SIGSEGV/SIGBUS in fetch_preset/get_text

[chrisboyle]

Since the release of 8750.5 I have had 9 crash reports in the same place (and one other unrelated). Seen on 1.5, 1.6 and 2.0, on a range of devices. The traces all decode like this:

[two frames in libdvm.so, addresses vary by Android version]
00006d68 android.c:516:     const char * c = (*env)->GetStringUTFChars(env, j, NULL);
[the first call to _(some_string) in some game's fetch_preset]
00042220 midend.c:893           while (me->ourgame->fetch_preset(me->npresets, &name, &preset)) {
00007188 android.c:642      if ((n = midend_num_presets(_fe->me)) > 0) {
[one more frame in libdvm.so]

Here is an extract from a typical report (from a Sprint Hero on 1.5), with frame 03 annotated:

12-03 21:46:40.499 10692 10692 D SGTPuzzles: startGame: -1, 326 bytes
...
12-03 21:46:41.010    40    40 I DEBUG   : signal 11 (SIGSEGV), fault addr 705862c8
...
12-03 21:46:42.789    40    40 I DEBUG   :          # 00  pc 00047bea  /system/lib/libdvm.so
12-03 21:46:42.799    40    40 I DEBUG   :          # 01  pc 00041410  /system/lib/libdvm.so
12-03 21:46:42.830    40    40 I DEBUG   :          # 02  pc 00006d68  /data/data/name.boyle.chris.sgtpuzzles/lib/libpuzzles.so
12-03 21:46:42.830    40    40 I DEBUG   :          # 03  pc 00009e2c  /data/data/name.boyle.chris.sgtpuzzles/lib/libpuzzles.so
blackbox.c:74           sprintf(str, _("%dx%d, %d balls"),  ret->w, ret->h, ret->minballs);
12-03 21:46:42.830    40    40 I DEBUG   :          # 04  pc 00042220  /data/data/name.boyle.chris.sgtpuzzles/lib/libpuzzles.so
12-03 21:46:42.830    40    40 I DEBUG   :          # 05  pc 00007188  /data/data/name.boyle.chris.sgtpuzzles/lib/libpuzzles.so
12-03 21:46:42.839    40    40 I DEBUG   :          # 06  pc 0000e434  /system/lib/libdvm.so

This means we were starting a game (either resuming it because the app was started, or New Game was pressed, or a custom game was started; it doesn't matter, there have been reports from all these cases) and we finished android_deserialise, continued on to fill in the "Type" menu, and on trying to call from C up to Java to translate the first item for that menu, we crashed somewhere in the mechanics of GetStringUTFChars. Perhaps either env or j was invalid.

There have been over 3000 downloads on Android Market since this release went out, and only these 9 reports, so even allowing for under-reporting, this suggests that this issue is rare. Perhaps a threading issue or some such.

[chrisboyle]

Well this is now up to 27 reports, and I'm not really any closer to solving it. There being two frames and it being a SIGSEGV/SIGBUS suggests dvmCreateCstrFromString() as the innermost frame and j (that is, the return from CallObjectMethod(...,getText,...)) being invalid. No closer to knowing why, except that I probably fail at thread safety somehow.

[chrisboyle]

No reports of this in 8853.1 or newer. I think commit 9750c6836dda2e1ad00a7299ca6ce9b05072eee1, comit 131bfbbd4be1d21702f878de627a68f1f66515b7, commit 92f474dcb09f4cdd228e5bfd95b8333b5fc46cd5 may actually have helped! :-) Closing, to be reopened on further crash reports.