Closed Bug 1031210 Opened 11 years ago Closed 8 years ago

Crash - java.lang.StringIndexOutOfBoundsException: length=146; regionStart=0; regionLength=150 at org.mozilla.gecko.mozglue.GeckoLoader.nativeRun(Native Method) when starting Gecko with a URL like http://www.iciba.com/德国

Categories

(Firefox for Android Graveyard :: General, defect, P5)

Product:
Firefox for Android Graveyard
Component:
General
Version:
30 Branch
Platform:
ARM
Android
Type:
defect

Tracking

(firefox30 wontfix, firefox31 wontfix, firefox32 wontfix, firefox33 wontfix, firefox36 wontfix, firefox37 wontfix, firefox38 wontfix, firefox39 wontfix, fennec+, firefox52 verified, firefox-esr52 fixed, firefox53 verified, firefox54 verified)

Status:
RESOLVED FIXED
Milestone:
Firefox 54
Tracking Flags:
Tracking Status
firefox30 --- wontfix
firefox31 --- wontfix
firefox32 --- wontfix
firefox33 --- wontfix
firefox36 --- wontfix
firefox37 --- wontfix
firefox38 --- wontfix
firefox39 --- wontfix
fennec + ---
firefox52 --- verified
firefox-esr52 --- fixed
firefox53 --- verified
firefox54 --- verified

People

(Reporter: victor, Assigned: mkaply)

References

Details

(Keywords: crash, reproducible)

Crash Data

Attachments

(2 files)

