Closed Bug 1031210 Opened 10 years ago Closed 7 years ago

Crash - java.lang.StringIndexOutOfBoundsException: length=146; regionStart=0; regionLength=150 at org.mozilla.gecko.mozglue.GeckoLoader.nativeRun(Native Method) when starting Gecko with a URL like http://www.iciba.com/德国

Categories

(Firefox for Android Graveyard :: General, defect, P5)

30 Branch
ARM
Android
defect

Tracking

(firefox30 wontfix, firefox31 wontfix, firefox32 wontfix, firefox33 wontfix, firefox36 wontfix, firefox37 wontfix, firefox38 wontfix, firefox39 wontfix, fennec+, firefox52 verified, firefox-esr52 fixed, firefox53 verified, firefox54 verified)

RESOLVED FIXED
Firefox 54
Tracking Status
firefox30 --- wontfix
firefox31 --- wontfix
firefox32 --- wontfix
firefox33 --- wontfix
firefox36 --- wontfix
firefox37 --- wontfix
firefox38 --- wontfix
firefox39 --- wontfix
fennec + ---
firefox52 --- verified
firefox-esr52 --- fixed
firefox53 --- verified
firefox54 --- verified

People

(Reporter: victor, Assigned: mkaply)

References

Details

(Keywords: crash, reproducible)

Crash Data

Attachments

(2 files)

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0 (Beta/Release)
Build ID: 20140605174243

Steps to reproduce:

From my chinese dictionary app (Hanping) I click on a link to open an URL in a website (shortcut to query a word search in an online dictionary), then choose to open with Firefox browser. If firefox was not previously running (after a phone reboot, or after killing firefox app) it makes firefox crash.


Actual results:

Firefox crash (black screen for 1 second).


Expected results:

Firefox should have open the requested website looking for the URL specified by the other app (dictionary app in my case).
OS: Windows 7 → Android
Hardware: x86_64 → ARM
Here is the error log :

