Last Comment Bug 775442 - java.lang.StringIndexOutOfBoundsException: at java.lang.String.substring(String.java) at org.mozilla.gecko.GeckoInputConnection.notifyTextChange(GeckoInputConnection.java)
: java.lang.StringIndexOutOfBoundsException: at java.lang.String.substring(Stri...
Status: RESOLVED FIXED
[native-crash]
: crash
Product: Firefox for Android
Classification: Client Software
Component: Keyboards and IME (show other bugs)
: Trunk
: ARM Android
: -- critical (vote)
: Firefox 17
Assigned To: Chris Peterson [:cpeterson]
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-19 02:21 PDT by Scoobidiver (away)
Modified: 2012-07-24 14:36 PDT (History)
2 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
fixed
fixed
fixed


Attachments
part-1-clamp-extracted-text-updates.patch (2.85 KB, patch)
2012-07-19 13:53 PDT, Chris Peterson [:cpeterson]
blassey.bugs: review+
lukasblakk+bugs: approval‑mozilla‑aurora+
lukasblakk+bugs: approval‑mozilla‑beta+
Details | Diff | Review
part-2-pretty-print-text.patch (5.01 KB, patch)
2012-07-19 13:55 PDT, Chris Peterson [:cpeterson]
blassey.bugs: review+
Details | Diff | Review

Description Scoobidiver (away) 2012-07-19 02:21:50 PDT
There are two crashes in 17.0a1/20120718 and one in 15.0a2/20120716. Here is a crash report: bp-8140dbef-2cd7-4331-aa7e-d4b4e2120719.

java.lang.StringIndexOutOfBoundsException
	at java.lang.String.substring(String.java:1651)
	at org.mozilla.gecko.GeckoInputConnection.notifyTextChange(GeckoInputConnection.java:490)
	at org.mozilla.gecko.GeckoInputConnection$3.run(GeckoInputConnection.java:1081)
	at android.os.Handler.handleCallback(Handler.java:587)
	at android.os.Handler.dispatchMessage(Handler.java:92)
	at android.os.Looper.loop(Looper.java:130)
	at android.app.ActivityThread.main(ActivityThread.java:3691)
	at java.lang.reflect.Method.invokeNative(Native Method)
	at java.lang.reflect.Method.invoke(Method.java:507)
	at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:907)
	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:665)
	at dalvik.system.NativeStart.main(Native Method)

More reports at:
https://crash-stats.mozilla.com/report/list?signature=java.lang.StringIndexOutOfBoundsException%3A+at+java.lang.String.substring%28String.java%29
Comment 1 Chris Peterson [:cpeterson] 2012-07-19 13:53:22 PDT
Created attachment 644006 [details] [diff] [review]
part-1-clamp-extracted-text-updates.patch

Part 1: Clamp string indexes when updating IME extracted text.

I'd like to uplift this "can't happen" bug fix to Aurora 16 and possibly Beta 15.

The patch adds an IllegalArgumentException, but it is only thrown from DEBUG code.
Comment 2 Chris Peterson [:cpeterson] 2012-07-19 13:55:39 PDT
Created attachment 644007 [details] [diff] [review]
part-2-pretty-print-text.patch

Part 2: Pretty-print IME strings to logcat (to make debugging editing of long text fields easier).

Patch 1 could be uplifted without patch 2. This patch only affects DEBUG logging.
Comment 5 Chris Peterson [:cpeterson] 2012-07-23 16:16:55 PDT
Comment on attachment 644006 [details] [diff] [review]
part-1-clamp-extracted-text-updates.patch

[Approval Request Comment]
Bug caused by (feature/regressing bug #): 
User impact if declined: Some low frequency IME crashes.
Testing completed (on m-c, etc.): Baked on m-c for 2 days. In the past 3 days, there have been 0 StringIndexOutOfBoundsExceptions on Nightly 17, 1 on Aurora 16, and 18 on Beta 15. So this patch seems to be helping.
Risk to taking this patch (and alternatives if risky): Low risk. The patch just adds some string length checks.
String or UUID changes made by this patch: N/A
Comment 6 Chris Peterson [:cpeterson] 2012-07-24 14:23:25 PDT
https://hg.mozilla.org/releases/mozilla-aurora/rev/e061fdd4ab2f
Comment 7 Chris Peterson [:cpeterson] 2012-07-24 14:36:06 PDT
https://hg.mozilla.org/releases/mozilla-beta/rev/a6994473b0b4

Note You need to log in before you can comment on or make changes to this bug.