Closed Bug 1232608 Opened 9 years ago Closed 6 years ago

After transferring bookmarks and history, Fennec crashes when input something in the address bar

Categories

(Firefox for Android Graveyard :: General, defect)

Product:
Firefox for Android Graveyard
Component:
General
Version:
43 Branch
Platform:
ARM
Android
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(fennec+)

Status:
RESOLVED WONTFIX
Tracking Flags:
Tracking Status
fennec + ---

People

(Reporter: bli, Assigned: liuche)

Details

(Keywords: crash)

Crash Data

Attachments

(4 files)

logcat
2.82 MB, text/plain
Details
logcat-regular-fennec
913.80 KB, text/plain
Details
logcat-regular-fennec-build-mi
1.15 MB, text/x-vhdl
Details
MozReview Request: Bug 1232608 - After transferring bookmarks and history, Fennec crashes when input something in the address bar. r=rnewman
58 bytes, text/x-review-board-request
rnewman
: feedback+
Details 
Environments:
----------------------------
Fennec 43 build2 (both regular fennec build and Mozilla China build)


Steps to reproduce:
----------------------------
1. Install Fennec 43 build2 for the first time

2. Launch Fennec for the first time

3. Transfer bookmarks and history

4. Input url/keywords in the address bar
   --> Fennec crashes


Crash report:
-----------------------------------------------
https://crash-stats.mozilla.com/report/index/fd08e13d-eb32-42a8-b4c6-eeaf42151215
Severity: normal → major
OS: Unspecified → Android
Hardware: Unspecified → ARM
tracking-fennec: --- → ?
Flags: needinfo?(liuche)
Device for this report is a HUAWEI M2-801W does not seem to be device specific. Top devices are

samsung	GT-I9505
LENOVO	Lenovo TAB 2 A8-50L
OnePlus	A0001
HTC	HTC One
LENOVO	Lenovo P70-A
Do we have a log?

This implies that there's a bookmark with a NULL URL. The importer shouldn't import those, and we shouldn't query for them, so there are at least two bugs here…
Attached file logcat 
(In reply to Richard Newman [:rnewman] from comment #2)
> Do we have a log?
> 
> This implies that there's a bookmark with a NULL URL. The importer shouldn't
> import those, and we shouldn't query for them, so there are at least two
> bugs here…

log attached.
Attachment #8698748 - Attachment mime type: text/x-vhdl → text/plain
I see a lot of java.io.FileNotFoundException exceptions, thrown from the NavigatorPanel.
(In reply to Mark Finkle (:mfinkle) from comment #4)
> I see a lot of java.io.FileNotFoundException exceptions, thrown from the
> NavigatorPanel.

We don't have a NavigatorPanel in our codebase, so this would be an issue related to the China fork.
Are you sure that log covers the crash you reported?

Still, I think my diagnosis in Comment 2 is correct.
tracking-fennec: ? → 43+
Assignee: nobody → liuche
Attached file logcat-regular-fennec 
(In reply to :Margaret Leibovic from comment #5)
> (In reply to Mark Finkle (:mfinkle) from comment #4)
> > I see a lot of java.io.FileNotFoundException exceptions, thrown from the
> > NavigatorPanel.
> 
> We don't have a NavigatorPanel in our codebase, so this would be an issue
> related to the China fork.

Here is the log from a regular fennec build.
I tried with a regular fennec build on another device:
MI PAD ( MI is a famous manufacturer in China, whose products are very popular)
Android 4.4.4
Fennec 43


Here are crash reports:
https://crash-stats.mozilla.com/report/index/422b805f-9fe6-4418-9515-d8a2e2151218

https://crash-stats.mozilla.com/report/index/b74e35cf-18dd-4e9a-906f-18f9e2151218

And log is attached.
Crash Signature: [@ java.lang.NullPointerException: at org.mozilla.gecko.home.BrowserSearch.access$1700(BrowserSearch.java) ]
Keywords: crash
tracking-fennec: 43+ → ?
Chenxia, can you take a look at this? Our crash rate is bad, every little bit can help.
tracking-fennec: ? → 44+
We're going to back out the import panel, so that should help reduce the incidence of this issue.

