Closed Bug 663445 Opened 13 years ago Closed 13 years ago

[Java][SwiftKey] StringIndexOutOfBoundsException in String.substring() via GeckoInputConnection.getExtractedText

Tracking

(firefox5 affected, firefox6 fixed, fennec6+)

Status:

VERIFIED FIXED

Milestone:

Firefox 6

Tracking Flags:

Tracking

Status

firefox5

---

affected

firefox6

---

fixed

fennec

---

People

(Reporter: mfinkle, Assigned: cwiiis)

References

Details

(Keywords: crash, verified-aurora)

Attachments

(1 file)

Validate the values given to String::subSequence 13 years ago Chris Lord [:cwiiis] 842 bytes, patch	mwu : review+ mfinkle : approval-mozilla-aurora+	Details \| Diff \| Splinter Review

Mark Finkle (:mfinkle) (use needinfo?)

Reporter

Description

•

13 years ago

Crash Stacks:
v5.0Jun 9, 2011 2:52:13 PM 8 reports 
--------------------------------------------------------------------------------

java.lang.StringIndexOutOfBoundsException
at java.lang.String.substring(String.java:1579)
at java.lang.String.subSequence(String.java:2086)
at org.mozilla.gecko.GeckoInputConnection.getExtractedText(GeckoInputConnection.java:276)
at com.android.internal.view.IInputConnectionWrapper.executeMessage(IInputConnectionWrapper.java:282)
at com.android.internal.view.IInputConnectionWrapper$MyHandler.handleMessage(IInputConnectionWrapper.java:84)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loop(Looper.java:143)
at android.app.ActivityThread.main(ActivityThread.java:5073)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:521)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:858)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616)
at dalvik.system.NativeStart.main(Native Method)

--------------------------------------------------------------------------------

v5.0Jun 7, 2011 8:38:08 PM 5 reports 
--------------------------------------------------------------------------------

java.lang.StringIndexOutOfBoundsException
at java.lang.String.substring(String.java:1579)
at java.lang.String.subSequence(String.java:2086)
at org.mozilla.gecko.GeckoInputConnection.getExtractedText(GeckoInputConnection.java:276)
at com.android.internal.view.IInputConnectionWrapper.executeMessage(IInputConnectionWrapper.java:234)
at com.android.internal.view.IInputConnectionWrapper$MyHandler.handleMessage(IInputConnectionWrapper.java:73)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loop(Looper.java:143)
at android.app.ActivityThread.main(ActivityThread.java:4701)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:521)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:860)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:618)
at dalvik.system.NativeStart.main(Native Method)

--------------------------------------------------------------------------------

Jun 5, 2011 6:49:02 PM 3reports 
--------------------------------------------------------------------------------

java.lang.StringIndexOutOfBoundsException
at java.lang.String.substring(String.java:1579)
at java.lang.String.subSequence(String.java:2086)
at org.mozilla.gecko.GeckoInputConnection.getExtractedText(GeckoInputConnection.java:276)
at com.android.internal.view.IInputConnectionWrapper.executeMessage(IInputConnectionWrapper.java:282)
at com.android.internal.view.IInputConnectionWrapper$MyHandler.handleMessage(IInputConnectionWrapper.java:84)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loop(Looper.java:143)
at android.app.ActivityThread.main(ActivityThread.java:5068)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:521)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:858)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616)
at dalvik.system.NativeStart.main(Native Method)

--------------------------------------------------------------------------------

Jun 4, 2011 11:30:44 PM 2reports 
--------------------------------------------------------------------------------

java.lang.StringIndexOutOfBoundsException
at java.lang.String.substring(String.java:1579)
at java.lang.String.subSequence(String.java:2086)
at org.mozilla.gecko.GeckoInputConnection.getExtractedText(GeckoInputConnection.java:276)
at com.android.internal.view.IInputConnectionWrapper.executeMessage(IInputConnectionWrapper.java:234)
at com.android.internal.view.IInputConnectionWrapper$MyHandler.handleMessage(IInputConnectionWrapper.java:73)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loop(Looper.java:144)
at android.app.ActivityThread.main(ActivityThread.java:4937)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:521)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:868)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:626)
at dalvik.system.NativeStart.main(Native Method)

--------------------------------------------------------------------------------

May 25, 2011 4:04:04 PM 1reports 
--------------------------------------------------------------------------------

java.lang.StringIndexOutOfBoundsException
at java.lang.String.substring(String.java:1579)
at java.lang.String.subSequence(String.java:2086)
at org.mozilla.gecko.GeckoInputConnection.getExtractedText(GeckoInputConnection.java:276)
at com.android.internal.view.IInputConnectionWrapper.executeMessage(IInputConnectionWrapper.java:244)
at com.android.internal.view.IInputConnectionWrapper$MyHandler.handleMessage(IInputConnectionWrapper.java:77)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loop(Looper.java:123)
at android.app.ActivityThread.main(ActivityThread.java:4627)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:521)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:858)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616)
at dalvik.system.NativeStart.main(Native Method)


