Closed
Bug 725170
Opened 12 years ago
Closed 12 years ago
crash java [@ java.lang.IndexOutOfBoundsException: getChars (142793 ... 142794) ends beyond length 74889 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java) ]
Categories
(Firefox for Android Graveyard :: Keyboards and IME, defect, P1)
Tracking
(firefox14 fixed, firefox15 fixed, blocking-fennec1.0 +)
RESOLVED
FIXED
Firefox 13
People
(Reporter: kbrosnan, Assigned: cpeterson)
References
Details
(Keywords: crash, Whiteboard: [native-crash], str-wanted)
Crash Data
Attachments
(1 file)
3.64 KB,
patch
|
dougt
:
review+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-ec99b765-0fb0-4af3-9ecd-f1b252120202 . ============================================================= Someone with Java stack access please add it to this bug. Similar to bug 720092 however the build ID is after the fix for 720092 landed.
java.lang.IndexOutOfBoundsException: getChars (142793 ... 142794) ends beyond length 74889 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java:967) at android.text.SpannableStringBuilder.getChars(SpannableStringBuilder.java:871) at android.text.TextUtils.getChars(TextUtils.java:69) at android.text.TextUtils.substring(TextUtils.java:255) at android.view.inputmethod.BaseInputConnection.getTextBeforeCursor(BaseInputConnection.java:317) at com.android.internal.view.IInputConnectionWrapper.executeMessage(IInputConnectionWrapper.java:222) at com.android.internal.view.IInputConnectionWrapper$MyHandler.handleMessage(IInputConnectionWrapper.java:79) at android.os.Handler.dispatchMessage(Handler.java:99) at android.os.Looper.loop(Looper.java:130) at org.mozilla.gecko.GeckoApp$32.run(GeckoApp.java:1670) at android.os.Handler.handleCallback(Handler.java:587) at android.os.Handler.dispatchMessage(Handler.java:92) at android.os.Looper.loop(Looper.java:130) at android.app.ActivityThread.main(ActivityThread.java:3691) at java.lang.reflect.Method.invokeNative(Native Method) at java.lang.reflect.Method.invoke(Method.java:507) at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:912) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:670) at dalvik.system.NativeStart.main(Native Method) Need a range check to make sure length isn't greater than the difference?
Comment 2•12 years ago
|
||
This bug is of the same nature as bug 720092 - somewhere some string span gets garbage values. This time the crash is in a function, which we do not even override. I assume, nobody can reproduce it?
Updated•12 years ago
|
Whiteboard: [native-crash]
Not at this time.
Whiteboard: [native-crash] → [native-crash], str-wanted
https://crash-stats.mozilla.com/report/index/b9690c40-a98a-42f7-b180-ddc052120205 https://crash-stats.mozilla.com/report/index/4330aecc-7702-4857-9b9d-ad0a42120210 These 2 crashes seems to happen on Kindle Fire 20120205031129 20120202194935
Updated•12 years ago
|
Crash Signature: [@ java.lang.IndexOutOfBoundsException: getChars (142793 ... 142794) ends beyond length 74889 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java)] → [@ java.lang.IndexOutOfBoundsException: getChars (142793 ... 142794) ends beyond length 74889 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java)]
[@ java.lang.IndexOutOfBoundsException: getChars (65522 ... 2) has end before st…
Assignee | ||
Updated•12 years ago
|
Assignee: nobody → cpeterson
Updated•12 years ago
|
Priority: -- → P1
Updated•12 years ago
|
tracking-fennec: ? → ---
Assignee | ||
Comment 5•12 years ago
|
||
I think this bug should be a fennec-1.0 blocker because it's a crash. I believe this is actually an Android framework but, but I am testing a workaround now.
blocking-fennec1.0: --- → ?
