crash in java.lang.NullPointerException: at android.content.ContentResolver.acquireUnstableProvider(ContentResolver.java)

VERIFIED FIXED in Firefox 26

Status

()

defect
--
critical
VERIFIED FIXED
6 years ago
3 years ago

People

(Reporter: martijn.martijn, Assigned: wesj)

Tracking

({crash, reproducible, testcase})

Trunk
Firefox 28
All
Android
Points:
---

Firefox Tracking Flags

(firefox26 verified, firefox27 verified, firefox28 verified, b2g-v1.2 fixed, fennec+)

Details

(Whiteboard: [native-crash], crash signature, )

Attachments

(2 attachments, 2 obsolete attachments)

This bug was filed from the Socorro interface and is 
report bp-9d9dd0cc-ef5d-4b94-9bf3-743d82130813 .
 ============================================================= 
0 	libmozalloc.so 	mozalloc_abort(char const*) 	memory/mozalloc/mozalloc_abort.cpp
1 	libxul.so 	Java_org_mozilla_gecko_GeckoAppShell_reportJavaCrash 	widget/android/AndroidJNI.cpp
2 	libmozglue.so 	Java_org_mozilla_gecko_GeckoAppShell_reportJavaCrash 	mozglue/android/jni-stubs.inc
3 	libdvm.so 	libdvm.so@0x1dc4e 	
4 	data@app@org.mozilla.fennec-1.apk@classes.dex 	data@app@org.mozilla.fennec-1.apk@classes.dex@0x1ec0f5 	
5 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x8e5b36 	
6 	libdvm.so 	libdvm.so@0x4ded1 	
7 	data@app@org.mozilla.fennec-1.apk@classes.dex 	data@app@org.mozilla.fennec-1.apk@classes.dex@0x1ec0f3 	
8 	libmozglue.so 	Java_org_mozilla_gecko_GeckoAppShell_onSurfaceTextureFrameAvailable 	mozglue/android/jni-stubs.inc
9 		@0xe670001b 	
10 	libmozglue.so 	Java_org_mozilla_gecko_GeckoAppShell_onSurfaceTextureFrameAvailable 	mozglue/android/jni-stubs.inc

I'm getting this crash with current Fennec trunk build on the Samsung Galaxy Nexus on: http://people.mozilla.org/~mwargers/tests/dom/focus/test_input_file_picker.html
- Tap on the 3rd input type=file button
- Choose Camcorder as option and record something and save it.

Result: crash
Here is the Java stack trace:
java.lang.NullPointerException
	at android.content.ContentResolver.acquireUnstableProvider(ContentResolver.java:1144)
	at android.content.ContentResolver.query(ContentResolver.java:398)
	at android.content.ContentResolver.query(ContentResolver.java:357)
	at android.app.Activity.managedQuery(Activity.java:1765)
	at org.mozilla.gecko.CameraVideoResultHandler.onActivityResult(CameraVideoResultHandler.java:49)
	at org.mozilla.gecko.ActivityHandlerHelper.handleActivityResult(ActivityHandlerHelper.java:358)
	at org.mozilla.gecko.GeckoApp.onActivityResult(GeckoApp.java:2342)
	at org.mozilla.gecko.BrowserApp.onActivityResult(BrowserApp.java:984)
	at android.app.Activity.dispatchActivityResult(Activity.java:5322)
	at android.app.ActivityThread.deliverResults(ActivityThread.java:3363)
	at android.app.ActivityThread.handleSendResult(ActivityThread.java:3410)
	at android.app.ActivityThread.access$1100(ActivityThread.java:141)
	at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1304)
	at android.os.Handler.dispatchMessage(Handler.java:99)
	at android.os.Looper.loop(Looper.java:137)
	at android.app.ActivityThread.main(ActivityThread.java:5103)
	at java.lang.reflect.Method.invokeNative(Native Method)
	at java.lang.reflect.Method.invoke(Method.java:525)
	at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:737)
	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:553)
	at dalvik.system.NativeStart.main(Native Method)

