Closed Bug 725170 Opened 12 years ago Closed 12 years ago

crash java [@ java.lang.IndexOutOfBoundsException: getChars (142793 ... 142794) ends beyond length 74889 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java) ]

Categories

(Firefox for Android Graveyard :: Keyboards and IME, defect, P1)

Product:
Firefox for Android Graveyard
Component:
Keyboards and IME
Platform:
ARM
Android
Type:
defect

Tracking

(firefox14 fixed, firefox15 fixed, blocking-fennec1.0 +)

Status:
RESOLVED FIXED
Milestone:
Firefox 13
Tracking Flags:
Tracking Status
firefox14 --- fixed
firefox15 --- fixed
blocking-fennec1.0 --- +

People

(Reporter: kbrosnan, Assigned: cpeterson)

References

Details

(Keywords: crash, Whiteboard: [native-crash], str-wanted)

Crash Data

Attachments

(1 file)

bug-725170-reset-ime-selection.patch
3.64 KB, patch
dougt
: review+
Details | Diff | Splinter Review 
This bug was filed from the Socorro interface and is 
report bp-ec99b765-0fb0-4af3-9ecd-f1b252120202 .
============================================================= 

Someone with Java stack access please add it to this bug. Similar to bug 720092 however the build ID is after the fix for 720092 landed.
java.lang.IndexOutOfBoundsException: getChars (142793 ... 142794) ends beyond length 74889
	at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java:967)
	at android.text.SpannableStringBuilder.getChars(SpannableStringBuilder.java:871)
	at android.text.TextUtils.getChars(TextUtils.java:69)
	at android.text.TextUtils.substring(TextUtils.java:255)
	at android.view.inputmethod.BaseInputConnection.getTextBeforeCursor(BaseInputConnection.java:317)
	at com.android.internal.view.IInputConnectionWrapper.executeMessage(IInputConnectionWrapper.java:222)
	at com.android.internal.view.IInputConnectionWrapper$MyHandler.handleMessage(IInputConnectionWrapper.java:79)
	at android.os.Handler.dispatchMessage(Handler.java:99)
	at android.os.Looper.loop(Looper.java:130)
	at org.mozilla.gecko.GeckoApp$32.run(GeckoApp.java:1670)
	at android.os.Handler.handleCallback(Handler.java:587)
	at android.os.Handler.dispatchMessage(Handler.java:92)
	at android.os.Looper.loop(Looper.java:130)
	at android.app.ActivityThread.main(ActivityThread.java:3691)
	at java.lang.reflect.Method.invokeNative(Native Method)
	at java.lang.reflect.Method.invoke(Method.java:507)
	at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:912)
	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:670)
	at dalvik.system.NativeStart.main(Native Method)

Need a range check to make sure length isn't greater than the difference?
This bug is of the same nature as bug 720092 - somewhere some string span gets garbage values. This time the crash is in a function, which we do not even override.

I assume, nobody can reproduce it?
Whiteboard: [native-crash]
Not at this time.
Whiteboard: [native-crash] → [native-crash], str-wanted
Crash Signature: [@ java.lang.IndexOutOfBoundsException: getChars (142793 ... 142794) ends beyond length 74889 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java)] → [@ java.lang.IndexOutOfBoundsException: getChars (142793 ... 142794) ends beyond length 74889 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java)] [@ java.lang.IndexOutOfBoundsException: getChars (65522 ... 2) has end before st…
Assignee: nobody → cpeterson
Priority: -- → P1
tracking-fennec: ? → ---
I think this bug should be a fennec-1.0 blocker because it's a crash. I believe this is actually an Android framework but, but I am testing a workaround now.
blocking-fennec1.0: --- → ?
I believe this crash is an Android framework bug [1] where a focus change can invalidate text selection offsets. I am unable to reproduce the crash myself, but the supposed workaround is the reset the selection offsets when the app regains focus in onResume(). A side effect of this patch is that any selected text will lose its selection when Fennec is hidden by another activity, such as another app or Fennec's Settings screen.

In theory, this patch's workaround might make bug 720092's try/catch workaround unnecessary.

