crash java [@ java.lang.IndexOutOfBoundsException: getChars (142793 ... 142794) ends beyond length 74889 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java) ]

RESOLVED FIXED in Firefox 14

Status

()

Firefox for Android
Keyboards and IME
P1
critical
RESOLVED FIXED
6 years ago
5 years ago

People

(Reporter: kbrosnan, Assigned: cpeterson)

Tracking

({crash})

Trunk
Firefox 13
ARM
Android
crash
Points:
---

Firefox Tracking Flags

(firefox14 fixed, firefox15 fixed, blocking-fennec1.0 +)

Details

(Whiteboard: [native-crash], str-wanted, crash signature)

Attachments

(1 attachment)

(Reporter)

Description

6 years ago
This bug was filed from the Socorro interface and is 
report bp-ec99b765-0fb0-4af3-9ecd-f1b252120202 .
============================================================= 

Someone with Java stack access please add it to this bug. Similar to bug 720092 however the build ID is after the fix for 720092 landed.
java.lang.IndexOutOfBoundsException: getChars (142793 ... 142794) ends beyond length 74889
	at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java:967)
	at android.text.SpannableStringBuilder.getChars(SpannableStringBuilder.java:871)
	at android.text.TextUtils.getChars(TextUtils.java:69)
	at android.text.TextUtils.substring(TextUtils.java:255)
	at android.view.inputmethod.BaseInputConnection.getTextBeforeCursor(BaseInputConnection.java:317)
	at com.android.internal.view.IInputConnectionWrapper.executeMessage(IInputConnectionWrapper.java:222)
	at com.android.internal.view.IInputConnectionWrapper$MyHandler.handleMessage(IInputConnectionWrapper.java:79)
	at android.os.Handler.dispatchMessage(Handler.java:99)
	at android.os.Looper.loop(Looper.java:130)
	at org.mozilla.gecko.GeckoApp$32.run(GeckoApp.java:1670)
	at android.os.Handler.handleCallback(Handler.java:587)
	at android.os.Handler.dispatchMessage(Handler.java:92)
	at android.os.Looper.loop(Looper.java:130)
	at android.app.ActivityThread.main(ActivityThread.java:3691)
	at java.lang.reflect.Method.invokeNative(Native Method)
	at java.lang.reflect.Method.invoke(Method.java:507)
	at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:912)
	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:670)
	at dalvik.system.NativeStart.main(Native Method)

Need a range check to make sure length isn't greater than the difference?
This bug is of the same nature as bug 720092 - somewhere some string span gets garbage values. This time the crash is in a function, which we do not even override.

I assume, nobody can reproduce it?

Updated

6 years ago
Whiteboard: [native-crash]
Not at this time.
Whiteboard: [native-crash] → [native-crash], str-wanted
https://crash-stats.mozilla.com/report/index/b9690c40-a98a-42f7-b180-ddc052120205
https://crash-stats.mozilla.com/report/index/4330aecc-7702-4857-9b9d-ad0a42120210

These 2 crashes seems to happen on Kindle Fire

20120205031129
20120202194935
Crash Signature: [@ java.lang.IndexOutOfBoundsException: getChars (142793 ... 142794) ends beyond length 74889 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java)] → [@ java.lang.IndexOutOfBoundsException: getChars (142793 ... 142794) ends beyond length 74889 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java)] [@ java.lang.IndexOutOfBoundsException: getChars (65522 ... 2) has end be…
(Assignee)

Updated

5 years ago
Assignee: nobody → cpeterson

Updated

5 years ago
Priority: -- → P1

Updated

5 years ago
tracking-fennec: ? → ---
(Assignee)

Comment 5

5 years ago
I think this bug should be a fennec-1.0 blocker because it's a crash. I believe this is actually an Android framework but, but I am testing a workaround now.
blocking-fennec1.0: --- → ?
(Assignee)

Comment 6

5 years ago
Created attachment 601062 [details] [diff] [review]
bug-725170-reset-ime-selection.patch

I believe this crash is an Android framework bug [1] where a focus change can invalidate text selection offsets. I am unable to reproduce the crash myself, but the supposed workaround is the reset the selection offsets when the app regains focus in onResume(). A side effect of this patch is that any selected text will lose its selection when Fennec is hidden by another activity, such as another app or Fennec's Settings screen.

In theory, this patch's workaround might make bug 720092's try/catch workaround unnecessary.

[1] https://code.google.com/p/android/issues/detail?id=5164
Attachment #601062 - Flags: review?(doug.turner)
(Assignee)

Updated

5 years ago
Status: NEW → ASSIGNED

Updated

5 years ago
Attachment #601062 - Flags: review?(doug.turner) → review+

Updated

5 years ago
Keywords: checkin-needed
https://hg.mozilla.org/integration/mozilla-inbound/rev/d923ae85be05
Keywords: checkin-needed

Updated

5 years ago
Crash Signature: [@ java.lang.IndexOutOfBoundsException: getChars (142793 ... 142794) ends beyond length 74889 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java)] [@ java.lang.IndexOutOfBoundsException: getChars (65522 ... 2) has end be… → [@ java.lang.IndexOutOfBoundsException: getChars (142793 ... 142794) ends beyond length 74889 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java)] [@ java.lang.IndexOutOfBoundsException: getChars (65522 ... 2) has end be…
https://hg.mozilla.org/mozilla-central/rev/d923ae85be05
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 13