More reports at:
https://crash-stats.mozilla.com/report/list?product=FennecAndroid&signature=java.lang.NullPointerException%3A+at+android.content.ContentResolver.acquireUnstableProvider%28ContentResolver.java%29
Whiteboard: [native-crash]
Duplicate of this bug: 906467
tracking-fennec: --- → ?
Keywords: reproducible
Could you find out if this only affects trunk or if it affects older versions as well? Ideally we'd like a regression range on trunk, of course. :)
If we get a regression window, we can re-nom
Assignee: nobody → wjohnston
tracking-fennec: ? → +
I can reproduce this on 11/09 Nightly build, but I cannot reproduce this on latest Nightly 12/09 build.
This still crashes for me on my Nexus 4 (Android 4.3) using today's 09/13's Nightly

https://crash-stats.mozilla.com/report/index/d4841a73-2b6f-438a-8875-caeda2130913
I believe this is an OS issue:
1) Crash also occurs in mobile Chrome
2) Bug is not reproducible in either browser in OS 4.2.2
I still cannot reproduce this on LG Nexus 4 with Android 4.2.2 on 09/17's Nightly build.
Those are the devices and OS versions (API levels) this signature has been sen with in the last 28 days:

Manufacturer 	Model 	API Version 	CPU ABI 	Report Count 	Percentage
LGE 	Nexus 4	18 (REL) 	armeabi-v7a 	10 	50.000 %
asus 	Nexus 7	18 (REL) 	armeabi-v7a 	7 	35.000 %
samsung 	Galaxy Nexus	18 (REL) 	armeabi-v7a 	2 	10.000 %
asus 	ME301T	17 (REL) 	armeabi-v7a 	1 	5.000 %

API level 18 is Android 4.3 and level 17 is 4.2, so it's pretty clear that this is not reproducible on Nexus devices with 4.2, but only with 4.3 so far.

Also, comment #5 gives an interesting hint on a Nightly regression range, but crash-stats say this happens with at least Firefox for Android 26, 24, and 23, and there's even one case in 20 in the last few weeks.
(In reply to Teodora Vermesan (:TeoVermesan) from comment #5)
> I can reproduce this on 11/09 Nightly build, but I cannot reproduce this on
> latest Nightly 12/09 build.

It was a Samsung Galaxy Nexus with Android 4.1.1
Posted patch Patch 1/2Splinter Review
I'm guessing here that on some platforms we're getting back an intent with a null uri? That's possible, so we should probably check for it. This just fails if that's the case.
Attachment #818589 - Flags: review?(lucasr.at.mozilla)
Posted patch Patch 2/2 (obsolete) — Splinter Review
This doesn't fix anything, but I noticed acquireUnstablePovider is deprecated in favor of CursorLoaders, so this flips us to use them where we can.
Attachment #818591 - Flags: review?(lucasr.at.mozilla)
Comment on attachment 818589 [details] [diff] [review]
Patch 1/2

Review of attachment 818589 [details] [diff] [review]:
-----------------------------------------------------------------

Make sense.

::: mobile/android/base/CameraVideoResultHandler.java
@@ +40,5 @@
>      }
>  
>      @Override
>      public void onActivityResult(int resultCode, Intent data) {
> +        if (data == null || data.getData() == null || resultCode != Activity.RESULT_OK) {

It's probably worth adding a comment explaining the reason for the null check with a reference to this bug.
Attachment #818589 - Flags: review?(lucasr.at.mozilla) → review+
Comment on attachment 818591 [details] [diff] [review]
Patch 2/2

Review of attachment 818591 [details] [diff] [review]:
-----------------------------------------------------------------

Looks nice, just needs to use support library instead.

::: mobile/android/base/CameraVideoResultHandler.java
@@ +8,5 @@
>  
>  import android.app.Activity;
> +import android.app.LoaderManager;
> +import android.content.CursorLoader;
> +import android.content.Loader;

You have to import these from the support library instead.

@@ +49,5 @@
>              sendResult("");
>              return;
>          }
>  
> +        if (android.os.Build.VERSION.SDK_INT >= 11) {

If you use the support library imports you can always use CursorLoader and remove the managedQuery stuff.

@@ +51,5 @@
>          }
>  
> +        if (android.os.Build.VERSION.SDK_INT >= 11) {
> +            final LoaderManager lm = GeckoAppShell.getGeckoInterface().getActivity().getLoaderManager();
> +            lm.initLoader(data.hashCode(), null, new LoaderManager.LoaderCallbacks<Cursor>() {

nit: maybe import LoaderCallbacks to make this code look a bit cleaner?

@@ +65,4 @@
>  
> +                @Override
> +                public void onLoadFinished(Loader<Cursor> loader, Cursor cursor) {
> +                    cursor.moveToFirst();

I wonder if you should be doing something like:

if (cursor.moveToFirst()) {
    sendResult(...)
}

To protect against empty cursors? Is an empty cursor a possible situation or a bug we want to catch as a crash?
Attachment #818591 - Flags: review?(lucasr.at.mozilla) → feedback+
Posted patch Patch 2/2 (obsolete) — Splinter Review
This uses the compat libraries. The docs don't seem clear on whether the returned cursor can be null or not, but I added the check for it being empty.
Attachment #818591 - Attachment is obsolete: true
Attachment #825459 - Flags: review?(lucasr.at.mozilla)
Comment on attachment 825459 [details] [diff] [review]
Patch 2/2

Lost something here....
Attachment #825459 - Flags: review?(lucasr.at.mozilla)
Posted patch Patch 2Splinter Review
Builds and runs :)
Attachment #825459 - Attachment is obsolete: true
Attachment #825502 - Flags: review?(lucasr.at.mozilla)
Comment on attachment 825502 [details] [diff] [review]
Patch 2

Review of attachment 825502 [details] [diff] [review]:
-----------------------------------------------------------------

Yep.

::: mobile/android/base/CameraVideoResultHandler.java
@@ +51,5 @@
>              sendResult("");
>              return;
>          }
>  
> +        FragmentActivity fa = (FragmentActivity) GeckoAppShell.getGeckoInterface().getActivity();

final

@@ +56,5 @@
> +        final LoaderManager lm = fa.getSupportLoaderManager();
> +        lm.initLoader(data.hashCode(), null, new LoaderCallbacks<Cursor>() {
> +            @Override
> +            public Loader<Cursor> onCreateLoader(int id, Bundle args) {
> +                return new CursorLoader(GeckoAppShell.getGeckoInterface().getActivity(),

Just use fa?

@@ +62,5 @@
> +                                        new String[] { MediaStore.Video.Media.DATA },
> +                                        null,  // selection
> +                                        null,  // selectionArgs
> +                                        null); // sortOrder
> +            }

nit: empty line here?
Attachment #825502 - Flags: review?(lucasr.at.mozilla) → review+
Comment on attachment 818589 [details] [diff] [review]
Patch 1/2

[Approval Request Comment]
Bug caused by (feature/regressing bug #): Beginning of time?
User impact if declined: Possible crash. Hard to reproduce
Testing completed (on m-c, etc.): Landed on mc today. 
Risk to taking this patch (and alternatives if risky): Low risk. Just a null check. 
String or IDL/UUID changes made by this patch: None.
Attachment #818589 - Flags: approval-mozilla-beta?
Attachment #818589 - Flags: approval-mozilla-aurora?
https://hg.mozilla.org/mozilla-central/rev/395f6bf32ca0
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 28
Attachment #818589 - Flags: approval-mozilla-beta?
Attachment #818589 - Flags: approval-mozilla-beta+
Attachment #818589 - Flags: approval-mozilla-aurora?
Attachment #818589 - Flags: approval-mozilla-aurora+
Verified as fixed on build: nightly 28.0a1 (11.14.2013).
Device: Nexus 7 (Android 4.3)
Status: RESOLVED → VERIFIED
Verified as fixed on builds: 
- aurora 27.0a2 (11.14.2013).
- beta 26.0 build 1
Device: Nexus 7 (Android 4.3)
You need to log in before you can comment on or make changes to this bug.