Better assumptions about URLs
1.50 KB, patch
snorp
: review+
jcristau
: approval-mozilla-aurora+
jcristau
: approval-mozilla-beta+
jcristau
: approval-mozilla-release+
Details | Diff | Splinter Review
Unit tests for stripScheme function
2.05 KB, patch
snorp
: review+
Details | Diff | Splinter Review
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0 (Beta/Release) Build ID: 20140605174243 Steps to reproduce: From my chinese dictionary app (Hanping) I click on a link to open an URL in a website (shortcut to query a word search in an online dictionary), then choose to open with Firefox browser. If firefox was not previously running (after a phone reboot, or after killing firefox app) it makes firefox crash. Actual results: Firefox crash (black screen for 1 second). Expected results: Firefox should have open the requested website looking for the URL specified by the other app (dictionary app in my case).
OS: Windows 7 → Android
Hardware: x86_64 → ARM
Here is the error log : 06-27 15:36:47.299: I/PackageManager(749): Action: "android.intent.action.VIEW" 06-27 15:36:47.299: I/PackageManager(749): Category: "android.intent.category.DEFAULT" 06-27 15:36:47.299: I/PackageManager(749): Scheme: "http" 06-27 15:36:47.299: I/PackageManager(749): Adding preferred activity ComponentInfo{org.mozilla.firefox/org.mozilla.firefox.App} for user 0 : 06-27 15:36:47.319: I/ActivityManager(749): START u0 {act=android.intent.action.VIEW dat=http://www.iciba.com/德国 flg=0x3000000 cmp=org.mozilla.firefox/.App} from pid 20432 06-27 15:36:47.459: W/GeckoProfile(21704): Requested profile directory missing. 06-27 15:36:47.489: D/GeckoScreenOrientation(21704): updating to new orientation PORTRAIT_PRIMARY 06-27 15:36:47.599: D/GeckoLocales(21704): Calling setContextGetter: org.mozilla.firefox.App@42c1f0d0 06-27 15:36:47.609: D/GeckoSessInfo(21704): Building SessionInformation from prefs: 1403854568297, 0, false, false 06-27 15:36:47.609: D/GeckoProfile(21704): Found profile dir. 06-27 15:36:47.609: I/GeckoApp(21704): Creating HealthRecorder. 06-27 15:36:47.609: D/GeckoApp(21704): OS locale is en_GB, app locale is null 06-27 15:36:47.609: D/GeckoHealthRec(21704): Initializing. Dispatcher is org.mozilla.gecko.EventDispatcher@42c022e0 06-27 15:36:47.609: D/GeckoHealthRec(21704): Initializing profile cache. 06-27 15:36:47.609: D/GeckoHardwareUtils(21704): System memory: 1855MB. 06-27 15:36:47.609: I/GeckoAnnounce(21704): firefox :: GeckoProfileInfo :: Restoring ProfileInformationCache from file. 06-27 15:36:47.619: D/GeckoHealthRec(21704): Successfully restored state. Initializing storage. 06-27 15:36:47.619: D/GeckoHealthRec(21704): Done initializing profile cache. Beginning storage init. 06-27 15:36:47.629: I/GeckoAnnounce(21704): firefox :: HealthReportStorage :: Initializing measurement org.mozilla.appSessions to 4 (current 4) 06-27 15:36:47.629: I/GeckoAnnounce(21704): firefox :: HealthReportStorage :: Measurement org.mozilla.appSessions already at v4 06-27 15:36:47.629: I/GeckoAnnounce(21704): firefox :: HealthReportStorage :: Initializing measurement org.mozilla.searches.counts to 5 (current 5) 06-27 15:36:47.629: I/GeckoAnnounce(21704): firefox :: HealthReportStorage :: Measurement org.mozilla.searches.counts already at v5 06-27 15:36:47.629: D/GeckoHealthRec(21704): Ensuring environment. 06-27 15:36:47.629: W/GeckoEventDispatcher(21704): unregisterEventListener: event 'Prompt:ShowTop' has no listeners 06-27 15:36:47.639: D/GeckoHealthRec(21704): Finishing init. 06-27 15:36:47.639: D/GeckoHealthRec(21704): Checking for orphan session. 06-27 15:36:47.659: D/GeckoApp(21704): onConfigurationChanged: en_GB 06-27 15:36:47.659: V/GeckoHealthRec(21704): Recorded session entry for env 1, current is 1 06-27 15:36:47.659: D/GeckoSessInfo(21704): Recording start of session: 1403854607641 06-27 15:36:47.739: D/OpenGLRenderer(21704): Enabling debug mode 0 06-27 15:36:47.749: W/GeckoGLController(21704): GLController::serverSurfaceChanged(1080, 1701) 06-27 15:36:47.889: W/ActivityThread(21704): ClassLoader.loadClass: The class loader returned by Thread.getContextClassLoader() may fail for processes that host multiple applications. You should explicitly specify a context class loader. For example: Thread.setContextClassLoader(getClass().getClassLoader()); 06-27 15:36:47.899: I/GeckoAxis(21704): Prefs: 0.85,0.97,10.0,0.1,0.04,0.3,0.5 06-27 15:36:47.899: I/ActivityManager(749): Displayed org.mozilla.firefox/.App: +479ms 06-27 15:36:47.909: D/GeckoLoader(21704): Gecko environment env0: null 06-27 15:36:47.919: E/GeckoLibLoad(21704): Load sqlite start 06-27 15:36:47.919: E/GeckoLinker(21704): /data/app/org.mozilla.firefox-1.apk!