Last Comment Bug 767791 - java.lang.IndexOutOfBoundsException: getChars (0 ... <n>) ends beyond length 0 at android.text.SpannableStringBuilder.checkRange( at org.mozilla.gecko.GeckoInputConnection.getExtractedText
: java.lang.IndexOutOfBoundsException: getChars (0 ... <n>) ends beyond length ...
Status: NEW
: crash
Product: Firefox for Android
Classification: Client Software
Component: Keyboards and IME (show other bugs)
: Trunk
: ARM Android
P2 critical (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
: Jim Chen [:jchen] [:darchons]
Depends on: 769520 805162
Blocks: 772225
  Show dependency treegraph
Reported: 2012-06-24 05:35 PDT by Scoobidiver (away)
Modified: 2015-10-13 07:30 PDT (History)
3 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

part-1-empty-Editable-exception.patch (4.50 KB, patch)
2012-06-26 10:57 PDT, Chris Peterson [:cpeterson]
blassey.bugs: review+
Details | Diff | Splinter Review
part-2-fix-range-brackets.patch (3.20 KB, patch)
2012-06-26 10:58 PDT, Chris Peterson [:cpeterson]
blassey.bugs: review+
Details | Diff | Splinter Review

Description User image Scoobidiver (away) 2012-06-24 05:35:03 PDT
This bug was filed from the Socorro interface and is 
report bp-883d1a79-4730-4c4b-a9a7-6b4e02120624 .

java.lang.IndexOutOfBoundsException: getChars (0 ... 9309) ends beyond length 0
	at android.text.SpannableStringBuilder.checkRange(
	at android.text.SpannableStringBuilder.getChars(
	at android.text.SpannableStringBuilder.toString(
	at org.mozilla.gecko.GeckoInputConnection.getExtractedText(
	at android.os.Handler.dispatchMessage(
	at android.os.Looper.loop(
	at java.lang.reflect.Method.invokeNative(Native Method)
	at java.lang.reflect.Method.invoke(
	at dalvik.system.NativeStart.main(Native Method)

More reports at:
Comment 1 User image Chris Peterson [:cpeterson] 2012-06-26 10:57:29 PDT
Created attachment 636786 [details] [diff] [review]

Part 1: Do not call Editable.toString() if Editable has no text.

This is an Android bug. Editable.toString() may randomly crash because SpannableStringBuilder.getChars() does not account for its mGapLength when checking its [start, end) copy range. This seems to happen most often when length is 0 and the end index is very large.
Comment 2 User image Chris Peterson [:cpeterson] 2012-06-26 10:58:43 PDT
Created attachment 636787 [details] [diff] [review]

Part 2: Selection ranges exclude end index, so write [a,b), not (a,b].

This patch just fixes some typos in comments and log messages.
Comment 3 User image Chris Peterson [:cpeterson] 2012-06-29 16:51:29 PDT
* part 1 may not be necessary after bug 769520 lands.
* part 2 landed:
Comment 4 User image Ryan VanderMeulen [:RyanVM] 2012-06-30 12:42:47 PDT
Comment 5 User image Chris Peterson [:cpeterson] 2012-07-09 14:12:35 PDT
I believe my fix for bug 769520 will fix these IndexOutOfBoundsExceptions, but I will watch Socorro topcrashes for a few days before resolving this bug.
Comment 6 User image Chris Peterson [:cpeterson] 2012-07-16 15:34:34 PDT
The fix for bug 769520, which landed in build Nightly 16 (2012-07-10), should have fixed these IndexOutOfBoundsExceptions. I'm resolving this bug as FIXED because I do not see any IndexOutOfBoundsExceptions in Socorro for builds >= Nightly 16 (2012-07-10).
Comment 7 User image Scoobidiver (away) 2012-09-06 15:54:18 PDT
It happens after the backout of bug 769520: bp-e1d3866d-b87f-49c4-9797-ec85f2120906.

Note You need to log in before you can comment on or make changes to this bug.