Comment 9

5 years ago
There is still one crash in 13.0a1/20120303: bp-3baaaf1b-215f-4c5a-a11f-995d32120304
Status: RESOLVED → REOPENED
Crash Signature: [@ java.lang.IndexOutOfBoundsException: getChars (142793 ... 142794) ends beyond length 74889 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java)] [@ java.lang.IndexOutOfBoundsException: getChars (65522 ... 2) has end be… → [@ java.lang.IndexOutOfBoundsException: getChars (142793 ... 142794) ends beyond length 74889 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java)] [@ java.lang.IndexOutOfBoundsException: getChars (65522 ... 2) has end be…
Resolution: FIXED → ---
not blocking for 1 crash report
blocking-fennec1.0: ? → -
Is https://crash-stats.mozilla.com/report/index/fe80b8ba-e5ec-4c3e-99c4-2d5172120304 the same crash?

java.lang.IndexOutOfBoundsException: setSpan (4 ... 5) ends beyond length 2
	at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java:1016)
	at android.text.SpannableStringBuilder.setSpan(SpannableStringBuilder.java:543)
	at android.text.SpannableStringBuilder.setSpan(SpannableStringBuilder.java:535)
	at android.view.inputmethod.BaseInputConnection.setComposingRegion(BaseInputConnection.java:691)
	at org.mozilla.gecko.GeckoInputConnection.setComposingRegion(GeckoInputConnection.java:332)
	at com.android.internal.view.IInputConnectionWrapper.executeMessage(IInputConnectionWrapper.java:327)
	at com.android.internal.view.IInputConnectionWrapper$MyHandler.handleMessage(IInputConnectionWrapper.java:75)
	at android.os.Handler.dispatchMessage(Handler.java:99)
	at android.os.Looper.loop(Looper.java:130)
	at org.mozilla.gecko.GeckoApp$32.run(GeckoApp.java:1777)
	at android.os.Handler.handleCallback(Handler.java:587)
	at android.os.Handler.dispatchMessage(Handler.java:92)
	at android.os.Looper.loop(Looper.java:130)
	at android.app.ActivityThread.main(ActivityThread.java:3859)
	at java.lang.reflect.Method.invokeNative(Native Method)
	at java.lang.reflect.Method.invoke(Method.java:507)
	at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:840)
	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:598)
	at dalvik.system.NativeStart.main(Native Method)
(Assignee)

Comment 12

5 years ago
@nhirata, yes, that crash is basically the same problem as this bug: SpannableStringBuilder.checkRange() finds an index greater than the length of the string.
blocking-fennec1.0: - → ?
Crash Signature: [@ java.lang.IndexOutOfBoundsException: getChars (142793 ... 142794) ends beyond length 74889 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java)] [@ java.lang.IndexOutOfBoundsException: getChars (65522 ... 2) has end be… → [@ java.lang.IndexOutOfBoundsException: getChars (142793 ... 142794) ends beyond length 74889 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java)] [@ java.lang.IndexOutOfBoundsException: getChars (65522 ... 2) has end be…
(Assignee)

Comment 13

5 years ago
Two Nightly crashes after my checkin:
https://crash-stats.mozilla.com/report/index/3baaaf1b-215f-4c5a-a11f-995d32120304
https://crash-stats.mozilla.com/report/index/3fedfed1-1c93-4aa5-8787-ec95c2120305
(Assignee)

Updated

5 years ago
Duplicate of this bug: 663930

Comment 15

5 years ago
It still crashes in 13.0a1/20120307: bp-28cb5938-ed29-48b5-8382-72b442120308
(In reply to Scoobidiver from comment #15)
> It still crashes in 13.0a1/20120307: bp-28cb5938-ed29-48b5-8382-72b442120308

It looks like the patch at least reduced the issue. Scoobidiver, could you file another bug to track any remaining issues?
Status: REOPENED → RESOLVED
Last Resolved: 5 years ago5 years ago
Resolution: --- → FIXED

Comment 17

5 years ago
(In reply to Brad Lassey [:blassey] from comment #16)
> Scoobidiver, could you file another bug to track any remaining issues?
I filed bug 734156.
Crash Signature: [@ java.lang.IndexOutOfBoundsException: getChars (142793 ... 142794) ends beyond length 74889 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java)] [@ java.lang.IndexOutOfBoundsException: getChars (65522 ... 2) has end be… → [@ java.lang.IndexOutOfBoundsException: getChars (142793 ... 142794) ends beyond length 74889 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java)] [@ java.lang.IndexOutOfBoundsException: getChars (65522 ... 2) has end be…

Updated

5 years ago
blocking-fennec1.0: ? → +
(Assignee)

Updated

5 years ago
status-firefox14: --- → fixed
status-firefox15: --- → fixed
Component: General → IME

Comment 18

5 years ago
Closing this as verified/fixed since was not reproduced for the last 4 weeks
Status: RESOLVED → VERIFIED

Comment 19

5 years ago
(In reply to Paul Feher from comment #18)
> Closing this as verified/fixed since was not reproduced for the last 4 weeks
There are 76 crashes over the last week: https://crash-stats.mozilla.com/query/query?product=FennecAndroid&version=ALL%3AALL&range_value=1&range_unit=weeks&query_search=signature&query_type=contains&query=android.text.SpannableStringBuilder.checkRange&reason=&do_query=1

They are tracked in bug 747629 and bug 760396.
Status: VERIFIED → RESOLVED
Last Resolved: 5 years ago5 years ago
(Assignee)

Updated

5 years ago
Blocks: 772225
You need to log in before you can comment on or make changes to this bug.