Closed Bug 1457273 Opened Last year Closed 9 months ago

Crash in java.lang.IllegalArgumentException: invalid selection notification range at org.mozilla.gecko.GeckoEditableChild.onSelectionChange(GeckoEditableChild.java)

Categories

(Firefox for Android :: Keyboards and IME, defect, critical)

Unspecified
Android
defect
Not set
critical

Tracking

()

RESOLVED FIXED
Firefox 65
Tracking Status
firefox59 --- unaffected
firefox60 --- unaffected
firefox61 - wontfix
firefox62 - wontfix
firefox63 --- wontfix
firefox64 --- disabled
firefox65 --- fixed

People

(Reporter: mccr8, Assigned: jchen)

Details

(Keywords: crash, regression, topcrash)

Crash Data

Attachments

(1 file)

This bug was filed from the Socorro interface and is
report bp-64694798-55fe-4a27-b6c8-54cee0180426.
=============================================================

Top 10 frames of crashing thread:

0 libxul.so <name omitted> widget/android/GeckoEditableSupport.cpp:890
1 libxul.so mozilla::widget::GeckoEditableSupport::FlushIMEChanges widget/android/GeckoEditableSupport.cpp:910
2 libxul.so mozilla::widget::GeckoEditableSupport::FlushIMEText widget/android/GeckoEditableSupport.cpp:930
3 libxul.so <name omitted> widget/android/GeckoEditableSupport.cpp:884
4 libxul.so mozilla::widget::GeckoEditableSupport::FlushIMEChanges widget/android/GeckoEditableSupport.cpp:910
5 libxul.so nsAppShell::LambdaEvent<>::Run widget/android/GeckoEditableSupport.cpp:791
6 libxul.so nsAppShell::ProcessNextNativeEvent widget/android/nsAppShell.cpp:732
7 libxul.so nsBaseAppShell::DoProcessNextNativeEvent widget/nsBaseAppShell.cpp:139
8 libxul.so nsBaseAppShell::OnProcessNextEvent widget/nsBaseAppShell.cpp:272
9 libxul.so <name omitted> widget/nsBaseAppShell.cpp

=============================================================

#2 top crash on the April 26 Nightly, with 9 crashes from 3 installs.
Still the #6 overall top crasher on Nightly.
:jchen is there something we can do to prevent this crash? Seems as if we had a similar issue back in Firefox 55.
Flags: needinfo?(nchen)
Assigning it to me, but without some STR it's difficult to track down these crashes.
Assignee: nobody → nchen
Status: NEW → ASSIGNED
Flags: needinfo?(nchen)
Update on this?
Flags: needinfo?(nchen)
I'm not actively working on this since there are no clear STR.
Flags: needinfo?(nchen)
Resolve with WFM then?
WFM implies that the issue went away on its own, which clearly isn't the case per recent reports on crash-stats. Not going to track for 61, though, since it's low-frequency and not looking very actionable at the moment.
Since we don't think this is currently actionable, not tracking for 62. If the crash volume increases on beta we can come back to this and try to get STR.
Crash Signature: [@ java.lang.IllegalArgumentException: invalid selection notification range at org.mozilla.gecko.GeckoEditableChild.onSelectionChange(GeckoEditableChild.java)] → [@ java.lang.IllegalArgumentException: invalid selection notification range at org.mozilla.gecko.GeckoEditableChild.onSelectionChange(GeckoEditableChild.java)] [@ java.lang.IllegalArgumentException: at org.mozilla.gecko.GeckoEditableChild.onSelectionChan…
STR:
Setup:
1) Go to https://addons.mozilla.org/firefox/addon/styl-us/
2) Ignore the "not available on your platform" warning and long-tap the "+ Add to Firefox" button
3) Select "Open Link in New Tab"
4) Tap "ALLOW" in "Blocked add-on" dialog
5) Tap "ADD" in "Add Stylus?" dialog
Actual STR:
6) Go to e.g. example.com (since AMO is blocked)
7) Open Browser menu
8) Select "Stylus" entry
9) Press "example.com" under "Write style for:"
10) In style-editing window type a "." in the textarea
11) Long-press in textarea to bring up context menu
12) Tap in textarea again
13) Crash

Wasn't immediately reproducible on codemirror.net, so not clear if the codemirror editor needs certain settings, or if it's an interaction with other code in the extension.
Flags: needinfo?(nchen)
This is currently the #2 overall top crash on Fennec nightly.
Keywords: topcrash
So the interesting part of CodeMirror seems to be the active-line plugin [1], combined with the contenteditable inputStyle [2].  I've been able to create a much-reduced testcase and STR:
1) Go to http://kwan.perix.co.uk/mozilla/fennecCrash/
2) Tap in the editor
3) Type "."
4) Long-press on the line with the "." to bring up a selection + context menu
5) Crash; else, Tap in editor again
6) Crash

CodeMirror's own demo page for the plugin [3] doesn't seem to repro as well, only managed it once.

[1] https://codemirror.net/doc/manual.html#addon_active-line
[2] https://codemirror.net/doc/manual.html#option_inputStyle
[3] https://codemirror.net/demo/activeline.html
Thank you for the detailed info, Ian! I'm no longer working on this bug unfortunately, but :m_kato may be interested.
Assignee: nchen → nobody
Status: ASSIGNED → NEW
Flags: needinfo?(nchen)
Actually I wrote a small patch that might help.
Assignee: nobody → jimnchen+bmo
Status: NEW → ASSIGNED
Sometimes, when recovering from an IME error, we get selection offsets
that are out of bounds. Limit the offsets in that case so we don't
crash.
Pushed by nchen@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4187b4408662
Limit selection offsets after recovering from IME error; r=esawin
https://hg.mozilla.org/mozilla-central/rev/4187b4408662
Status: ASSIGNED → RESOLVED
Closed: 9 months ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 65
Crash data on Nightly looks good so far. Can you please request Beta approval, Jim?
Flags: needinfo?(jimnchen+bmo)
Comment on attachment 9025274 [details]
Bug 1457273 - Limit selection offsets after recovering from IME error; r?esawin

[Beta/Release Uplift Approval Request]

Feature/Bug causing the regression: n/a

User impact if declined: Random crashes when inputting text

Is this code covered by automated tests?: No

Has the fix been verified in Nightly?: Yes

Needs manual test from QE?: No

If yes, steps to reproduce: 

List of other uplifts needed: None

Risk to taking this patch: Low

Why is the change risky/not risky? (and alternatives if risky): Crash fix only

String changes made/needed: n/a
Flags: needinfo?(jimnchen+bmo)
Attachment #9025274 - Flags: approval-mozilla-beta?
Comment on attachment 9025274 [details]
Bug 1457273 - Limit selection offsets after recovering from IME error; r?esawin

bug 1351170 made this not crash outside of nightly, afaict?
Attachment #9025274 - Flags: approval-mozilla-beta? → approval-mozilla-beta-
You need to log in before you can comment on or make changes to this bug.