[NEW BUG]: Sending a SysexMessage starting with 0xF7 leads to JVM crash

Alec Su ae40515 at yahoo.com.tw
Thu Oct 12 09:36:37 UTC 2023 

Hi,

I've encountered a bug when sending MIDI SysexMessage. SysexMessage
allows splitting a sysex message into multiple SysexMessage. The first
SysexMessage will start with 0xF0. Other continuing  SysexMessage will
start with 0xF7. A SysexMessage starting with 0xF0 can be send by
javax.sound.midi.Receiver normally. However, attempting to send a
SysexMessage starting with 0xF7 results in a JVM crash.

The code below is a example. It sends a dummy sysex message (F0 7D 01 02
03 04 05 06 F7) separately to all MIDI output devices. It requires at
least one MIDI output device provided by OS, such as "Microsoft GS
Wavetable Synth" in Windows or the "snd_virmidi" kernel module in Linux.


import javax.sound.midi.*;

public class SysexTest {
    public static void main(String[] args) {
        var deviceInfos = MidiSystem.getMidiDeviceInfo();
        for (var info : deviceInfos) {
            try (MidiDevice device = MidiSystem.getMidiDevice(info)) {
                if (device.getMaxReceivers() != 0) {
                    System.out.println("Open MIDI port: " + info.getName());
                    device.open();
                    Receiver receiver = device.getReceiver();
                    try {
                        // Send (F0 7D 01 02), (03 04), (05 06 F7) separately
                        receiver.send(new SysexMessage(new byte[]{(byte) 0xF0, 0x7D, 0x01, 0x02}, 4), -1);
                        receiver.send(new SysexMessage(new byte[]{(byte) 0xF7, 0x03, 0x04}, 3), -1);
                        receiver.send(new SysexMessage(new byte[]{(byte) 0xF7, 0x05, 0x06, (byte) 0xF7}, 4), -1);
                        System.out.println("All SysexMessage sent");
                    } catch (InvalidMidiDataException e) {
                        e.printStackTrace();
                    }
                }
            } catch (MidiUnavailableException e) {
                e.printStackTrace();
            }
        }
    }
}


The main reason to cause the bug is that a pointer increased in
https://github.com/openjdk/jdk/blob/dc4bc4f0844b768e83406f44f2a9ee50686b1d9d/src/java.desktop/share/native/libjsound/MidiOutDevice.c#L137

After that, it attempted to release the modified pointer in
https://github.com/openjdk/jdk/blob/dc4bc4f0844b768e83406f44f2a9ee50686b1d9d/src/java.desktop/share/native/libjsound/MidiOutDevice.c#L143

I've created a patch to fix the bug and I'm planning to open a pull request.
However, the bug is not yet reported on JDK Bug System. I need a sponsor
to help me create the issue.

The patch I made is here:
https://github.com/AlecJY/jdk/commit/785c0c6ed7ebafaf50d424cfbca97cfc8a7467da

This is my first time to contribute to OpenJDK. Please let me know if
I've missed any essential steps. Thank you.

Sincerely,
Alec

More information about the client-libs-dev mailing list