Last Comment Bug 775442 - java.lang.StringIndexOutOfBoundsException: at java.lang.String.substring( at org.mozilla.gecko.GeckoInputConnection.notifyTextChange(
: java.lang.StringIndexOutOfBoundsException: at java.lang.String.substring(Stri...
: crash
Product: Firefox for Android
Classification: Client Software
Component: Keyboards and IME (show other bugs)
: Trunk
: ARM Android
-- critical (vote)
: Firefox 17
Assigned To: Chris Peterson [:cpeterson]
: Jim Chen [:jchen] [:darchons]
Depends on:
  Show dependency treegraph
Reported: 2012-07-19 02:21 PDT by Scoobidiver (away)
Modified: 2012-07-24 14:36 PDT (History)
2 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

part-1-clamp-extracted-text-updates.patch (2.85 KB, patch)
2012-07-19 13:53 PDT, Chris Peterson [:cpeterson]
blassey.bugs: review+
lukasblakk+bugs: approval‑mozilla‑aurora+
lukasblakk+bugs: approval‑mozilla‑beta+
Details | Diff | Splinter Review
part-2-pretty-print-text.patch (5.01 KB, patch)
2012-07-19 13:55 PDT, Chris Peterson [:cpeterson]
blassey.bugs: review+
Details | Diff | Splinter Review

Description User image Scoobidiver (away) 2012-07-19 02:21:50 PDT
There are two crashes in 17.0a1/20120718 and one in 15.0a2/20120716. Here is a crash report: bp-8140dbef-2cd7-4331-aa7e-d4b4e2120719.

	at java.lang.String.substring(
	at org.mozilla.gecko.GeckoInputConnection.notifyTextChange(
	at org.mozilla.gecko.GeckoInputConnection$
	at android.os.Handler.handleCallback(
	at android.os.Handler.dispatchMessage(
	at android.os.Looper.loop(
	at java.lang.reflect.Method.invokeNative(Native Method)
	at java.lang.reflect.Method.invoke(
	at dalvik.system.NativeStart.main(Native Method)

More reports at:
Comment 1 User image Chris Peterson [:cpeterson] 2012-07-19 13:53:22 PDT
Created attachment 644006 [details] [diff] [review]

Part 1: Clamp string indexes when updating IME extracted text.

I'd like to uplift this "can't happen" bug fix to Aurora 16 and possibly Beta 15.

The patch adds an IllegalArgumentException, but it is only thrown from DEBUG code.
Comment 2 User image Chris Peterson [:cpeterson] 2012-07-19 13:55:39 PDT
Created attachment 644007 [details] [diff] [review]

Part 2: Pretty-print IME strings to logcat (to make debugging editing of long text fields easier).

Patch 1 could be uplifted without patch 2. This patch only affects DEBUG logging.
Comment 5 User image Chris Peterson [:cpeterson] 2012-07-23 16:16:55 PDT
Comment on attachment 644006 [details] [diff] [review]

[Approval Request Comment]
Bug caused by (feature/regressing bug #): 
User impact if declined: Some low frequency IME crashes.
Testing completed (on m-c, etc.): Baked on m-c for 2 days. In the past 3 days, there have been 0 StringIndexOutOfBoundsExceptions on Nightly 17, 1 on Aurora 16, and 18 on Beta 15. So this patch seems to be helping.
Risk to taking this patch (and alternatives if risky): Low risk. The patch just adds some string length checks.
String or UUID changes made by this patch: N/A
Comment 6 User image Chris Peterson [:cpeterson] 2012-07-24 14:23:25 PDT
Comment 7 User image Chris Peterson [:cpeterson] 2012-07-24 14:36:06 PDT

Note You need to log in before you can comment on or make changes to this bug.