Closed Bug 979595 Opened 6 years ago Closed 6 years ago
Camera Device crashes (SIGFPE) when stopping camera too quickly due to division-by-0
STR (seem to be): 1. open camera 2. start preview 3. close camera On step 1 or 2, the EmulatedCamera tries to kick off a work thread, but the thread doesn't start until after 3 has happened, and the new thread fails with a SIGFPE (division-by-zero?). This was observed while trying to land automated tests for bug 977756.
I've narrowed the crash down to somewhere in EmulatedFakeCameraDevice::inWorkerThread(), possibly in the call to drawCheckerBoard(): http://androidxref.com/4.0.4/xref/development/tools/emulator/system/camera/EmulatedFakeCameraDevice.cpp#192. My guess is that in the shutting-down state, one of the divisions in the latter function is turning into a division-by-zero and raising the SIGFPE; but every time I try to narrow down the error site, it goes away, so there's a good old fashioned race condition going on here as well. Fun stuff.
Confirmed: the crash is happening in drawCheckerBoard().
Confirmed: in drawCheckerBoard(), mFrameWidth = 0, so size = 0, and the subsequent divisions are all by 0. http://androidxref.com/4.0.4/xref/development/tools/emulator/system/camera/EmulatedFakeCameraDevice.cpp#243
Summary: [Emulator] EmulatedCamera crashes when stopping camera too quickly → [Emulator][race] EmulatedCamera crashes when stopping camera too quickly
Looks like the bug may still exist in JB/4.4.2: http://androidxref.com/4.4.2_r1/xref/device/generic/goldfish/camera/EmulatedFakeCameraDevice.cpp#243
Summary: [Emulator][race] EmulatedCamera crashes when stopping camera too quickly → [Emulator][Crash][race] EmulatedCamera crashes (SIGFPE) when stopping camera too quickly due to division-by-0
The solution is probably just to fail out of drawCheckerboard() when mFrameWidth == 0.
Assignee: nobody → mhabicher
It looks like just bailing out of drawCheckerboard() when mFrameWidth == 0 is not sufficient, as this causes the emulated camera to enter a bad state. Once in this state, subsequent emulated cameras fail to start and the automated test hangs trying to open the camera.
Will we need this fix in emulator-jb or emulator-kk?
(In reply to Michael Wu [:mwu] from comment #8) > > Will we need this fix in emulator-jb or emulator-kk? I haven't tested those emulator, but the code looks the same. Shouldn't hurt to have to emulators pick it up as well.
Summary: [Emulator][Crash][race] EmulatedCamera crashes (SIGFPE) when stopping camera too quickly due to division-by-0 → [Emulator][Crash][race] EmulatedCameraDevice crashes (SIGFPE) when stopping camera too quickly due to division-by-0
Comment on attachment 8386304 [details] [PRLink] Fix SIGFPE/hang in emulated camera r=me. Please also land on other emulators if applicable and attempt to upstream for a real review.
Attachment #8386304 - Flags: review?(mwu) → review+
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Just to finish this off: I spoke to jgriffin and he told me that, unlike when bug 867996 landed, these days no extra steps (see bug 871795) are required to push a new emulator build to the automation infrastructure. The emulator is rebuilt automatically.
You need to log in before you can comment on or make changes to this bug.