[1] https://code.google.com/p/android/issues/detail?id=5164
Attachment #601062 - Flags: review?(doug.turner)
Status: NEW → ASSIGNED
Attachment #601062 - Flags: review?(doug.turner) → review+
Keywords: checkin-needed
Crash Signature: start at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java)] [@ java.lang.IndexOutOfBoundsException: getChars (7 ... 8) ends beyond length 7 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java)] → start at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java)] [@ java.lang.IndexOutOfBoundsException: getChars (7 ... 8) ends beyond length 7 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java)] [@ java…
https://hg.mozilla.org/mozilla-central/rev/d923ae85be05
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 13
There is still one crash in 13.0a1/20120303: bp-3baaaf1b-215f-4c5a-a11f-995d32120304
Status: RESOLVED → REOPENED
Crash Signature: android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java) ] → android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java) ] [@ java.lang.IndexOutOfBoundsException: getChars (64995 ... 483) has end before start at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java) ]
Resolution: FIXED → ---
not blocking for 1 crash report
blocking-fennec1.0: ? → -
Is https://crash-stats.mozilla.com/report/index/fe80b8ba-e5ec-4c3e-99c4-2d5172120304 the same crash?

java.lang.IndexOutOfBoundsException: setSpan (4 ... 5) ends beyond length 2
	at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java:1016)
	at android.text.SpannableStringBuilder.setSpan(SpannableStringBuilder.java:543)
	at android.text.SpannableStringBuilder.setSpan(SpannableStringBuilder.java:535)
	at android.view.inputmethod.BaseInputConnection.setComposingRegion(BaseInputConnection.java:691)
	at org.mozilla.gecko.GeckoInputConnection.setComposingRegion(GeckoInputConnection.java:332)
	at com.android.internal.view.IInputConnectionWrapper.executeMessage(IInputConnectionWrapper.java:327)
	at com.android.internal.view.IInputConnectionWrapper$MyHandler.handleMessage(IInputConnectionWrapper.java:75)
	at android.os.Handler.dispatchMessage(Handler.java:99)
	at android.os.Looper.loop(Looper.java:130)
	at org.mozilla.gecko.GeckoApp$32.run(GeckoApp.java:1777)
	at android.os.Handler.handleCallback(Handler.java:587)
	at android.os.Handler.dispatchMessage(Handler.java:92)
	at android.os.Looper.loop(Looper.java:130)
	at android.app.ActivityThread.main(ActivityThread.java:3859)
	at java.lang.reflect.Method.invokeNative(Native Method)
	at java.lang.reflect.Method.invoke(Method.java:507)
	at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:840)
	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:598)
	at dalvik.system.NativeStart.main(Native Method)
@nhirata, yes, that crash is basically the same problem as this bug: SpannableStringBuilder.checkRange() finds an index greater than the length of the string.
blocking-fennec1.0: - → ?
Crash Signature: android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java) ] [@ java.lang.IndexOutOfBoundsException: getChars (64995 ... 483) has end before start at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java) ] → android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java) ] [@ java.lang.IndexOutOfBoundsException: getChars (64995 ... 483) has end before start at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java) ] [@ java.…
It still crashes in 13.0a1/20120307: bp-28cb5938-ed29-48b5-8382-72b442120308
(In reply to Scoobidiver from comment #15)
> It still crashes in 13.0a1/20120307: bp-28cb5938-ed29-48b5-8382-72b442120308

It looks like the patch at least reduced the issue. Scoobidiver, could you file another bug to track any remaining issues?
Status: REOPENED → RESOLVED
Closed: 12 years ago12 years ago
Resolution: --- → FIXED
(In reply to Brad Lassey [:blassey] from comment #16)
> Scoobidiver, could you file another bug to track any remaining issues?
I filed bug 734156.
Crash Signature: java.lang.IndexOutOfBoundsException: setSpan (4 ... 5) ends beyond length 2 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java) ] → java.lang.IndexOutOfBoundsException: setSpan (4 ... 5) ends beyond length 2 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java) ] [@ java.lang.IndexOutOfBoundsException: setSpan (18 ... 20) ends beyond length 0 at android.text.…
blocking-fennec1.0: ? → +
status-firefox14: --- → fixed
status-firefox15: --- → fixed
Component: General → IME
Closing this as verified/fixed since was not reproduced for the last 4 weeks
Status: RESOLVED → VERIFIED
(In reply to Paul Feher from comment #18)
> Closing this as verified/fixed since was not reproduced for the last 4 weeks
There are 76 crashes over the last week: https://crash-stats.mozilla.com/query/query?product=FennecAndroid&version=ALL%3AALL&range_value=1&range_unit=weeks&query_search=signature&query_type=contains&query=android.text.SpannableStringBuilder.checkRange&reason=&do_query=1

They are tracked in bug 747629 and bug 760396.
Status: VERIFIED → RESOLVED
Closed: 12 years ago12 years ago
Blocks: 772225
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: