Closed Bug 979595 Opened 6 years ago Closed 6 years ago

[Emulator][Crash][race] EmulatedCameraDevice crashes (SIGFPE) when stopping camera too quickly due to division-by-0

Categories

(Firefox OS Graveyard :: Emulator, defect)

ARM
Gonk (Firefox OS)
defect
Not set

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: mikeh, Assigned: mikeh)

References

Details

(Keywords: crash)

Attachments

(1 file, 1 obsolete file)

STR (seem to be):
1. open camera
2. start preview
3. close camera

On step 1 or 2, the EmulatedCamera tries to kick off a work thread, but the thread doesn't start until after 3 has happened, and the new thread fails with a SIGFPE (division-by-zero?).

This was observed while trying to land automated tests for bug 977756.
See Also: → 977756
I've narrowed the crash down to somewhere in EmulatedFakeCameraDevice::inWorkerThread(), possibly in the call to drawCheckerBoard(): http://androidxref.com/4.0.4/xref/development/tools/emulator/system/camera/EmulatedFakeCameraDevice.cpp#192.

My guess is that in the shutting-down state, one of the divisions in the latter function is turning into a division-by-zero and raising the SIGFPE; but every time I try to narrow down the error site, it goes away, so there's a good old fashioned race condition going on here as well.

Fun stuff.
Confirmed: the crash is happening in drawCheckerBoard().
Confirmed: in drawCheckerBoard(), mFrameWidth = 0, so size = 0, and the subsequent divisions are all by 0.

http://androidxref.com/4.0.4/xref/development/tools/emulator/system/camera/EmulatedFakeCameraDevice.cpp#243
Summary: [Emulator] EmulatedCamera crashes when stopping camera too quickly → [Emulator][race] EmulatedCamera crashes when stopping camera too quickly
Looks like the bug may still exist in  JB/4.4.2: http://androidxref.com/4.4.2_r1/xref/device/generic/goldfish/camera/EmulatedFakeCameraDevice.cpp#243
Keywords: crash
Summary: [Emulator][race] EmulatedCamera crashes when stopping camera too quickly → [Emulator][Crash][race] EmulatedCamera crashes (SIGFPE) when stopping camera too quickly due to division-by-0
The solution is probably just to fail out of drawCheckerboard() when mFrameWidth == 0.
Assignee: nobody → mhabicher
It looks like just bailing out of drawCheckerboard() when mFrameWidth == 0 is not sufficient, as this causes the emulated camera to enter a bad state. Once in this state, subsequent emulated cameras fail to start and the automated test hangs trying to open the camera.
Attachment #8385670 - Attachment is obsolete: true
Attachment #8386304 - Flags: review?(mwu)
Will we need this fix in emulator-jb or emulator-kk?
(In reply to Michael Wu [:mwu] from comment #8)
>
> Will we need this fix in emulator-jb or emulator-kk?

I haven't tested those emulator, but the code looks the same. Shouldn't hurt to have to emulators pick it up as well.
Summary: [Emulator][Crash][race] EmulatedCamera crashes (SIGFPE) when stopping camera too quickly due to division-by-0 → [Emulator][Crash][race] EmulatedCameraDevice crashes (SIGFPE) when stopping camera too quickly due to division-by-0
Comment on attachment 8386304 [details]
[PRLink] Fix SIGFPE/hang in emulated camera

r=me. Please also land on other emulators if applicable and attempt to upstream for a real review.
Attachment #8386304 - Flags: review?(mwu) → review+
Blocks: 872167
Just to finish this off: I spoke to jgriffin and he told me that, unlike when bug 867996 landed, these days no extra steps (see bug 871795) are required to push a new emulator build to the automation infrastructure. The emulator is rebuilt automatically.
You need to log in before you can comment on or make changes to this bug.