User Messages:

Jun 2, 2011 4:45:36 PM 5.0 crashed
May 29, 2011 8:19:22 AM 5.0 random force close
May 28, 2011 1:20:03 AM 5.0 cursor hops around and changes text.
May 21, 2011 2:49:22 AM 5.0 repeatedly crashing when I try to enter text into data fields
May 21, 2011 1:51:14 AM 5.0 force close on SwiftKey
May 21, 2011 1:41:35 AM5.0foreclosures on SwiftKey

Mark Finkle (:mfinkle) (use needinfo?)

Reporter

Updated

•

13 years ago

Keywords: crash

Matt Brubeck (:mbrubeck)

Updated

•

13 years ago

tracking-fennec: --- → ?

status-firefox5: --- → affected

OS: Windows 7 → Android

Hardware: x86 → ARM

Summary: [Java] StringIndexOutOfBoundsException in String.substring() → [Java] StringIndexOutOfBoundsException in String.substring() via GeckoInputConnection.getExtractedText

Mark Finkle (:mfinkle) (use needinfo?)

Reporter

Updated

•

13 years ago

Version: Trunk → Firefox 5

Brad Lassey [:blassey] (use needinfo?)

Updated

•

13 years ago

Summary: [Java] StringIndexOutOfBoundsException in String.substring() via GeckoInputConnection.getExtractedText → [Java][SwiftKey] StringIndexOutOfBoundsException in String.substring() via GeckoInputConnection.getExtractedText

Josh Matthews [:jdm]

Comment 1

•

13 years ago

Presumably we can avoid this by taking the subsequence from 0..Math.min(extract.text.length(), mCompositionStart) instead of 0..mCompositionStart as we do currently.

Chris Lord [:cwiiis]

Assignee

Comment 2

•

13 years ago

Attached patch Validate the values given to String::subSequence — Details — Splinter Review

Patch that does as is suggested in comment #1 - I don't see any exceptions using SwiftKey with this patch applied.

Attachment #539203 - Flags: review?(mwu)

Doug Turner (:dougt)

Updated

•

13 years ago

tracking-fennec: ? → 6+

Doug Turner (:dougt)

Updated

•

13 years ago

Assignee: nobody → chrislord.net

Michael Wu [:mwu]

Updated

•

13 years ago

Attachment #539203 - Flags: review?(mwu) → review+

Doug Turner (:dougt)

Comment 4

•

13 years ago

http://hg.mozilla.org/mozilla-central/rev/bbc683dcf952

Doug Turner (:dougt)

Updated

•

13 years ago

Attachment #539203 - Flags: approval-mozilla-aurora?

Mark Finkle (:mfinkle) (use needinfo?)

Reporter

Comment 5

•

13 years ago

Comment on attachment 539203 [details] [diff] [review]
Validate the values given to String::subSequence

Android only fix. It fixes the top Android/Java crasher in Fennec 5. Getting it on Fennec 6 is a great idea.

Let it bake on nightly a few days before pushing

Attachment #539203 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+

Mark Finkle (:mfinkle) (use needinfo?)

Reporter

Updated

•

13 years ago

Status: NEW → RESOLVED

Closed: 13 years ago

status-firefox6: --- → affected

Resolution: --- → FIXED

Doug Turner (:dougt)

Comment 6

•

13 years ago

http://hg.mozilla.org/releases/mozilla-aurora/rev/9f1c1e3b1e9c

status-firefox6: affected → fixed

Naoki Hirata :nhirata (please use needinfo instead of cc)

Comment 7

•

13 years ago

Can't seem to repro crash

Kevin Brosnan [Ex-Mozilla]

Updated

•

13 years ago

Target Milestone: --- → Firefox 6

Aaron Train [:aaronmt]

Comment 8

•

13 years ago

(In reply to comment #4)
> http://hg.mozilla.org/mozilla-central/rev/bbc683dcf952

Verified Fixed
Mozilla/5.0 (Android; Linux armv7l; rv:7.0a1) Gecko/20110630 Firefox/7.0a1 Fennec/7.0a1

(In reply to comment #6)
> http://hg.mozilla.org/releases/mozilla-aurora/rev/9f1c1e3b1e9c

Verified Fixed
Mozilla/5.0 (Android; Linux armv7l; rv:6.0a2) Gecko/20110630 Firefox/6.0a2 Fennec/6.0a2

Status: RESOLVED → VERIFIED

Keywords: verified-aurora

Scoobidiver (away)

Updated

•

13 years ago

Severity: normal → critical

You need to log in before you can comment on or make changes to this bug.