It may still happen if you import from settings, but it seems like that scenario is less likely to cause a race like this.
That'll avoid new cases, but Fennec will crash 100% of the time for users who already imported bad data, so I don't think this can be deprioritized.
(In reply to Richard Newman [:rnewman] from comment #11)
> That'll avoid new cases, but Fennec will crash 100% of the time for users
> who already imported bad data, so I don't think this can be deprioritized.

Okay, then we should figure out what to do here.

Looking at UI telemetry, people do use the import feature in settings quite a bit, although those numbers might be skewed towards power users on release who are turning on telemetry.

Chenxia, do you have one of these devices in the SF office where you can reproduce?
tracking-fennec: 44+ → ?
tracking-fennec: ? → 47+
We don't have any of these devices in SF, but these should address the two points rnewman made in comment #2.
Flags: needinfo?(liuche)
Attachment #8714561 - Flags: review?(rnewman)
Comment on attachment 8714561 [details]
MozReview Request: Bug 1232608 - After transferring bookmarks and history, Fennec crashes when input something in the address bar. r=rnewman

https://reviewboard.mozilla.org/r/33147/#review29909

::: mobile/android/base/java/org/mozilla/gecko/home/SearchLoader.java:37
(Diff revision 1)
> -            final String searchTerm = args.getString(KEY_SEARCH_TERM);
> +            final String searchTerm = args.getString(KEY_SEARCH_TERM, "");

I'm not sure how this is related. I mean, yes, it's good to be safe… can you explain?

::: mobile/android/base/java/org/mozilla/gecko/preferences/AndroidImport.java:76
(Diff revision 1)
> -                               LegacyBrowserProvider.BookmarkColumns.BOOKMARK + " = 1");
> +                               LegacyBrowserProvider.BookmarkColumns.BOOKMARK + " = 1 AND +" +

I think you have an extra '+' inside the quotes. Did you test this?

::: mobile/android/base/java/org/mozilla/gecko/preferences/AndroidImport.java:77
(Diff revision 1)
> +                               LegacyBrowserProvider.BookmarkColumns.URL + " IS NOT NULL");

I assume this doesn't import folders… if it does, would that cause this bug?
Comment on attachment 8714561 [details]
MozReview Request: Bug 1232608 - After transferring bookmarks and history, Fennec crashes when input something in the address bar. r=rnewman

Review request updated; see interdiff: https://reviewboard.mozilla.org/r/33147/diff/1-2/
Attachment #8714561 - Flags: review?(rnewman)
> ::: mobile/android/base/java/org/mozilla/gecko/home/SearchLoader.java:37
> (Diff revision 1)
> > -            final String searchTerm = args.getString(KEY_SEARCH_TERM);
> > +            final String searchTerm = args.getString(KEY_SEARCH_TERM, "");
> 
> I'm not sure how this is related. I mean, yes, it's good to be safe… can you
> explain?
> 

searchTerm gets passed into a cursor query as the selection - if it's null, doesn't it return all columns? I'd assume that this is why we're getting urls that are malformed.

> :::
> mobile/android/base/java/org/mozilla/gecko/preferences/AndroidImport.java:76
> (Diff revision 1)
> > -                               LegacyBrowserProvider.BookmarkColumns.BOOKMARK + " = 1");
> > +                               LegacyBrowserProvider.BookmarkColumns.BOOKMARK + " = 1 AND +" +
> 
> I think you have an extra '+' inside the quotes. Did you test this?
> 

Odd, it ran just fine when I tested it. Removed.

> :::
> mobile/android/base/java/org/mozilla/gecko/preferences/AndroidImport.java:77
> (Diff revision 1)
> > +                               LegacyBrowserProvider.BookmarkColumns.URL + " IS NOT NULL");
> 
> I assume this doesn't import folders… if it does, would that cause this bug?

Changed this to Combined.URL.
To be specific, the crash log is in BrowserSearch.