06-27 15:36:47.299: I/PackageManager(749):   Action: "android.intent.action.VIEW"
06-27 15:36:47.299: I/PackageManager(749):   Category: "android.intent.category.DEFAULT"
06-27 15:36:47.299: I/PackageManager(749):   Scheme: "http"
06-27 15:36:47.299: I/PackageManager(749): Adding preferred activity ComponentInfo{org.mozilla.firefox/org.mozilla.firefox.App} for user 0 :
06-27 15:36:47.319: I/ActivityManager(749): START u0 {act=android.intent.action.VIEW dat=http://www.iciba.com/德国 flg=0x3000000 cmp=org.mozilla.firefox/.App} from pid 20432
06-27 15:36:47.459: W/GeckoProfile(21704): Requested profile directory missing.
06-27 15:36:47.489: D/GeckoScreenOrientation(21704): updating to new orientation PORTRAIT_PRIMARY
06-27 15:36:47.599: D/GeckoLocales(21704): Calling setContextGetter: org.mozilla.firefox.App@42c1f0d0
06-27 15:36:47.609: D/GeckoSessInfo(21704): Building SessionInformation from prefs: 1403854568297, 0, false, false
06-27 15:36:47.609: D/GeckoProfile(21704): Found profile dir.
06-27 15:36:47.609: I/GeckoApp(21704): Creating HealthRecorder.
06-27 15:36:47.609: D/GeckoApp(21704): OS locale is en_GB, app locale is null
06-27 15:36:47.609: D/GeckoHealthRec(21704): Initializing. Dispatcher is org.mozilla.gecko.EventDispatcher@42c022e0
06-27 15:36:47.609: D/GeckoHealthRec(21704): Initializing profile cache.
06-27 15:36:47.609: D/GeckoHardwareUtils(21704): System memory: 1855MB.
06-27 15:36:47.609: I/GeckoAnnounce(21704): firefox :: GeckoProfileInfo :: Restoring ProfileInformationCache from file.
06-27 15:36:47.619: D/GeckoHealthRec(21704): Successfully restored state. Initializing storage.
06-27 15:36:47.619: D/GeckoHealthRec(21704): Done initializing profile cache. Beginning storage init.
06-27 15:36:47.629: I/GeckoAnnounce(21704): firefox :: HealthReportStorage :: Initializing measurement org.mozilla.appSessions to 4 (current 4)
06-27 15:36:47.629: I/GeckoAnnounce(21704): firefox :: HealthReportStorage :: Measurement org.mozilla.appSessions already at v4
06-27 15:36:47.629: I/GeckoAnnounce(21704): firefox :: HealthReportStorage :: Initializing measurement org.mozilla.searches.counts to 5 (current 5)
06-27 15:36:47.629: I/GeckoAnnounce(21704): firefox :: HealthReportStorage :: Measurement org.mozilla.searches.counts already at v5
06-27 15:36:47.629: D/GeckoHealthRec(21704): Ensuring environment.
06-27 15:36:47.629: W/GeckoEventDispatcher(21704): unregisterEventListener: event 'Prompt:ShowTop' has no listeners
06-27 15:36:47.639: D/GeckoHealthRec(21704): Finishing init.
06-27 15:36:47.639: D/GeckoHealthRec(21704): Checking for orphan session.
06-27 15:36:47.659: D/GeckoApp(21704): onConfigurationChanged: en_GB
06-27 15:36:47.659: V/GeckoHealthRec(21704): Recorded session entry for env 1, current is 1
06-27 15:36:47.659: D/GeckoSessInfo(21704): Recording start of session: 1403854607641
06-27 15:36:47.739: D/OpenGLRenderer(21704): Enabling debug mode 0
06-27 15:36:47.749: W/GeckoGLController(21704): GLController::serverSurfaceChanged(1080, 1701)
06-27 15:36:47.889: W/ActivityThread(21704): ClassLoader.loadClass: The class loader returned by Thread.getContextClassLoader() may fail for processes that host multiple applications. You should explicitly specify a context class loader. For example: Thread.setContextClassLoader(getClass().getClassLoader());
06-27 15:36:47.899: I/GeckoAxis(21704): Prefs: 0.85,0.97,10.0,0.1,0.04,0.3,0.5
06-27 15:36:47.899: I/ActivityManager(749): Displayed org.mozilla.firefox/.App: +479ms
06-27 15:36:47.909: D/GeckoLoader(21704): Gecko environment env0: null
06-27 15:36:47.919: E/GeckoLibLoad(21704): Load sqlite start
06-27 15:36:47.919: E/GeckoLinker(21704): /data/app/org.mozilla.firefox-1.apk!/assets/libnss3.so: Warning: unhandled flags #8 not handled
06-27 15:36:47.919: W/GeckoGLController(21704): GLController::updateCompositor with mCompositorCreated=false
06-27 15:36:47.919: W/GeckoGLController(21704): done GLController::updateCompositor
06-27 15:36:47.949: E/GeckoLibLoad(21704): Load sqlite done
06-27 15:36:47.949: E/GeckoLibLoad(21704): Load nss start
06-27 15:36:47.949: E/GeckoLibLoad(21704): Load nss done
06-27 15:36:47.949: E/GeckoLinker(21704): /data/app/org.mozilla.firefox-1.apk!/assets/libxul.so: Warning: unhandled flags #8 not handled
06-27 15:36:47.949: E/GeckoLinker(21704): /data/app/org.mozilla.firefox-1.apk!/assets/libmozalloc.so: Warning: unhandled flags #8 not handled
06-27 15:36:47.969: E/GeckoLinker(21704): /data/app/org.mozilla.firefox-1.apk!/assets/libxul.so: Warning: relocation to NULL @0x016c42e8
06-27 15:36:47.969: E/GeckoLinker(21704): /data/app/org.mozilla.firefox-1.apk!/assets/libxul.so: Warning: relocation to NULL @0x016c5410 for symbol "__cxa_begin_cleanup"
06-27 15:36:47.969: E/GeckoLinker(21704): /data/app/org.mozilla.firefox-1.apk!/assets/libxul.so: Warning: relocation to NULL @0x016c5414 for symbol "__cxa_type_match"
06-27 15:36:48.009: W/GeckoGLController(21704): GLController::serverSurfaceChanged(1080, 1557)
06-27 15:36:48.039: D/GeckoToolbar(21704): onTabChanged: SELECTED
06-27 15:36:48.049: D/GeckoToolbarDisplayLayout(21704): updateFavicon(null)
06-27 15:36:48.049: I/GeckoToolbarDisplayLayout(21704): zerdatime 14675543 - Throbber start
06-27 15:36:48.049: D/GeckoBrowserApp(21704): BrowserApp.onTabChanged: 0: SELECTED
06-27 15:36:48.049: D/GeckoToolbar(21704): onTabChanged: RESTORED
06-27 15:36:48.049: W/GeckoGLController(21704): GLController::updateCompositor with mCompositorCreated=false
06-27 15:36:48.049: W/GeckoGLController(21704): done GLController::updateCompositor
06-27 15:36:48.099: E/GeckoLibLoad(21704): Loaded libs in 151ms total, 50ms(120ms) user, 30ms(40ms) system, 0(0) faults
06-27 15:36:48.099: W/GeckoThread(21704): zerdatime 14675597 - runGecko
06-27 15:36:48.099: I/GeckoThread(21704): RunGecko - args =  -P default
06-27 15:36:48.109: D/GeckoAppShell(21704): GeckoLoader.nativeRun /data/app/org.mozilla.firefox-1.apk -greomni /data/app/org.mozilla.firefox-1.apk  -P default -url http://www.iciba.com/德国 -width 1080 -height 1776
06-27 15:36:48.109: E/Profiler(21704): BEGIN mozilla_sampler_init
06-27 15:36:48.109: E/Profiler(21704): BPUnw: [1 total] thread_register_for_profiling(me=0x77f3f008, stacktop=0x78c61972)
06-27 15:36:48.109: E/Profiler(21704): SPS:
06-27 15:36:48.109: E/Profiler(21704): SPS: Unwind mode       = pseudo
06-27 15:36:48.109: E/Profiler(21704): SPS: Sampling interval = 0 ms (zero means "platform default")
06-27 15:36:48.109: E/Profiler(21704): SPS: Entry store size  = 0 (zero means "platform default")
06-27 15:36:48.109: E/Profiler(21704): SPS: UnwindStackScan   = 0 (max dubious frames per unwind).
06-27 15:36:48.109: E/Profiler(21704): SPS: Use env var MOZ_PROFILER_MODE=help for further information.
06-27 15:36:48.109: E/Profiler(21704): SPS:
06-27 15:36:48.109: E/Profiler(21704): Registering start signal
06-27 15:36:48.119: E/Profiler(21704): BPUnw: [2 total] thread_register_for_profiling(me=0x74eccc80, stacktop=0x7e772caf)
06-27 15:36:48.139: E/GeckoConsole(21704): Could not read chrome manifest 'file:///data/data/org.mozilla.firefox/chrome.manifest'.
06-27 15:36:48.139: I/Gecko:MemoryInfoDumper(21704): Fifo watcher disabled via pref.
06-27 15:36:48.319: E/Profiler(21704): BPUnw: [1 total] thread_unregister_for_profiling(me=0x74eccc80) 
06-27 15:36:48.319: I/fennec(21704): XRE_main returned 1
06-27 15:36:48.319: E/GeckoAppShell(21704): >>> REPORTING UNCAUGHT EXCEPTION FROM THREAD 929 ("Gecko")
06-27 15:36:48.319: E/GeckoAppShell(21704): java.lang.StringIndexOutOfBoundsException: length=146; regionStart=0; regionLength=150
06-27 15:36:48.319: E/GeckoAppShell(21704): at org.mozilla.gecko.mozglue.GeckoLoader.nativeRun(Native Method)
06-27 15:36:48.319: E/GeckoAppShell(21704): at org.mozilla.gecko.GeckoAppShell.runGecko(GeckoAppShell.java:346)
06-27 15:36:48.319: E/GeckoAppShell(21704): at org.mozilla.gecko.GeckoThread.run(GeckoThread.java:178)
06-27 15:36:48.319: E/GeckoAppShell(21704): Main thread stack:
06-27 15:36:48.319: E/GeckoAppShell(21704): android.os.MessageQueue.nativePollOnce(Native Method)
06-27 15:36:48.319: E/GeckoAppShell(21704): android.os.MessageQueue.next(MessageQueue.java:138)
06-27 15:36:48.319: E/GeckoAppShell(21704): android.os.Looper.loop(Looper.java:123)
06-27 15:36:48.319: E/GeckoAppShell(21704): android.app.ActivityThread.main(ActivityThread.java:5001)
06-27 15:36:48.319: E/GeckoAppShell(21704): java.lang.reflect.Method.invokeNative(Native Method)
06-27 15:36:48.319: E/GeckoAppShell(21704): java.lang.reflect.Method.invoke(Method.java:515)
06-27 15:36:48.319: E/GeckoAppShell(21704): com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:785)
06-27 15:36:48.319: E/GeckoAppShell(21704): com.android.internal.os.ZygoteInit.main(ZygoteInit.java:601)
06-27 15:36:48.319: E/Gecko(21704): mozalloc_abort: Redirecting call to abort() to mozalloc_abort
06-27 15:36:48.319: A/libc(21704): Fatal signal 11 (SIGSEGV) at 0x00000000 (code=1), thread 21797 (Gecko)
Thanks for the report. The key here is the URL fed to Gecko: 