/assets/libnss3.so: Warning: unhandled flags #8 not handled 06-27 15:36:47.919: W/GeckoGLController(21704): GLController::updateCompositor with mCompositorCreated=false 06-27 15:36:47.919: W/GeckoGLController(21704): done GLController::updateCompositor 06-27 15:36:47.949: E/GeckoLibLoad(21704): Load sqlite done 06-27 15:36:47.949: E/GeckoLibLoad(21704): Load nss start 06-27 15:36:47.949: E/GeckoLibLoad(21704): Load nss done 06-27 15:36:47.949: E/GeckoLinker(21704): /data/app/org.mozilla.firefox-1.apk!/assets/libxul.so: Warning: unhandled flags #8 not handled 06-27 15:36:47.949: E/GeckoLinker(21704): /data/app/org.mozilla.firefox-1.apk!/assets/libmozalloc.so: Warning: unhandled flags #8 not handled 06-27 15:36:47.969: E/GeckoLinker(21704): /data/app/org.mozilla.firefox-1.apk!/assets/libxul.so: Warning: relocation to NULL @0x016c42e8 06-27 15:36:47.969: E/GeckoLinker(21704): /data/app/org.mozilla.firefox-1.apk!/assets/libxul.so: Warning: relocation to NULL @0x016c5410 for symbol "__cxa_begin_cleanup" 06-27 15:36:47.969: E/GeckoLinker(21704): /data/app/org.mozilla.firefox-1.apk!/assets/libxul.so: Warning: relocation to NULL @0x016c5414 for symbol "__cxa_type_match" 06-27 15:36:48.009: W/GeckoGLController(21704): GLController::serverSurfaceChanged(1080, 1557) 06-27 15:36:48.039: D/GeckoToolbar(21704): onTabChanged: SELECTED 06-27 15:36:48.049: D/GeckoToolbarDisplayLayout(21704): updateFavicon(null) 06-27 15:36:48.049: I/GeckoToolbarDisplayLayout(21704): zerdatime 14675543 - Throbber start 06-27 15:36:48.049: D/GeckoBrowserApp(21704): BrowserApp.onTabChanged: 0: SELECTED 06-27 15:36:48.049: D/GeckoToolbar(21704): onTabChanged: RESTORED 06-27 15:36:48.049: W/GeckoGLController(21704): GLController::updateCompositor with mCompositorCreated=false 06-27 15:36:48.049: W/GeckoGLController(21704): done GLController::updateCompositor 06-27 15:36:48.099: E/GeckoLibLoad(21704): Loaded libs in 151ms total, 50ms(120ms) user, 30ms(40ms) system, 0(0) faults 06-27 15:36:48.099: W/GeckoThread(21704): zerdatime 14675597 - runGecko 06-27 15:36:48.099: I/GeckoThread(21704): RunGecko - args = -P default 06-27 15:36:48.109: D/GeckoAppShell(21704): GeckoLoader.nativeRun /data/app/org.mozilla.firefox-1.apk -greomni /data/app/org.mozilla.firefox-1.apk -P default -url http://www.iciba.com/德国 -width 1080 -height 1776 06-27 15:36:48.109: E/Profiler(21704): BEGIN mozilla_sampler_init 06-27 15:36:48.109: E/Profiler(21704): BPUnw: [1 total] thread_register_for_profiling(me=0x77f3f008, stacktop=0x78c61972) 06-27 15:36:48.109: E/Profiler(21704): SPS: 06-27 15:36:48.109: E/Profiler(21704): SPS: Unwind mode = pseudo 06-27 15:36:48.109: E/Profiler(21704): SPS: Sampling interval = 0 ms (zero means "platform default") 06-27 15:36:48.109: E/Profiler(21704): SPS: Entry store size = 0 (zero means "platform default") 06-27 15:36:48.109: E/Profiler(21704): SPS: UnwindStackScan = 0 (max dubious frames per unwind). 06-27 15:36:48.109: E/Profiler(21704): SPS: Use env var MOZ_PROFILER_MODE=help for further information. 06-27 15:36:48.109: E/Profiler(21704): SPS: 06-27 15:36:48.109: E/Profiler(21704): Registering start signal 06-27 15:36:48.119: E/Profiler(21704): BPUnw: [2 total] thread_register_for_profiling(me=0x74eccc80, stacktop=0x7e772caf) 06-27 15:36:48.139: E/GeckoConsole(21704): Could not read chrome manifest 'file:///data/data/org.mozilla.firefox/chrome.manifest'. 06-27 15:36:48.139: I/Gecko:MemoryInfoDumper(21704): Fifo watcher disabled via pref. 06-27 15:36:48.319: E/Profiler(21704): BPUnw: [1 total] thread_unregister_for_profiling(me=0x74eccc80) 06-27 15:36:48.319: I/fennec(21704): XRE_main returned 1 06-27 15:36:48.319: E/GeckoAppShell(21704): >>> REPORTING UNCAUGHT EXCEPTION FROM THREAD 929 ("Gecko") 06-27 15:36:48.319: E/GeckoAppShell(21704): java.lang.StringIndexOutOfBoundsException: length=146; regionStart=0; regionLength=150 06-27 15:36:48.319: E/GeckoAppShell(21704): at org.mozilla.gecko.mozglue.GeckoLoader.nativeRun(Native Method) 06-27 15:36:48.319: E/GeckoAppShell(21704): at org.mozilla.gecko.GeckoAppShell.runGecko(GeckoAppShell.java:346) 06-27 15:36:48.319: E/GeckoAppShell(21704): at org.mozilla.gecko.GeckoThread.run(GeckoThread.java:178) 06-27 15:36:48.319: E/GeckoAppShell(21704): Main