, R15=0x00000000473986a0 RIP=0x00007ff73ad5f628, EFL=0x0000000000010202, CSGSFS=0x415300000000e033, ERR=0x0000000000000004 TRAPNO=0x000000000000000e Top of Stack: (sp=0x0000000047398640) 0x0000000047398640: 00007ff73ad5f5e0 000000004b59fd38 0x0000000047398650: 00000000473986a8 0000000000000000 0x0000000047398660: 0000000000000002 0000000000000001 0x0000000047398670: 0000000000000001 0000000000000000 0x0000000047398680: 0000000047398710 000000004b59f950 0x0000000047398690: 0000000047398710 00007ff709c4ba20 0x00000000473986a0: 0000000000000001 0000000000000003 0x00000000473986b0: 0000000000000000 0000000000000003 0x00000000473986c0: 0000000000000000 0000000000000004 0x00000000473986d0: 0000000000000001 00007ff709c10b3a 0x00000000473986e0: 00000000473986f8 0000000000000000 0x00000000473986f0: 00000000efc90f60 00000000efc91160 0x0000000047398700: 00000000efc7a6f0 00000000efc7aaf0 0x0000000047398710: 000000004b59f950 000000004f5a0950 0x0000000047398720: 00000000535a1950 0000000000000000 0x0000000047398730: 0000000047399310 00007ff709c205e0 0x0000000047398740: 0000000000000001 0000000047399050 0x0000000047398750: 0000000000000107 0000200000002000 0x0000000047398760: 0000000000002000 0000000000000000 0x0000000047398770: 0000000000000001 0000000300000000 0x0000000047398780: 0000000200000008 0000000300000003 0x0000000047398790: 0000001000000004 00000000efc7a7f2 0x00000000473987a0: 00000000efc7a7f1 00000000efc7a7f0 0x00000000473987b0: 0000000000000000 0000000000000000 0x00000000473987c0: 0000000000000000 0000000000000000 0x00000000473987d0: 0000000000000000 00000000efc90fe0 0x00000000473987e0: 0000000000000000 0000000000000000 0x00000000473987f0: 0000000000000000 0000000000000000 0x0000000047398800: 0000000000000000 0000000000000000 0x0000000047398810: 0000000000000000 0000000400000004 0x0000000047398820: 0000000000000004 0000000000000000 0x0000000047398830: 0000000000000000 0000004000000040 Instructions: (pc=0x00007ff73ad5f628) 0x00007ff73ad5f618: 89 f7 4c 89 6c 24 e8 4c 89 74 24 f0 48 83 ec 58 0x00007ff73ad5f628: 8b 87 90 00 00 00 bd 03 00 00 00 85 c0 0f 88 9f Stack: [0x000000004729c000,0x000000004739d000], sp=0x0000000047398640, free space=3f10000000000000018k Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code) C [libpthread.so.0+0x7628] pthread_join+0x28 Java frames: (J=compiled Java code, j=interpreted, Vv=VM code) j sun.awt.color.CMM.cmmColorConvert(JLsun/awt/color/CMMImageLayout;Lsun/awt/color/CMMImageLayout;)I+0 j sun.awt.color.ICC_Transform.colorConvert(Ljava/awt/image/BufferedImage;Ljava/awt/image/BufferedImage;)V+34 j java.awt.image.ColorConvertOp.ICCBIFilter(Ljava/awt/image/BufferedImage;Ljava/awt/color/ColorSpace;Ljava/awt/image/BufferedImage;Ljava/awt/color/ColorSpace;)Ljava/awt/image/BufferedImage;+228 j java.awt.image.ColorConvertOp.filter(Ljava/awt/image/BufferedImage;Ljava/awt/image/BufferedImage;)Ljava/awt/image/BufferedImage;+126 j org.richfaces.renderkit.html.iconimages.DisabledCalendarIcon.paintImage([Ljava/lang/Object;)Ljava/awt/image/BufferedImage;+22 j org.richfaces.renderkit.html.iconimages.CalendarIcon.paint(Lorg/ajax4jsf/resource/ResourceContext;Ljava/awt/Graphics2D;)V+25 j org.ajax4jsf.resource.Java2Dresource.getImage(Lorg/ajax4jsf/resource/ResourceContext;)Ljava/awt/image/RenderedImage;+61 j org.ajax4jsf.resource.Java2Dresource.send(Lorg/ajax4jsf/resource/ResourceContext;)V+11 j org.ajax4jsf.resource.ResourceLifecycle.sendResource(Lorg/ajax4jsf/resource/ResourceContext;Lorg/ajax4jsf/resource/InternetResource;)V+9 j org.ajax4jsf.resource.ResourceLifecycle.send(Lorg/ajax4jsf/resource/ResourceContext;Lorg/ajax4jsf/resource/InternetResource;)V+234 j org.ajax4jsf.resource.InternetResourceService.load(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;+21 j org.ajax4jsf.cache.LRUMapCache.load(Ljava/lang/Object;Ljava/lang/Object;)V+8 j org.ajax4jsf.cache.LRUMapCache.get(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;+111 j org.ajax4jsf.resource.InternetResourceService.serviceResource(Ljava/lang/String;Ljavax/servlet/http/HttpServletRequest;Ljavax/servlet/http/HttpServletResponse;)V+184 j org.ajax4jsf.resource.InternetResourceService.serviceResource(Ljavax/servlet/http/HttpServletRequest;Ljavax/servlet/http/HttpServletResponse;)Z+18 j org.ajax4jsf.webapp.BaseFilter.doFilter(Ljavax/servlet/ServletRequest;Ljavax/servlet/ServletResponse;Ljavax/servlet/FilterChain;)V+281 j org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Ljavax/servlet/ServletRequest;Ljavax/servlet/ServletResponse;)V+119 j org.apache.catalina.core.ApplicationFilterChain.doFilter(Ljavax/servlet/ServletRequest;Ljavax/servlet/ServletResponse;)V+101
See Oracle bugs: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6511593 and http://forums.sun.com/thread.jspa?threadID=5308704
And this discussion on the Oracle forum: http://forums.sun.com/thread.jspa?threadID=5308704
Maybe it's better not to use this method?