Assignee | ||
Comment 6•12 years ago
|
||
I believe this crash is an Android framework bug [1] where a focus change can invalidate text selection offsets. I am unable to reproduce the crash myself, but the supposed workaround is the reset the selection offsets when the app regains focus in onResume(). A side effect of this patch is that any selected text will lose its selection when Fennec is hidden by another activity, such as another app or Fennec's Settings screen. In theory, this patch's workaround might make bug 720092's try/catch workaround unnecessary. [1] https://code.google.com/p/android/issues/detail?id=5164
Attachment #601062 -
Flags: review?(doug.turner)
Assignee | ||
Updated•12 years ago
|
Status: NEW → ASSIGNED
Updated•12 years ago
|
Attachment #601062 -
Flags: review?(doug.turner) → review+
Updated•12 years ago
|
Keywords: checkin-needed
Comment 7•12 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/d923ae85be05
Keywords: checkin-needed
Updated•12 years ago
|
Crash Signature: start at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java)]
[@ java.lang.IndexOutOfBoundsException: getChars (7 ... 8) ends beyond length 7 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java)] → start at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java)]
[@ java.lang.IndexOutOfBoundsException: getChars (7 ... 8) ends beyond length 7 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java)]
[@ java…
Comment 8•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/d923ae85be05
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 13
Comment 9•12 years ago
|
||
There is still one crash in 13.0a1/20120303: bp-3baaaf1b-215f-4c5a-a11f-995d32120304
Status: RESOLVED → REOPENED
Crash Signature: android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java) ] → android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java) ]
[@ java.lang.IndexOutOfBoundsException: getChars (64995 ... 483) has end before start at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java) ]
Resolution: FIXED → ---
Is https://crash-stats.mozilla.com/report/index/fe80b8ba-e5ec-4c3e-99c4-2d5172120304 the same crash? java.lang.IndexOutOfBoundsException: setSpan (4 ... 5) ends beyond length 2 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java:1016) at android.text.SpannableStringBuilder.setSpan(SpannableStringBuilder.java:543) at android.text.SpannableStringBuilder.setSpan(SpannableStringBuilder.java:535) at android.view.inputmethod.BaseInputConnection.setComposingRegion(BaseInputConnection.java:691) at org.mozilla.gecko.GeckoInputConnection.setComposingRegion(GeckoInputConnection.java:332) at com.android.internal.view.IInputConnectionWrapper.executeMessage(IInputConnectionWrapper.java:327) at com.android.internal.view.IInputConnectionWrapper$MyHandler.handleMessage(IInputConnectionWrapper.java:75) at android.os.Handler.dispatchMessage(Handler.java:99) at android.os.Looper.loop(Looper.java:130) at org.mozilla.gecko.GeckoApp$32.run(GeckoApp.java:1777) at android.os.Handler.handleCallback(Handler.java:587) at android.os.Handler.dispatchMessage(Handler.java:92) at android.os.Looper.loop(Looper.java:130) at android.app.ActivityThread.main(ActivityThread.java:3859) at java.lang.reflect.Method.invokeNative(Native Method) at java.lang.reflect.Method.invoke(Method.java:507) at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:840) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:598) at dalvik.system.NativeStart.main(Native Method)
Assignee | ||
Comment 12•12 years ago
|
||
@nhirata, yes, that crash is basically the same problem as this bug: SpannableStringBuilder.checkRange() finds an index greater than the length of the string.
blocking-fennec1.0: - → ?
Updated•12 years ago
|
Crash Signature: android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java) ]
[@ java.lang.IndexOutOfBoundsException: getChars (64995 ... 483) has end before start at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java) ] → android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java) ]
[@ java.lang.IndexOutOfBoundsException: getChars (64995 ... 483) has end before start at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java) ]
[@ java.…
Assignee | ||
Comment 13•12 years ago
|
||
Two Nightly crashes after my checkin: https://crash-stats.mozilla.com/report/index/3baaaf1b-215f-4c5a-a11f-995d32120304 https://crash-stats.mozilla.com/report/index/3fedfed1-1c93-4aa5-8787-ec95c2120305
Comment 15•12 years ago
|
||
It still crashes in 13.0a1/20120307: bp-28cb5938-ed29-48b5-8382-72b442120308
Comment 16•12 years ago
|
||
(In reply to Scoobidiver from comment #15) > It still crashes in 13.0a1/20120307: bp-28cb5938-ed29-48b5-8382-72b442120308 It looks like the patch at least reduced the issue. Scoobidiver, could you file another bug to track any remaining issues?
Status: REOPENED → RESOLVED
Closed: 12 years ago → 12 years ago
Resolution: --- → FIXED
Comment 17•12 years ago
|
||
(In reply to Brad Lassey [:blassey] from comment #16) > Scoobidiver, could you file another bug to track any remaining issues? I filed bug 734156.
Updated•12 years ago
|
Crash Signature: java.lang.IndexOutOfBoundsException: setSpan (4 ... 5) ends beyond length 2 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java) ] → java.lang.IndexOutOfBoundsException: setSpan (4 ... 5) ends beyond length 2 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java) ]
[@ java.lang.IndexOutOfBoundsException: setSpan (18 ... 20) ends beyond length 0 at android.text.…
Updated•12 years ago
|
blocking-fennec1.0: ? → +
Assignee | ||
Updated•12 years ago
|
Comment 18•12 years ago
|
||
Closing this as verified/fixed since was not reproduced for the last 4 weeks
Status: RESOLVED → VERIFIED
Comment 19•12 years ago
|
||
(In reply to Paul Feher from comment #18) > Closing this as verified/fixed since was not reproduced for the last 4 weeks There are 76 crashes over the last week: https://crash-stats.mozilla.com/query/query?product=FennecAndroid&version=ALL%3AALL&range_value=1&range_unit=weeks&query_search=signature&query_type=contains&query=android.text.SpannableStringBuilder.checkRange&reason=&do_query=1 They are tracked in bug 747629 and bug 760396.
Status: VERIFIED → RESOLVED
Closed: 12 years ago → 12 years ago
Updated•3 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•