thread stack: 06-27 15:36:48.319: E/GeckoAppShell(21704): android.os.MessageQueue.nativePollOnce(Native Method) 06-27 15:36:48.319: E/GeckoAppShell(21704): android.os.MessageQueue.next(MessageQueue.java:138) 06-27 15:36:48.319: E/GeckoAppShell(21704): android.os.Looper.loop(Looper.java:123) 06-27 15:36:48.319: E/GeckoAppShell(21704): android.app.ActivityThread.main(ActivityThread.java:5001) 06-27 15:36:48.319: E/GeckoAppShell(21704): java.lang.reflect.Method.invokeNative(Native Method) 06-27 15:36:48.319: E/GeckoAppShell(21704): java.lang.reflect.Method.invoke(Method.java:515) 06-27 15:36:48.319: E/GeckoAppShell(21704): com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:785) 06-27 15:36:48.319: E/GeckoAppShell(21704): com.android.internal.os.ZygoteInit.main(ZygoteInit.java:601) 06-27 15:36:48.319: E/Gecko(21704): mozalloc_abort: Redirecting call to abort() to mozalloc_abort 06-27 15:36:48.319: A/libc(21704): Fatal signal 11 (SIGSEGV) at 0x00000000 (code=1), thread 21797 (Gecko)
Thanks for the report. The key here is the URL fed to Gecko: GeckoLoader.nativeRun /data/app/org.mozilla.firefox-1.apk -greomni /data/app/org.mozilla.firefox-1.apk -P default -url http://www.iciba.com/德国 -width 1080 -height 1776 This crashes the browser: adb shell am start -a android.intent.action.VIEW -n org.mozilla.fennec/.App -d "http://www.iciba.com/德国"
Severity: normal → critical
Status: UNCONFIRMED → NEW
tracking-fennec: --- → ?
Ever confirmed: true
Keywords: crash
Summary: Launching firefox (when not running) from another app make it crash → Crash - java.lang.StringIndexOutOfBoundsException: length=146; regionStart=0; regionLength=150 at org.mozilla.gecko.mozglue.GeckoLoader.nativeRun(Native Method) when starting Gecko with a URL like http://www.iciba.com/德国
Keywords: reproducible
Simplified just by launching Gecko with a UTF-8 Unicode character, e.g, org.mozilla.fennec/.App -d א
Assignee: nobody → snorp
tracking-fennec: ? → +
Status: NEW → ASSIGNED
filter on [mass-p5]
Priority: -- → P5
"crashed when opened a Google plus page" Great, so no users affected by that. *rimshot*
Crash Signature: [java.lang.StringIndexOutOfBoundsException: length=165; regionStart=0; regionLength=167 at org.mozilla.gecko.mozglue.GeckoLoader.nativeRun(Native Method)]
status-firefox36: --- → affected
// XXX: java doesn't give us true UTF8, we should figure out something // better to do here int len = jenv->GetStringUTFLength(jargs); // GeckoStart needs to write in the args buffer, so we need a copy. char *args = (char *) malloc(len + 1); jenv->GetStringUTFRegion(jargs, 0, len, args); That looks pretty suspect.
Crash Signature: [java.lang.StringIndexOutOfBoundsException: length=165; regionStart=0; regionLength=167 at org.mozilla.gecko.mozglue.GeckoLoader.nativeRun(Native Method)] → [@ java.lang.StringIndexOutOfBoundsException: length=165; regionStart=0; regionLength=167 at org.mozilla.gecko.mozglue.GeckoLoader.nativeRun(Native Method) ]
I managed to get this crash on etherpad
status-firefox37: --- → affected
status-firefox38: --- → affected
status-firefox39: --- → affected
Crash Signature: [@ java.lang.StringIndexOutOfBoundsException: length=165; regionStart=0; regionLength=167 at org.mozilla.gecko.mozglue.GeckoLoader.nativeRun(Native Method) ] → [@ java.lang.StringIndexOutOfBoundsException: length=165; regionStart=0; regionLength=167 at org.mozilla.gecko.mozglue.GeckoLoader.nativeRun(Native Method) ] [@ java.lang.StringIndexOutOfBoundsException: length=165; regionStart=0; regionLength=167 at org…
bug 1331547 comment 0 has some new steps.
tracking-fennec: + → ?
https://crash-stats.mozilla.com/report/index/7f52c73d-8026-4ae7-a8b1-4aa4e2170208#tab-details I'm not sure this is a true dupe, but I'll let snorp make that call. The intent opening the browser in the dupe is passing in "http://". Leaving aside whether that is a useful behaviour, we're stripping the scheme and ending up with an empty string. There's probably multiple places we should guard against this, but at the least we should ensure that stripScheme [1] is a little smarter... [1] https://dxr.mozilla.org/mozilla-central/source/mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/StringUtils.java#108
Easy way to recreate this crash using adb. Close the browser. db shell am start -a android.intent.action.VIEW -c android.intent.category.default -d http:// -n org.mozilla.firefox/.App
Neither of the first two original scenarios crash the browser anymore (http://www.iciba.com/德国 or א).
