Closed Bug 749917 Opened 13 years ago Closed 12 years ago

crash in mozilla::AndroidBridge::CheckURIVisited

Categories

(Core Graveyard :: Widget: Android, defect)

Product:
Core Graveyard
Component:
Widget: Android
Platform:
ARM
Android
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
mozilla16

People

(Reporter: scoobidiver, Assigned: blassey)

References

Details

(Keywords: crash, intermittent-failure, qawanted, Whiteboard: [native-crash])

Crash Data

Attachments

(1 file)

patch to check for the exception
911 bytes, patch
kats
: review+
Details | Diff | Splinter Review
There's one crash in 15.0a1/20120427. Signature _JNIEnv::NewString More Reports Search UUID f0505ef0-67c8-4796-8a08-801202120428 Date Processed 2012-04-28 07:39:04 Uptime 3125 Last Crash 52.1 minutes before submission Install Age 1.0 hours since version was first installed. Install Time 2012-04-28 06:33:40 Product FennecAndroid Version 15.0a1 Build ID 20120427030500 Release Channel nightly OS Linux OS Version 0.0.0 Linux 2.6.36.3 #1 SMP PREEMPT Thu Dec 1 06:02:53 KST 2011 armv7l Build Architecture arm Build Architecture Info Crash Reason SIGSEGV Crash Address 0xdeadd00d App Notes EGL? EGL+ AdapterVendorID: lu6500, AdapterDeviceID: LG-LU6500. AdapterDescription: 'Android, Model: 'LG-LU6500', Product: 'lge_bssq', Manufacturer: 'LGE', Hardware: 'lu6500''. GL Context? GL Context+ GL Layers? GL Layers+ LGE LG-LU6500 lge/lge_bssq/bssq_450-06:2.3.4/GRJ22/LG-LU6500-26_00.4247ef37:user/release-keys EMCheckCompatibility True Frame Module Signature Source 0 libdvm.so libdvm.so@0x464c4 1 dalvik-heap (deleted) dalvik-heap @0x54eae6 2 libdvm.so libdvm.so@0x4a8d1 3 dalvik-heap (deleted) dalvik-heap @0x54eae6 4 libdvm.so libdvm.so@0x4c221 5 libxul.so _JNIEnv::NewString jni.h:828 6 libxul.so mozilla::AndroidBridge::CheckURIVisited widget/android/AndroidBridge.cpp:1551 7 libxul.so nsAndroidHistory::RegisterVisitedCallback toolkit/components/places/nsAndroidHistory.cpp:86 8 libxul.so mozilla::dom::Link::LinkState content/base/src/Link.cpp:127 9 libxul.so EnumeratePendingLinkUpdates content/base/src/nsDocument.cpp:8087 10 libxul.so nsTHashtable<nsPtrHashKey<mozilla::dom::Link> >::s_EnumStub nsTHashtable.h:500 11 libxul.so PL_DHashTableEnumerate obj-firefox/xpcom/build/pldhash.cpp:750 12 libxul.so nsIDocument::FlushPendingLinkUpdates nsTHashtable.h:251 13 libxul.so nsCSSFrameConstructor::ResolveStyleContext layout/base/nsCSSFrameConstructor.cpp:4551 14 libxul.so nsCSSFrameConstructor::ResolveStyleContext layout/base/nsCSSFrameConstructor.cpp:4542 15 libxul.so nsCSSFrameConstructor::AddFrameConstructionItems layout/base/nsCSSFrameConstructor.cpp:4995 16 libxul.so nsCSSFrameConstructor::ContentAppended layout/base/nsCSSFrameConstructor.cpp:6581 17 libxul.so nsCSSFrameConstructor::CreateNeededFrames layout/base/nsCSSFrameConstructor.cpp:6272 18 libxul.so nsCSSFrameConstructor::CreateNeededFrames layout/base/nsCSSFrameConstructor.cpp:6282 19 libxul.so nsCSSFrameConstructor::CreateNeededFrames layout/base/nsCSSFrameConstructor.cpp:6282 20 libxul.so nsCSSFrameConstructor::CreateNeededFrames layout/base/nsCSSFrameConstructor.cpp:6282 21 libxul.so nsCSSFrameConstructor::CreateNeededFrames layout/base/nsCSSFrameConstructor.cpp:6282 22 libxul.so nsCSSFrameConstructor::CreateNeededFrames layout/base/nsCSSFrameConstructor.cpp:6282 23 libxul.so nsCSSFrameConstructor::CreateNeededFrames layout/base/nsCSSFrameConstructor.cpp:6282 24 libxul.so nsCSSFrameConstructor::CreateNeededFrames layout/base/nsCSSFrameConstructor.cpp:6282 25 libxul.so nsCSSFrameConstructor::CreateNeededFrames layout/base/nsCSSFrameConstructor.cpp:6282 26 libxul.so nsCSSFrameConstructor::CreateNeededFrames layout/base/nsCSSFrameConstructor.cpp:6282 27 libxul.so nsCSSFrameConstructor::CreateNeededFrames layout/base/nsCSSFrameConstructor.cpp:6297 28 libxul.so PresShell::FlushPendingNotifications layout/base/nsPresShell.cpp:3969 29 libxul.so nsDocument::FlushPendingNotifications content/base/src/nsDocument.cpp:6383 30 libxul.so nsGenericElement::GetPrimaryFrame content/base/src/nsGenericElement.cpp:3963 31 libxul.so nsGenericElement::GetStyledFrame content/base/src/nsGenericElement.cpp:2047 32 