GeckoLoader.nativeRun /data/app/org.mozilla.firefox-1.apk -greomni /data/app/org.mozilla.firefox-1.apk  -P default -url http://www.iciba.com/德国 -width 1080 -height 1776

This crashes the browser:

adb shell am start -a android.intent.action.VIEW -n org.mozilla.fennec/.App -d "http://www.iciba.com/德国"
Severity: normal → critical
Status: UNCONFIRMED → NEW
tracking-fennec: --- → ?
Ever confirmed: true
Keywords: crash
Summary: Launching firefox (when not running) from another app make it crash → Crash - java.lang.StringIndexOutOfBoundsException: length=146; regionStart=0; regionLength=150 at org.mozilla.gecko.mozglue.GeckoLoader.nativeRun(Native Method) when starting Gecko with a URL like http://www.iciba.com/德国
Keywords: reproducible
Simplified just by launching Gecko with a UTF-8 Unicode character, e.g, org.mozilla.fennec/.App -d א
Assignee: nobody → snorp
tracking-fennec: ? → +
Status: NEW → ASSIGNED
filter on [mass-p5]
Priority: -- → P5
"crashed when opened a Google plus page"

Great, so no users affected by that. *rimshot*
Crash Signature: [java.lang.StringIndexOutOfBoundsException: length=165; regionStart=0; regionLength=167 at org.mozilla.gecko.mozglue.GeckoLoader.nativeRun(Native Method)]
  // XXX: java doesn't give us true UTF8, we should figure out something
  // better to do here
  int len = jenv->GetStringUTFLength(jargs);
  // GeckoStart needs to write in the args buffer, so we need a copy.
  char *args = (char *) malloc(len + 1);
  jenv->GetStringUTFRegion(jargs, 0, len, args);


That looks pretty suspect.
Crash Signature: [java.lang.StringIndexOutOfBoundsException: length=165; regionStart=0; regionLength=167 at org.mozilla.gecko.mozglue.GeckoLoader.nativeRun(Native Method)] → [@ java.lang.StringIndexOutOfBoundsException: length=165; regionStart=0; regionLength=167 at org.mozilla.gecko.mozglue.GeckoLoader.nativeRun(Native Method) ]
I managed to get this crash on etherpad
Crash Signature: [@ java.lang.StringIndexOutOfBoundsException: length=165; regionStart=0; regionLength=167 at org.mozilla.gecko.mozglue.GeckoLoader.nativeRun(Native Method) ] → [@ java.lang.StringIndexOutOfBoundsException: length=165; regionStart=0; regionLength=167 at org.mozilla.gecko.mozglue.GeckoLoader.nativeRun(Native Method) ] [@ java.lang.StringIndexOutOfBoundsException: length=165; regionStart=0; regionLength=167 at org…
bug 1331547 comment 0 has some new steps.
tracking-fennec: + → ?
https://crash-stats.mozilla.com/report/index/7f52c73d-8026-4ae7-a8b1-4aa4e2170208#tab-details

I'm not sure this is a true dupe, but I'll let snorp make that call.

The intent opening the browser in the dupe is passing in "http://".  Leaving aside whether that is a useful behaviour, we're stripping the scheme and ending up with an empty string.  There's probably multiple places we should guard against this, but at the least we should ensure that stripScheme [1] is a little smarter...

[1] https://dxr.mozilla.org/mozilla-central/source/mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/StringUtils.java#108
Easy way to recreate this crash using adb. Close the browser.

db shell am start -a android.intent.action.VIEW -c android.intent.category.default -d http:// -n org.mozilla.firefox/.App
Neither of the first two original scenarios crash the browser anymore (http://www.iciba.com/德国 or א).
The core problem here is that we always assumed that trailing slash should be removed. In the http:// case, that caused bad things to happen.

I reworked the code to remove http/https at the beginning and then handle the / at the end in the new URL.
Assignee: snorp → mozilla
Attachment #8838770 - Flags: review?(s.kaspari)
plus it since there's patch under review.
tracking-fennec: ? → +
Attachment #8838770 - Flags: review?(s.kaspari) → review?(snorp)
Comment on attachment 8838770 [details] [diff] [review]
Better assumptions about URLs

Review of attachment 8838770 [details] [diff] [review]:
-----------------------------------------------------------------

This whole function is just weird. It really seems like we should not be parsing the URI ourselves, and instead using something like android.net.Uri. A quick glance there indicates that it may be a little cumbersome to return the string representation that only differs by excluding the Uri, but I think it should generally be good enough. Ugh. It's all kinda terrible.
Attachment #8838770 - Flags: review?(snorp) → review+
https://hg.mozilla.org/mozilla-central/rev/d5bc4f182ec3
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 54
Comment on attachment 8838770 [details] [diff] [review]
Better assumptions about URLs

Approval Request Comment
[Feature/Bug causing the regression]: Fix crash bug.
[User impact if declined]: Crash if URL "http://" is opened programmatically somehow (this happens with our partner).
[Is this code covered by automated tests?]: No
[Has the fix been verified in Nightly?]: Not yet.
[Needs manual test from QE? If yes, steps to reproduce]: run the command:

adb shell am start -a android.intent.action.VIEW -c android.intent.category.default -d http:// -n org.mozilla.firefox/.App
[List of other uplifts needed for the feature/fix]: None
[Is the change risky?]: Low
[Why is the change risky/not risky?]: Changes existing string code to be more robust
[String changes made/needed]:

I realize this is late in the cycle, but this was found by our partner and can be easily recreated by them (and their users) on the device.
Attachment #8838770 - Flags: approval-mozilla-beta?
Attachment #8838770 - Flags: approval-mozilla-aurora?
Any chance of some additions to mobile/android/tests/background/junit4/src/org/mozilla/gecko/util/TestStringUtils.java?
Yes, I will take a look at writing those today.
Complete tests for stripScheme.

I did run these tests on the old code and it did fail:

java.lang.StringIndexOutOfBoundsException: String index out of range: -1
Attachment #8840983 - Flags: review?(snorp)
Attachment #8840983 - Flags: review?(snorp) → review+
Hi Brindusa, could you help find someone to verify if this issue was fixed as expected on a latest Nightly build? Thanks!
Flags: needinfo?(brindusa.tot)
I will move this to Fennec team, as I am not part of it. Ioana, could you or someone from you team, take a look on this? Thanks!
Flags: needinfo?(brindusa.tot) → needinfo?(ioana.chiorean)
Thanks Brindusa! Bogdan will work on it.
Flags: needinfo?(ioana.chiorean) → needinfo?(bogdan.surd)
QA Contact: bogdan.surd
Devices:
 - HTC Desire 820 (Android 6.0);
 - Samsung Galaxy Note 4 (Android 5.1.1).

 Hello, I have verified this issue, it would seem that the problem is fixed, I didn't encounter any problems. Marking as Verified.

Notes:
 - On the HTC if the user manually entered the characters in the URL instead of the Unicode text format the page would not load anymore.
 - No such problems were encountered on the Samsung.
Flags: needinfo?(bogdan.surd)
Comment on attachment 8838770 [details] [diff] [review]
Better assumptions about URLs

fix a fennec crash affecting a partner, aurora53+, beta/release 52+
Attachment #8838770 - Flags: approval-mozilla-release+
Attachment #8838770 - Flags: approval-mozilla-beta?
Attachment #8838770 - Flags: approval-mozilla-beta+
Attachment #8838770 - Flags: approval-mozilla-aurora?
Attachment #8838770 - Flags: approval-mozilla-aurora+
Verified as fixed on both latest Aurora 53.0a2 (03-03-2017) and 52.0b11 on a Samsung Galaxy S6 Edge (Android 6.0) and Samsung Galaxy Tab Active (Android 5.1.1)
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.