E/GeckoCrashHandler( 8561): >>> REPORTING UNCAUGHT EXCEPTION FROM THREAD 1 ("main")
E/GeckoCrashHandler( 8561): java.lang.NullPointerException: Attempt to invoke virtual method 'boolean java.lang.String.startsWith(java.lang.String)' on a null object reference
E/GeckoCrashHandler( 8561): 	at org.mozilla.gecko.home.BrowserSearch.access$1700(BrowserSearch.java:66)
E/GeckoCrashHandler( 8561): 	at org.mozilla.gecko.home.BrowserSearch$CursorLoaderCallbacks.onLoadFinished(BrowserSearch.java:928)

This is kind of confusing because at this specific point it's not loading anything, but maybe the loader already has some bad urls, because it called loadCursor with a "null" searchTerm, as would happen here, and returned everything because no selection was actually specified:

http://mxr.mozilla.org/mozilla-central/source/mobile/android/base/java/org/mozilla/gecko/home/SearchLoader.java#101

Does that seem reasonable, or am I barking up the wrong tree?
Hmm, though on more detailed inspection, filter() doesn't actually take a selection, and searchTerm is used as a constraint which does get null-checked.

I'll take that part out then, because that's not causing us to query for anything that has null urls.
(In reply to Chenxia Liu [:liuche] from comment #17)

> searchTerm gets passed into a cursor query as the selection - if it's null,
> doesn't it return all columns?

That's the behavior for projection = null, not selection = null.

> I'd assume that this is why we're getting
> urls that are malformed.

Based on my reading of BrowserSearch.java, mSearchTerm -- with which we initialize the loader -- should never be null.

And even if it is, when it reaches LocalBrowserDB.filter (and filterAllSites) via SearchCursorLoader, it's correctly handled with TextUtils.isEmpty.

I think you're thinking "if this is null, is it going to return all rows"? Well, that's what history usually does -- it's one of the two cases handled in LocalBrowserDB.filterAllSites.

I don't think the issue here is to do with querying at all.


> > I assume this doesn't import folders… if it does, would that cause this bug?
> 
> Changed this to Combined.URL.

I wasn't implying something needed to be changed; I was questioning whether this might be the root cause. That is: if some vendor's importer *did* include folders here, with null URLs…


(In reply to Chenxia Liu [:liuche] from comment #18)

> org.mozilla.gecko.home.BrowserSearch$CursorLoaderCallbacks.
> onLoadFinished(BrowserSearch.java:928)
> 
> This is kind of confusing because at this specific point it's not loading
> anything, but maybe the loader already has some bad urls, because it called
> loadCursor with a "null" searchTerm, as would happen here, and returned
> everything because no selection was actually specified:

I think the resultant cursor contains rows that have null URLs, and we don't expect that.

We grab the URL:

https://dxr.mozilla.org/mozilla-central/source/mobile/android/base/java/org/mozilla/gecko/home/BrowserSearch.java#533

never test it for null-ness, then call .startsWith:

https://dxr.mozilla.org/mozilla-central/source/mobile/android/base/java/org/mozilla/gecko/home/BrowserSearch.java#542

That code -- handleAutocomplete -- is called in onLoadFinished:

https://dxr.mozilla.org/mozilla-central/source/mobile/android/base/java/org/mozilla/gecko/home/BrowserSearch.java#1130

so it seems like it agrees with that log.


If so, your fix should be:

* Provider: Don't ever include in filter result sets bookmarks or history items with null URLs.
* Importer: Don't import bookmarks or history items with null URLs.
* BrowserSearch: Check for null before dereferencing data retrieved from a cursor. (This is belt-and-braces.)
* DB: Do a DB migration to mark as deleted bookmarks with null URLs.
Attachment #8714561 - Flags: review?(rnewman) → feedback+
What's going on with this bug? It hasn't been touched in a while, but it's tracking 47.
Flags: needinfo?(liuche)
This bug was made tracking because it was part of first run, but once we removed it from first run, it's still possible that this happens but it was less likely, so I de-proritized it in my list.

Clearing tracking and renom-ing, but I can also look at this right now.
tracking-fennec: 47+ → ?
Flags: needinfo?(liuche)
tracking-fennec: ? → +
Closing because no crashes reported for 12 weeks.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: