search

cats-oss / android-gpuimage

Android filters based on OpenGL (idea from GPUImage for iOS)
8.95k stars 2.26k forks source link

Native crash: Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xff00000c in tid 18434 (GLThread 5902), pid 18031 (gpuimage.sample) #528

Open dd2664 opened 3 years ago

dd2664 commented 3 years ago

Relevant labels Native, Fatal signal 11, ReleasePrimitiveArrayCritical

Bug Reporting

crash in native function: Java_jp_co_cyberagent_android_gpuimage_GPUImageNativeLibrary_YUVtoRBGA crash in this line: (*env)->ReleasePrimitiveArrayCritical(env, yuv420sp, yuv, 0);

logcat: A/libc: Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xff00000c in tid 18434 (GLThread 5902), pid 18031 (gpuimage.sample)

native crash dump: ** Crash dump: ** Build fingerprint: 'HUAWEI/HMA-AL00/HWHMA:10/HUAWEIHMA-AL00/10.1.0.163C00:user/release-keys'

00 0x00000000003f8e78 /apex/com.android.runtime/lib64/libart.so (art::JNI::ReleasePrimitiveArrayCritical(_JNIEnv, _jarray, void*, int)+672) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)

01 0x0000000000000ce0 /data/app/jp.co.cyberagent.android.gpuimage.sample-ZcxMIcpmCCFzM-LRhbt41A==/lib/arm64/libyuv-decoder.so (Java_jp_co_cyberagent_android_gpuimage_GPUImageNativeLibrary_YUVtoRBGA+1012) (BuildId: dc9ad768a7afe51f1

86405e3bd3821d1db855cbe) Java_jp_co_cyberagent_android_gpuimage_GPUImageNativeLibrary_YUVtoRBGA E:/work/github/android-gpuimage/library/src/main/cpp\yuv-decoder.c:63:5

02 0x000000000014f350 /apex/com.android.runtime/lib64/libart.so (art_quick_generic_jni_trampoline+144) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)

03 0x00000000001465b8 /apex/com.android.runtime/lib64/libart.so (art_quick_invoke_static_stub+568) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)

04 0x00000000001551d4 /apex/com.android.runtime/lib64/libart.so (art::ArtMethod::Invoke(art::Thread, unsigned int, unsigned int, art::JValue, char const)+284) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)

05 0x00000000002fbfec /apex/com.android.runtime/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread, art::ArtMethod, art::ShadowFrame, unsigned short, art::JValue)+384) (BuildId: 19bbc2cfafe97c9664

d1bc891cd9abfa)

06 0x00000000002f72bc /apex/com.android.runtime/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod, art::Thread, art::ShadowFrame&, art::Instruction const, unsigned short, art::JValue)+912) (BuildId: 19

bbc2cfafe97c9664d1bc891cd9abfa)

07 0x00000000005cc7f4 /apex/com.android.runtime/lib64/libart.so (MterpInvokeStatic+368) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)

08 0x0000000000140994 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_static+20) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)

09 0x000000000013d196 [anon:dalvik-classes.dex extracted in memory from /data/app/jp.co.cyberagent.android.gpuimage.sample-ZcxMIcpmCCFzM-LRhbt41A==/base.apk] (jp.co.cyberagent.android.gpuimage.GPUImageRenderer$1.run+46)

10 0x00000000002cc918 /apex/com.android.runtime/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEbb.llvm.9717788196832654690+320) (BuildId: 19bbc2cfafe97c9664d1bc89

1cd9abfa)

11 0x00000000005ba77c /apex/com.android.runtime/lib64/libart.so (artQuickToInterpreterBridge+1012) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)

12 0x000000000014f468 /apex/com.android.runtime/lib64/libart.so (art_quick_to_interpreter_bridge+88) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)

13 0x000000000200fef4 /memfd:/jit-cache (deleted) (jp.co.cyberagent.android.gpuimage.GPUImageRenderer.runAll+196)

14 0x000000000200afe8 /memfd:/jit-cache (deleted) (jp.co.cyberagent.android.gpuimage.GPUImageRenderer.onDrawFrame+88)

15 0x0000000002004f34 /memfd:/jit-cache (deleted) (jp.co.cyberagent.android.gpuimage.GLTextureView$GLThread.guardedRun+2836)

16 0x000000000014663c /apex/com.android.runtime/lib64/libart.so (art_quick_osr_stub+60) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)

17 0x00000000003509c4 /apex/com.android.runtime/lib64/libart.so (art::jit::Jit::MaybeDoOnStackReplacement(art::Thread, art::ArtMethod, unsigned int, int, art::JValue*)+1660) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)

18 0x00000000005d4b20 /apex/com.android.runtime/lib64/libart.so (MterpMaybeDoOnStackReplacement+212) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)

19 0x0000000000145350 /apex/com.android.runtime/lib64/libart.so (MterpHelpers+240) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)

20 0x000000000013b838 [anon:dalvik-classes.dex extracted in memory from /data/app/jp.co.cyberagent.android.gpuimage.sample-ZcxMIcpmCCFzM-LRhbt41A==/base.apk] (jp.co.cyberagent.android.gpuimage.GLTextureView$GLThread.guardedRun+1076

)

21 0x00000000005cc2e8 /apex/com.android.runtime/lib64/libart.so (MterpInvokeDirect+1168) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)

22 0x0000000000140914 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_direct+20) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)

23 0x000000000013bd14 [anon:dalvik-classes.dex extracted in memory from /data/app/jp.co.cyberagent.android.gpuimage.sample-ZcxMIcpmCCFzM-LRhbt41A==/base.apk] (jp.co.cyberagent.android.gpuimage.GLTextureView$GLThread.run+48)

24 0x00000000002cc918 /apex/com.android.runtime/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEbb.llvm.9717788196832654690+320) (BuildId: 19bbc2cfafe97c9664d1bc89

1cd9abfa)

25 0x00000000005ba77c /apex/com.android.runtime/lib64/libart.so (artQuickToInterpreterBridge+1012) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)

26 0x000000000014f468 /apex/com.android.runtime/lib64/libart.so (art_quick_to_interpreter_bridge+88) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)

27 0x0000000000146334 /apex/com.android.runtime/lib64/libart.so (art_quick_invoke_stub+548) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)

28 0x00000000001551b4 /apex/com.android.runtime/lib64/libart.so (art::ArtMethod::Invoke(art::Thread, unsigned int, unsigned int, art::JValue, char const)+252) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)

29 0x00000000004d6f0c /apex/com.android.runtime/lib64/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod, art::(anonymous namespace)::ArgArray, art::JValue*, ch

ar const*)+104) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)

30 0x00000000004d7fa0 /apex/com.android.runtime/lib64/libart.so (art::InvokeVirtualOrInterfaceWithJValues(art::ScopedObjectAccessAlreadyRunnable const&, _jobject, _jmethodID, jvalue const*)+416) (BuildId: 19bbc2cfafe97c9664d1bc89

1cd9abfa)

31 0x000000000051b178 /apex/com.android.runtime/lib64/libart.so (art::Thread::CreateCallback(void*)+1232) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)

32 0x00000000000cf700 /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+36) (BuildId: d17e124089d1aef31580833df572fae0)

33 0x00000000000720e8 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: d17e124089d1aef31580833df572fae0)

Crash dump is completed

Steps to Reproduce

  1. modify demo code : Camera2Loader,line21, cameraFacing: Int = CameraCharacteristics.LENS_FACING_FRONT
  2. run demo, click "CAMERA", into CameraActivity, click switch camera button to LENS_FACING_BACK
  3. crash on some phone model:HUAWEI Mate 20(HarmonyOS 2.0.0), XIAOMI 11 ultra(Android 11)
dd2664 commented 3 years ago

image

I found the reason is the variable "glRgbBuffer" in GPUImageRenderer. When click into CameraActivity with front camera, camera preview size is 352 288,then switch to back camera, preview size is 480 360, but glRgbBuffer do not change, so in native function Java_jp_co_cyberagent_android_gpuimage_GPUImageNativeLibrary_YUVtoRBGA, "rgbOut" array out of bounds.

My temporary solution is: make sure that the preview size of the front and back camera is the same.