libxul.so nsGenericElement::GetScrollFrame content/base/src/nsGenericElement.cpp:2087 33 libxul.so nsGenericElement::GetScrollTop content/base/src/nsGenericElement.cpp:2123 34 libxul.so nsIDOMElement_GetScrollTop obj-firefox/js/xpconnect/src/dom_quickstubs.cpp:4443 35 libxul.so js_GetProperty js/src/jscntxtinlines.h:364 36 libxul.so JSObject::getGeneric js/src/jsobjinlines.h:194 37 libxul.so js::Interpret js/src/jsobjinlines.h:209 38 libxul.so js::RunScript js/src/jsinterp.cpp:475 39 libxul.so js::InvokeKernel js/src/jsinterp.cpp:535 40 libxul.so js_fun_apply js/src/jsinterp.h:172 41 libxul.so js::Interpret js/src/jscntxtinlines.h:314 42 libxul.so js::RunScript js/src/jsinterp.cpp:475 43 libxul.so js::Invoke js/src/jsinterp.cpp:535 44 libxul.so JS_CallFunctionValue js/src/jsapi.cpp:5416 ... More reports at: https://crash-stats.mozilla.com/report/list?signature=_JNIEnv%3A%3ANewString
Crash Signature: [@ _JNIEnv::NewString] → [@ _JNIEnv::NewString] [@ mozilla::AndroidBridge::AutoLocalJNIFrame::~AutoLocalJNIFrame | mozilla::AndroidBridge::CheckURIVisited]
Depends on: 741315
Those crashes appeared again in 15.0a1/20120517. The related regression range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=c00a9c1940c5&tochange=762e95608da3
Crash Signature: [@ _JNIEnv::NewString] [@ mozilla::AndroidBridge::AutoLocalJNIFrame::~AutoLocalJNIFrame | mozilla::AndroidBridge::CheckURIVisited] → [@ _JNIEnv::NewString] [@ mozilla::AndroidBridge::AutoLocalJNIFrame::~AutoLocalJNIFrame | mozilla::AndroidBridge::CheckURIVisited] [@ 2 (deleted)@0x86e1e] [@ 2 (deleted)@0x15744e] [@ 2 (deleted)@0x1b7236]
Depends on: 741222
This appears to be the same issue as bug 749687, even though the crash stack is slightly different. In both cases it's the call to JNIEnv::NewString that's failing, and in both cases there's a URI stored in the JSON-serialized data. I looked at the nsPromiseFlatString stuff and it looks ok to me, so I don't think that's the problem. My guess is that perhaps the actual string data sent by gecko doesn't line up with the version of unicode that dalvik is using. qawanted to try to reliably reproduce this problem. My guess is that it may happen if you visit pages with weird unicode characters in the URL. It may also depend on the version of android being used, so best to try reproducing on the same device/version that these crashes were seen on.
Keywords: qawanted
Crash Signature: [@ _JNIEnv::NewString] [@ mozilla::AndroidBridge::AutoLocalJNIFrame::~AutoLocalJNIFrame | mozilla::AndroidBridge::CheckURIVisited] [@ 2 (deleted)@0x86e1e] [@ 2 (deleted)@0x15744e] [@ 2 (deleted)@0x1b7236] → [@ _JNIEnv::NewString] [@ mozilla::AndroidBridge::AutoLocalJNIFrame::~AutoLocalJNIFrame | mozilla::AndroidBridge::CheckURIVisited] [@ dvmAbort | JNI_CreateJavaVM | JNI_CreateJavaVM | _JNIEnv::NewString] [@ 2 (deleted)@0x86e1e] [@ 2 (deleted)@0x15744e]…
Crash Signature: (deleted)@0x15744e] [@ 2 (deleted)@0x1b7236] → (deleted)@0x15744e] [@ 2 (deleted)@0x1b7236] [@ _JNIEnv::NewString | mozilla::AndroidBridge::CheckURIVisited] [@ dvmAbort | JNI_CreateJavaVM | JNI_CreateJavaVM | _JNIEnv::NewString | mozilla::AndroidBridge::CheckURIVisited]
Blocks: 438871
tracking-fennec: --- → ?
Assignee: nobody → lucasr.at.mozilla
Relevant part of the log: 06-26 04:38:44.206 E/dalvikvm-heap( 1952): Out of memory on a 924472-byte allocation. 06-26 04:38:44.206 W/GeckoGlobalHistory( 1952): Rebuilding visited link set... 06-26 04:38:44.206 W/dalvikvm( 1952): JNI WARNING: JNI method called with exception raised 06-26 04:38:44.206 W/dalvikvm( 1952): in Lorg/mozilla/gecko/GeckoAppShell;.nativeRun (Ljava/lang/String;)V (CallStaticVoidMethodV) 06-26 04:38:44.206 W/dalvikvm( 1952): Pending exception is: 06-26 04:38:44.206 E/dalvikvm( 1952): VM aborting
Assignee: lucasr.at.mozilla → blassey.bugs
Attachment #638416 - Flags: review?(bugmail.mozilla)
Attachment #638416 - Flags: review?(bugmail.mozilla) → review+
https://hg.mozilla.org/mozilla-central/rev/4524c3a94a3c
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: mozilla14 → mozilla16
Whiteboard: [native-crash][orange] → [native-crash]
tracking-fennec: ? → ---
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: