Closed
Bug 721654
Opened 8 years ago
Closed 8 years ago
Crash in mozilla::AndroidBridge::HandleGeckoMessage
Categories
(Core :: Widget: Android, defect, P1, critical)
Tracking
()
VERIFIED
FIXED
mozilla14
People
(Reporter: scoobidiver, Assigned: blassey)
References
Details
(Keywords: crash, reproducible, Whiteboard: [native-crash])
Crash Data
Attachments
(3 files)
676 bytes,
patch
|
kats
:
review+
|
Details | Diff | Splinter Review |
3.82 KB,
patch
|
kats
:
review+
|
Details | Diff | Splinter Review |
16.74 KB,
text/plain
|
Details |
It first appeared in 12.0a1/20120117 and 11.0a2/20120121. It's #17 top crasher in 11.0a2 and #26 in 12.0a1. bp-803f9ce1-9362-4161-8fc0-0c1522120126 Frame Module Signature Source 0 libdvm.so dvmStringLen 1 libdvm.so JNI_CreateJavaVM 2 libxul.so mozilla::nsJNIString::nsJNIString jni.h:834 3 libxul.so mozilla::AndroidBridge::HandleGeckoMessage widget/android/AndroidBridge.cpp:1309 4 libxul.so nsAndroidBridge::HandleGeckoMessage widget/android/AndroidBridge.cpp:1605 5 libxul.so NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/unix/xptcinvoke_arm.cpp:194 6 libxul.so XPCWrappedNative::CallMethod js/xpconnect/src/XPCWrappedNative.cpp:2895 7 libxul.so XPC_WN_CallMethod js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1539 8 libxul.so js::Interpret js/src/jscntxtinlines.h:311 9 libxul.so js::RunScript js/src/jsinterp.cpp:475 10 libxul.so js::Invoke js/src/jsinterp.cpp:538 11 libxul.so JS_CallFunctionValue js/src/jsapi.cpp:5460 12 libxul.so nsXPCWrappedJSClass::CallMethod js/xpconnect/src/XPCWrappedJSClass.cpp:1510 13 libxul.so nsXPCWrappedJS::CallMethod js/xpconnect/src/XPCWrappedJS.cpp:617 14 libxul.so PrepareAndDispatch xpcom/reflect/xptcall/src/md/unix/xptcstubs_arm.cpp:138 ... More reports at: https://crash-stats.mozilla.com/report/list?signature=dvmStringLen%20|%20JNI_CreateJavaVM%20|%20mozilla%3A%3AnsJNIString%3A%3AnsJNIString
https://crash-stats.mozilla.com/report/index/6d7f2ddf-a726-4288-ac72-0225f2120128 shows a crash on HTC Desire w/ web page : URL http://www.4players.de/ w/ 20120126031113 nightly https://crash-stats.mozilla.com/report/index/8dc0e5c8-682e-4815-b041-dd55f2120124 http://www.shakespearetavern.com/ with build : aurora 20120123042009 on a droid x Earliest I see this crash in Soccoro: 20120111031049
Updated•8 years ago
|
tracking-fennec: --- → ?
Updated•8 years ago
|
Priority: -- → P1
Updated•8 years ago
|
tracking-fennec: ? → ---
Reporter | ||
Updated•8 years ago
|
Crash Signature: [@ dvmStringLen | JNI_CreateJavaVM | mozilla::nsJNIString::nsJNIString] → [@ dvmStringLen | JNI_CreateJavaVM | mozilla::nsJNIString::nsJNIString]
[@ dvmAbort | dvmLookupClass]
[@ mozilla::nsJNIString::nsJNIString]
status-firefox11:
affected → ---
status-firefox12:
affected → ---
Component: General → Widget: Android
Keywords: regression
Product: Fennec Native → Core
QA Contact: general → android
Summary: Crash in mozilla::AndroidBridge::HandleGeckoMessage @ dvmStringLen | JNI_CreateJavaVM | mozilla::nsJNIString::nsJNIString → Crash in mozilla::AndroidBridge::HandleGeckoMessage
Reporter | ||
Updated•8 years ago
|
Crash Signature: [@ dvmStringLen | JNI_CreateJavaVM | mozilla::nsJNIString::nsJNIString]
[@ dvmAbort | dvmLookupClass]
[@ mozilla::nsJNIString::nsJNIString] → [@ dvmStringLen | JNI_CreateJavaVM | mozilla::nsJNIString::nsJNIString]
[@ dvmAbort | dvmLookupClass]
[@ mozilla::nsJNIString::nsJNIString]
[@ mozilla::AndroidBridge::HandleGeckoMessage]
Reporter | ||
Updated•8 years ago
|
Crash Signature: [@ dvmStringLen | JNI_CreateJavaVM | mozilla::nsJNIString::nsJNIString]
[@ dvmAbort | dvmLookupClass]
[@ mozilla::nsJNIString::nsJNIString]
[@ mozilla::AndroidBridge::HandleGeckoMessage] → [@ dvmStringLen | JNI_CreateJavaVM | mozilla::nsJNIString::nsJNIString]
[@ dvmAbort | dvmLookupClass]
[@ dvmAbort | JNI_CreateJavaVM | JNI_CreateJavaVM | mozilla::AndroidBridge::HandleGeckoMessage]
[@ mozilla::nsJNIString::nsJNIString]
[@ mozilla::And…
Comment 3•8 years ago
|
||
I got this crash twice now after a while with this testcase: http://people.mozilla.com/~mwargers/tests/videos/interrogation_winopenclose.htm Tap on the button, it opens a bunch of windows. After 10 seconds, Fennec will block the windows, make sure that you choose "Always show" to let the testcase run indefinetely. Then, reload the page and tap on the button again. After 5 minutes or so, I got a crash. https://crash-stats.mozilla.com/report/index/bp-74329974-1413-4428-8e35-638432120416 This was on the HTC Desire HD.
Comment 4•8 years ago
|
||
Perhaps, with the str it might be possible to get this fixed (if it reproduces for others too).
blocking-fennec1.0: --- → ?
Reporter | ||
Updated•8 years ago
|
Keywords: reproducible
Assignee | ||
Updated•8 years ago
|
Assignee: nobody → blassey.bugs
blocking-fennec1.0: ? → +
Assignee | ||
Comment 5•8 years ago
|
||
Attachment #615470 -
Flags: review?(bugmail.mozilla)
Attachment #615470 -
Flags: review?(bugmail.mozilla) → review+
Assignee | ||
Comment 6•8 years ago
|
||
this generally makes me not want to allow creating an nsJNIString without passing a JNIEnv, here's a patch to remove that possibility.
Attachment #615500 -
Flags: review?(bugmail.mozilla)
Attachment #615500 -
Flags: review?(bugmail.mozilla) → review+
Assignee | ||
Comment 7•8 years ago
|
||
with this patch, these STR still crash the browser, but now it is fairly strait forward OOM it look like we're leaking ReadWriteDirectByteBuffers, which are a subclass of ByteBuffer
Comment 8•8 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/8c3acc122469 https://hg.mozilla.org/mozilla-central/rev/fbcc959f5616
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla14
Comment 10•8 years ago
|
||
(In reply to Brad Lassey [:blassey] from comment #7) > Created attachment 615595 [details] > new OOM crash > > with this patch, these STR still crash the browser, but now it is fairly > strait forward OOM it look like we're leaking ReadWriteDirectByteBuffers, > which are a subclass of ByteBuffer I filed bug 751588 for this.
Comment 11•8 years ago
|
||
This crash doesn't occur anymore on the latest Nightly and Aurora builds, if suggestions from comment #3 are followed. Closing bug as verified fixed on: Firefox 15.0a1 (2012-05-29) Firefox 14.0a2 (2012-05-29) Device: Galaxy Nexus OS: Android 4.0.2
You need to log in
before you can comment on or make changes to this bug.
Description
•