Last Comment Bug 767791 - java.lang.IndexOutOfBoundsException: getChars (0 ... <n>) ends beyond length 0 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java) at org.mozilla.gecko.GeckoInputConnection.getExtractedText
: java.lang.IndexOutOfBoundsException: getChars (0 ... <n>) ends beyond length ...
Status: NEW
[native-crash]
: crash
Product: Firefox for Android
Classification: Client Software
Component: Keyboards and IME (show other bugs)
: Trunk
: ARM Android
: P2 critical (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
:
: Jim Chen [:jchen] [:darchons]
Mentors:
Depends on: 769520 805162
Blocks: 772225
  Show dependency treegraph
 
Reported: 2012-06-24 05:35 PDT by Scoobidiver (away)
Modified: 2015-10-13 07:30 PDT (History)
3 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
-


Attachments
part-1-empty-Editable-exception.patch (4.50 KB, patch)
2012-06-26 10:57 PDT, Chris Peterson [:cpeterson]
blassey.bugs: review+
Details | Diff | Splinter Review
part-2-fix-range-brackets.patch (3.20 KB, patch)
2012-06-26 10:58 PDT, Chris Peterson [:cpeterson]
blassey.bugs: review+
Details | Diff | Splinter Review

Description Scoobidiver (away) 2012-06-24 05:35:03 PDT
This bug was filed from the Socorro interface and is 
report bp-883d1a79-4730-4c4b-a9a7-6b4e02120624 .
============================================================= 

java.lang.IndexOutOfBoundsException: getChars (0 ... 9309) ends beyond length 0
	at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java:945)
	at android.text.SpannableStringBuilder.getChars(SpannableStringBuilder.java:839)
	at android.text.SpannableStringBuilder.toString(SpannableStringBuilder.java:862)
	at org.mozilla.gecko.GeckoInputConnection.getExtractedText(GeckoInputConnection.java:230)
	at com.android.internal.view.IInputConnectionWrapper.executeMessage(IInputConnectionWrapper.java:266)
	at com.android.internal.view.IInputConnectionWrapper$MyHandler.handleMessage(IInputConnectionWrapper.java:77)
	at android.os.Handler.dispatchMessage(Handler.java:99)
	at android.os.Looper.loop(Looper.java:137)
	at android.app.ActivityThread.main(ActivityThread.java:4424)
	at java.lang.reflect.Method.invokeNative(Native Method)
	at java.lang.reflect.Method.invoke(Method.java:511)
	at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:784)
	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:551)
	at dalvik.system.NativeStart.main(Native Method)

More reports at:
https://crash-stats.mozilla.com/query/query?product=FennecAndroid&version=FennecAndroid%3A16.0a1&query_search=signature&query_type=contains&query=android.text.SpannableStringBuilder.checkRange&do_query=1
Comment 1 Chris Peterson [:cpeterson] 2012-06-26 10:57:29 PDT
Created attachment 636786 [details] [diff] [review]
part-1-empty-Editable-exception.patch

Part 1: Do not call Editable.toString() if Editable has no text.

This is an Android bug. Editable.toString() may randomly crash because SpannableStringBuilder.getChars() does not account for its mGapLength when checking its [start, end) copy range. This seems to happen most often when length is 0 and the end index is very large.
Comment 2 Chris Peterson [:cpeterson] 2012-06-26 10:58:43 PDT
Created attachment 636787 [details] [diff] [review]
part-2-fix-range-brackets.patch

Part 2: Selection ranges exclude end index, so write [a,b), not (a,b].

This patch just fixes some typos in comments and log messages.
Comment 3 Chris Peterson [:cpeterson] 2012-06-29 16:51:29 PDT
* part 1 may not be necessary after bug 769520 lands.
* part 2 landed: https://hg.mozilla.org/integration/mozilla-inbound/rev/301d38e920a0
Comment 4 Ryan VanderMeulen [:RyanVM] 2012-06-30 12:42:47 PDT
https://hg.mozilla.org/mozilla-central/rev/301d38e920a0
Comment 5 Chris Peterson [:cpeterson] 2012-07-09 14:12:35 PDT
I believe my fix for bug 769520 will fix these IndexOutOfBoundsExceptions, but I will watch Socorro topcrashes for a few days before resolving this bug.
Comment 6 Chris Peterson [:cpeterson] 2012-07-16 15:34:34 PDT
The fix for bug 769520, which landed in build Nightly 16 (2012-07-10), should have fixed these IndexOutOfBoundsExceptions. I'm resolving this bug as FIXED because I do not see any IndexOutOfBoundsExceptions in Socorro for builds >= Nightly 16 (2012-07-10).
Comment 7 Scoobidiver (away) 2012-09-06 15:54:18 PDT
It happens after the backout of bug 769520: bp-e1d3866d-b87f-49c4-9797-ec85f2120906.

Note You need to log in before you can comment on or make changes to this bug.