Closed
Bug 817386
Opened 12 years ago
Closed 12 years ago
java.lang.IndexOutOfBoundsException: getChars (0 ... <n>) ends beyond length 0 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java) at org.mozilla.gecko.GeckoEditable.invoke(GeckoEditable.java)
Categories
(Firefox for Android Graveyard :: Keyboards and IME, defect)
Tracking
(firefox19 unaffected, firefox20+ fixed, firefox21 fixed)
RESOLVED
FIXED
Firefox 21
Tracking | Status | |
---|---|---|
firefox19 | --- | unaffected |
firefox20 | + | fixed |
firefox21 | --- | fixed |
People
(Reporter: scoobidiver, Assigned: jchen)
References
Details
(Keywords: crash, Whiteboard: [native-crash])
Crash Data
Attachments
(1 file, 1 obsolete file)
2.79 KB,
patch
|
jchen
:
review+
bajaj
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is
report bp-cc77588f-7669-4a57-bc51-2c6822121202 .
=============================================================
Reporter | ||
Comment 1•12 years ago
|
||
With that stack trace, there are three crashes in 20.0a1, the first one in 20.0a1/20121126.
java.lang.IndexOutOfBoundsException: getChars (0 ... 13) ends beyond length 0
at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java:1016)
at android.text.SpannableStringBuilder.getChars(SpannableStringBuilder.java:913)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:511)
at org.mozilla.gecko.GeckoEditable.invoke(GeckoEditable.java:636)
at $Proxy0.getChars(Native Method)
at android.text.TextUtils.getChars(TextUtils.java:70)
at android.text.TextUtils.substring(TextUtils.java:256)
at android.view.inputmethod.BaseInputConnection.getTextBeforeCursor(BaseInputConnection.java:335)
at com.android.internal.view.IInputConnectionWrapper.executeMessage(IInputConnectionWrapper.java:218)
at com.android.internal.view.IInputConnectionWrapper$MyHandler.handleMessage(IInputConnectionWrapper.java:77)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loop(Looper.java:137)
at android.app.ActivityThread.main(ActivityThread.java:4898)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:511)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1006)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:773)
at dalvik.system.NativeStart.main(Native Method)
More reports at:
https://crash-stats.mozilla.com/query/query?product=FennecAndroid&version=FennecAndroid%3A20.0a1&range_value=4&range_unit=weeks&query_search=signature&query_type=contains&query=android.text.SpannableStringBuilder.checkRange&do_query=1
Blocks: 805162
Crash Signature: [@ java.lang.IndexOutOfBoundsException: getChars (0 ... 13) ends beyond length 0 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java)] → [@ java.lang.IndexOutOfBoundsException: getChars (0 ... 13) ends beyond length 0 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java)]
[@ java.lang.IndexOutOfBoundsException: getChars (0 ... 12) ends beyond length 0 at android.t…
status-firefox20:
--- → affected
Keywords: regression
Summary: java.lang.IndexOutOfBoundsException: getChars (0 ... 13) ends beyond length 0 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java) → java.lang.IndexOutOfBoundsException: getChars (0 ... <n>) ends beyond length 0 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java) at org.mozilla.gecko.GeckoEditable.invoke(GeckoEditable.java)
Version: unspecified → Firefox 19
Updated•12 years ago
|
Whiteboard: [native-crash]
Reporter | ||
Comment 2•12 years ago
|
||
Aurora seems unaffected.
There are 6 crashes in Nightly making it #11-19 top crasher.
Version: Firefox 19 → Firefox 20
Reporter | ||
Updated•12 years ago
|
Crash Signature: [@ java.lang.IndexOutOfBoundsException: getChars (0 ... 13) ends beyond length 0 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.java)]
[@ java.lang.IndexOutOfBoundsException: getChars (0 ... 12) ends beyond length 0 at android.t… → [@ java.lang.NullPointerException: at org.mozilla.gecko.GeckoEditable.replace(GeckoEditable.java)]
[@ java.lang.IndexOutOfBoundsException: getChars (0 ... 13) ends beyond length 0 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.…
Reporter | ||
Comment 3•12 years ago
|
||
It's now #9 top crasher in 20.0a1.
Comment 4•12 years ago
|
||
Tracking since it's a topcrasher, we can check back on the volume when we go to Aurora.
Updated•12 years ago
|
Assignee: nobody → nchen
tracking-fennec: ? → 20+
Assignee | ||
Comment 5•12 years ago
|
||
This happens because of a race between Gecko changing the text and InputConnection reading the text. InputConnection first reads the selection offsets; Gecko then changes the text which alters the selection; InputConnection finally uses the old selection offsets to try to get text, and in this case the old selection offsets are outside of the text.
It will take a lot of work to fix this race, because when Gecko single-handedly changes the text, Java cannot simply wait for Gecko. There are several approaches, but the simplest case is probably just to catch the exception, and make Fennec not crash. The IME might misbehave as a result but this race should not be a common case, and I think it's a good compromise.
Attachment #698814 -
Flags: review?(cpeterson)
Updated•12 years ago
|
status-firefox19:
--- → unaffected
Comment 6•12 years ago
|
||
Comment on attachment 698814 [details] [diff] [review]
Log and ignore Editable exceptions (v1)
Review of attachment 698814 [details] [diff] [review]:
-----------------------------------------------------------------
This fix is kinda ugly, but I realize this is a workaround for a topcrash. These race conditions between the UI and Gecko threads have been a long sore point; it would be nice to fix a robust solution.
To avoid masking other bugs that might be throwing exceptions, can we only handle just the IndexOutOfBoundsException?
::: mobile/android/base/GeckoEditable.java
@@ +741,5 @@
> + // return an empty value instead.
> + Log.w(LOGTAG, "Exception in GeckoEditable." + method.getName(), e.getCause());
> + Class<?> retClass = method.getReturnType();
> + ret = retClass != Void.TYPE && retClass.isPrimitive() ? retClass.newInstance() :
> + retClass == String.class ? "" : null;
I'm a big fan of the ?: ternary operator, but I think nesting two ternary expressions together is too clever. :)
Let's just split this into something boring like:
if (retClass != Void.TYPE && retClass.isPrimitive())
ret = retClass.newInstance();
else if (retClass == String.class)
ret = "";
else
ret = null;
Attachment #698814 -
Flags: review?(cpeterson) → review+
Assignee | ||
Comment 7•12 years ago
|
||
Assignee | ||
Comment 8•12 years ago
|
||
Patch after addressing review comments.
Attachment #698814 -
Attachment is obsolete: true
Attachment #699885 -
Flags: review+
Assignee | ||
Comment 9•12 years ago
|
||
Comment on attachment 699885 [details] [diff] [review]
Log and ignore IndexOutOfBoundsException in Editable (v1.1)
[Approval Request Comment]
Bug caused by (feature/regressing bug #): N/A
User impact if declined: Top-crash that's being tracked for Aurora
Testing completed (on m-c, etc.): Locally
Risk to taking this patch (and alternatives if risky): No risk; patch only catches crash and prevents crash from happening
String or UUID changes made by this patch: None
Attachment #699885 -
Flags: approval-mozilla-aurora?
Assignee | ||
Updated•12 years ago
|
Whiteboard: [native-crash] → [native-crash][leave open]
Comment 10•12 years ago
|
||
Reporter | ||
Updated•12 years ago
|
Target Milestone: --- → Firefox 21
Comment 11•12 years ago
|
||
Comment on attachment 699885 [details] [diff] [review]
Log and ignore IndexOutOfBoundsException in Editable (v1.1)
Approving on aurora.
Please keep an eye on the crash volume to make sure the patch has helped & lookout for any new regressions.
Attachment #699885 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Reporter | ||
Comment 12•12 years ago
|
||
It's not fixed: https://crash-stats.mozilla.com/report/list?signature=java.lang.NullPointerException%3A+at+org.mozilla.gecko.GeckoEditable.replace%28GeckoEditable.java%29
but no longer a top crasher
tracking-fennec: 20+ → ?
Crash Signature: [@ java.lang.NullPointerException: at org.mozilla.gecko.GeckoEditable.replace(GeckoEditable.java)]
[@ java.lang.IndexOutOfBoundsException: getChars (0 ... 13) ends beyond length 0 at android.text.SpannableStringBuilder.checkRange(SpannableStringBuilder.… → [@ java.lang.NullPointerException: at org.mozilla.gecko.GeckoEditable.replace(GeckoEditable.java)]
[@ java.lang.IndexOutOfBoundsException: charAt: -1 < 0 at android.text.SpannableStringBuilder.charAt(SpannableStringBuilder.java)]
[@ java.lang.IndexOutOf…
Keywords: regression,
topcrash
Version: Firefox 20 → Trunk
Assignee | ||
Comment 13•12 years ago
|
||
(In reply to Scoobidiver from comment #12)
> It's not fixed:
> https://crash-stats.mozilla.com/report/list?signature=java.lang.
> NullPointerException%3A+at+org.mozilla.gecko.GeckoEditable.
> replace%28GeckoEditable.java%29
> but no longer a top crasher
The stack is very different. It should be a different bug.
Reporter | ||
Comment 14•12 years ago
|
||
(In reply to Jim Chen [:jchen :nchen] from comment #13)
> The stack is very different. It should be a different bug.
OK. I will file it.
Crash Signature: [@ java.lang.NullPointerException: at org.mozilla.gecko.GeckoEditable.replace(GeckoEditable.java)]
[@ java.lang.IndexOutOfBoundsException: charAt: -1 < 0 at android.text.SpannableStringBuilder.charAt(SpannableStringBuilder.java)]
[@ java.lang.IndexOutOf… → [@ java.lang.IndexOutOfBoundsException: charAt: -1 < 0 at android.text.SpannableStringBuilder.charAt(SpannableStringBuilder.java)]
[@ java.lang.IndexOutOfBoundsException: charAt: 0 >= length 0 at android.text.SpannableStringBuilder.charAt(SpannableString…
Assignee | ||
Comment 15•12 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Reporter | ||
Updated•12 years ago
|
Whiteboard: [native-crash][leave open] → [native-crash]
Updated•12 years ago
|
Updated•11 years ago
|
tracking-fennec: ? → ---
Updated•4 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•