Closed
Bug 963242
Opened 10 years ago
Closed 10 years ago
crash in @0x0 | JavaThreadDetachFunc
Categories
(Firefox for Android Graveyard :: General, defect)
Tracking
(firefox28 unaffected, firefox29+ fixed)
RESOLVED
FIXED
Firefox 29
| Tracking | Status | |
|---|---|---|
| firefox28 | --- | unaffected |
| firefox29 | + | fixed |
People
(Reporter: kbrosnan, Assigned: snorp)
References
()
Details
(4 keywords)
Crash Data
Attachments
(2 files)
|
1.05 KB,
patch
|
kats
:
review+
|
Details | Diff | Splinter Review |
|
1.15 KB,
patch
|
kats
:
review+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-5f871cc4-9664-4b88-ae1c-b574d2140123. ============================================================= Crash when enabling Flash. STR: load http://www.homestarrunner.com/main15.html tap on characters button
|
||
Comment 1•10 years ago
|
||
Reproducible on my HTC One (Android 4.4) after tapping the Flash 'Downloads' button in the above URL.
|
Assignee | |
Updated•10 years ago
|
Assignee: nobody → snorp
|
|
Assignee | |
Comment 2•10 years ago
|
||
I can't explain why the env or vm would be null here, but we should at least check for it.
Attachment #8365056 -
Flags: review?(bugmail.mozilla)
|
||
Comment 3•10 years ago
|
||
Comment on attachment 8365056 [details] [diff] [review] Add null checks in AndroidBridge::JavaThreadDetachFunc() Review of attachment 8365056 [details] [diff] [review]: ----------------------------------------------------------------- I feel like this might just be a symptom of some other underlying issue. According to the docs I found the destructor should never get called with a null argument...
Attachment #8365056 -
Flags: review?(bugmail.mozilla) → review+
|
|
Assignee | |
Comment 4•10 years ago
|
||
(In reply to Kartikaya Gupta (email:kats@mozilla.com) from comment #3) > Comment on attachment 8365056 [details] [diff] [review] > Add null checks in AndroidBridge::JavaThreadDetachFunc() > > Review of attachment 8365056 [details] [diff] [review]: > ----------------------------------------------------------------- > > I feel like this might just be a symptom of some other underlying issue. > According to the docs I found the destructor should never get called with a > null argument... Yeah, maybe it's the VM that's null? Dunno. Definitely something fishy going on...
|
|
Assignee | |
Comment 5•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/14a1340ab2ff
|
|
Assignee | |
Updated•10 years ago
|
Whiteboard: [leave open]
|
||
Updated•10 years ago
|
|
|
||
Comment 6•10 years ago
|
||
Were going to track this since this a top crasher on nightly.
|
||
Comment 7•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/14a1340ab2ff
|
||
Comment 9•10 years ago
|
||
This should do the trick. I think the crash is happening because we were saving all JNIEnv pointers in TLS, even if the JNIEnv did not come from AttachCurrentThread. When we end up calling DetachCurrentThread on these pointers in JavaThreadDetachFunc, Bad Things happen.
Attachment #8366728 -
Flags: review?(bugmail.mozilla)
|
|
Assignee | |
Comment 10•10 years ago
|
||
(In reply to Jim Chen [:jchen :nchen] from comment #9) > Created attachment 8366728 [details] [diff] [review] > Only save JNI env in TLS when first attaching (v1) > > This should do the trick. I think the crash is happening because we were > saving all JNIEnv pointers in TLS, even if the JNIEnv did not come from > AttachCurrentThread. When we end up calling DetachCurrentThread on these > pointers in JavaThreadDetachFunc, Bad Things happen. Makes sense to me.
|
|
||
Comment 11•10 years ago
|
||
Comment on attachment 8366728 [details] [diff] [review] Only save JNI env in TLS when first attaching (v1) Review of attachment 8366728 [details] [diff] [review]: ----------------------------------------------------------------- Sounds reasonable
Attachment #8366728 -
Flags: review?(bugmail.mozilla) → review+
|
|
||
Comment 12•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/45db690af8c6
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 14•10 years ago
|
||
Marking this fixed now, since Jim's change is more convincing.
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Whiteboard: [leave open]
|
Reporter | |
Updated•10 years ago
|
tracking-fennec: ? → ---
|
|
||
Updated•10 years ago
|
Target Milestone: --- → Firefox 29
|
||
Updated•3 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•