The core problem here is that we always assumed that trailing slash should be removed. In the http:// case, that caused bad things to happen. I reworked the code to remove http/https at the beginning and then handle the / at the end in the new URL.
Assignee: snorp → mozilla
Attachment #8838770 - Flags: review?(s.kaspari)
plus it since there's patch under review.
tracking-fennec: ? → +
Attachment #8838770 - Flags: review?(s.kaspari) → review?(snorp)
Comment on attachment 8838770 [details] [diff] [review] Better assumptions about URLs Review of attachment 8838770 [details] [diff] [review]: ----------------------------------------------------------------- This whole function is just weird. It really seems like we should not be parsing the URI ourselves, and instead using something like android.net.Uri. A quick glance there indicates that it may be a little cumbersome to return the string representation that only differs by excluding the Uri, but I think it should generally be good enough. Ugh. It's all kinda terrible.
Attachment #8838770 - Flags: review?(snorp) → review+
https://hg.mozilla.org/mozilla-central/rev/d5bc4f182ec3
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox54: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 54
Comment on attachment 8838770 [details] [diff] [review] Better assumptions about URLs Approval Request Comment [Feature/Bug causing the regression]: Fix crash bug. [User impact if declined]: Crash if URL "http://" is opened programmatically somehow (this happens with our partner). [Is this code covered by automated tests?]: No [Has the fix been verified in Nightly?]: Not yet. [Needs manual test from QE? If yes, steps to reproduce]: run the command: adb shell am start -a android.intent.action.VIEW -c android.intent.category.default -d http:// -n org.mozilla.firefox/.App [List of other uplifts needed for the feature/fix]: None [Is the change risky?]: Low [Why is the change risky/not risky?]: Changes existing string code to be more robust [String changes made/needed]: I realize this is late in the cycle, but this was found by our partner and can be easily recreated by them (and their users) on the device.
Attachment #8838770 - Flags: approval-mozilla-beta?
Attachment #8838770 - Flags: approval-mozilla-aurora?
Any chance of some additions to mobile/android/tests/background/junit4/src/org/mozilla/gecko/util/TestStringUtils.java?
Yes, I will take a look at writing those today.
Complete tests for stripScheme. I did run these tests on the old code and it did fail: java.lang.StringIndexOutOfBoundsException: String index out of range: -1
Attachment #8840983 - Flags: review?(snorp)
Attachment #8840983 - Flags: review?(snorp) → review+
Hi Brindusa, could you help find someone to verify if this issue was fixed as expected on a latest Nightly build? Thanks!
status-firefox52: --- → affected
status-firefox53: --- → affected
Flags: needinfo?(brindusa.tot)
I will move this to Fennec team, as I am not part of it. Ioana, could you or someone from you team, take a look on this? Thanks!
Flags: needinfo?(brindusa.tot) → needinfo?(ioana.chiorean)
Thanks Brindusa! Bogdan will work on it.
Flags: needinfo?(ioana.chiorean) → needinfo?(bogdan.surd)
QA Contact: bogdan.surd
Devices: - HTC Desire 820 (Android 6.0); - Samsung Galaxy Note 4 (Android 5.1.1). Hello, I have verified this issue, it would seem that the problem is fixed, I didn't encounter any problems. Marking as Verified. Notes: - On the HTC if the user manually entered the characters in the URL instead of the Unicode text format the page would not load anymore. - No such problems were encountered on the Samsung.
status-firefox54: fixedverified
Flags: needinfo?(bogdan.surd)
Comment on attachment 8838770 [details] [diff] [review] Better assumptions about URLs fix a fennec crash affecting a partner, aurora53+, beta/release 52+
Attachment #8838770 - Flags: approval-mozilla-release+
Attachment #8838770 - Flags: approval-mozilla-beta?
Attachment #8838770 - Flags: approval-mozilla-beta+
Attachment #8838770 - Flags: approval-mozilla-aurora?
Attachment #8838770 - Flags: approval-mozilla-aurora+
Verified as fixed on both latest Aurora 53.0a2 (03-03-2017) and 52.0b11 on a Samsung Galaxy S6 Edge (Android 6.0) and Samsung Galaxy Tab Active (Android 5.1.1)
status-firefox52: fixedverified
status-firefox53: fixedverified
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: