google-oss-bot
commented
1 month ago I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
Open allenjia opened 1 month ago
google-oss-bot
commented
1 month ago I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
lehcar09
commented
1 month ago Hi @allenjia, thank you for reaching out. I tried reproducing the issue, but I was having difficulty. Could you share an runnable MCVE that can help us investigate the issue? Aside from that, is it occurring when the app is being opened or in some other way? Are you retrieving specific data from intent extras? Thanks!
allenjia
commented
1 month ago Hi @allenjia, thank you for reaching out. I tried reproducing the issue, but I was having difficulty. Could you share an runnable MCVE that can help us investigate the issue? Aside from that, is it occurring when the app is being opened or in some other way? Are you retrieving specific data from intent extras? Thanks!
It's also difficult for me to reproduce this problem. We discovered this problem from our reporting platform. Most of the crashes occurred on Android 6 and Android 7 phones. It looked like it happened when the user tried to open some pages. At this time, the user had already opened the app and Been using it for several minutes or hours.
On low-version API Android phones, we tried a method to fix this problem, which is to obtain the mExtras field in the original BaseBundle object through reflection and use it for synchronization. It seems to be effective so far. But this method is invalid for classes dynamically loaded from MeasurementDynamite.apk.
In the BaseBundle class of Android api25 and api26, the main difference is that there is no synchronization in the copy constructor in api25. When the unparce() method of the original BaseBundle object is called in the main thread, we call Intent.getExtras() in other threads. At this time, the two will process the same Parcel data, which may cause problems. So far it looks like we are not retrieving specific data from intent extras.
lehcar09
commented
1 month ago Thank you for additional details. Is there any chance you could share an MCVE to help us investigate the issue? That would help us check what intent data you're retrieving, as well as how the Firebase product is initialized.
Aside from that, could you updating to latest version 22.0.0 and see if the issue is resolved?
google-oss-bot
commented
3 weeks ago Hey @allenjia. We need more information to resolve this issue but there hasn't been an update in 5 weekdays. I'm marking the issue as stale and if there are no new updates in the next 5 days I will close it automatically.
If you have more information that will help us get to the bottom of this, just add a comment!
allenjia
commented
2 weeks ago Thank you for additional details. Is there any chance you could share an MCVE to help us investigate the issue? That would help us check what intent data you're retrieving, as well as how the Firebase product is initialized.
Aside from that, could you updating to latest version 22.0.0 and see if the issue is resolved?
I tried many times but couldn't reproduce this problem, so I can't provide an MCVE yet. After we integrated the firebase sdk, we only called a few methods about analytics, just including setAnalyticsCollectionEnabled, setConsent and setUserId.
We will try to update to the latest version next. But most crashes belong to the second type, that is, the classes are loaded from MeasurementDynamite.apk, which is part of Google Play Services, so I think It can't be solved until the Google Play Servicesis upgraded.
As mentioned above, we have fixed the first type of problem which classes are loaded from firebase sdk by using reflection and synchronization.
public final zzcu zza(Context context, boolean z) {
try {
return zzct.asInterface(DynamiteModule.load(context, DynamiteModule.PREFER_HIGHEST_OR_LOCAL_VERSION, ModuleDescriptor.MODULE_ID).instantiate("com.google.android.gms.measurement.internal.AppMeasurementDynamiteService"));
} catch (DynamiteModule.LoadingException e) {
zza((Exception) e, true, false);
return null;
}
}For the second type of problem which classes are loaded from MeasurementDynamite.apk, we find some other details. There is a param of "DynamiteModule.PREFER_HIGHEST_OR_LOCAL_VERSION" in com.google.android.gms.internal.measurement.zzdf.zza(). If we change it to "DynamiteModule.PREFER_LOCAL", the releated class, such as AppMeasurementDynamiteService.class, will be loaded from the firebase sdk instead of from the MeasurementDynamite.apk.
Can we fix the second type of problem by change the param from "DynamiteModule.PREFER_HIGHEST_OR_LOCAL_VERSION" to "DynamiteModule.PREFER_LOCAL"? I think this will be effective because the problem in firebase sdk has been fixed by reflection and synchronization. Will this approach cause other potential problems?
lehcar09
commented
2 weeks ago Just wanted to check in, does the issue persist on the latest version of Firebase Analytics 22.0.0?
google-oss-bot
commented
1 week ago Hey @allenjia. We need more information to resolve this issue but there hasn't been an update in 5 weekdays. I'm marking the issue as stale and if there are no new updates in the next 5 days I will close it automatically.
If you have more information that will help us get to the bottom of this, just add a comment!
allenjia
commented
1 week ago Hi @allenjia, thank you for reaching out. I tried reproducing the issue, but I was having difficulty. Could you share an runnable MCVE that can help us investigate the issue? Aside from that, is it occurring when the app is being opened or in some other way? Are you retrieving specific data from intent extras? Thanks!
public void run() {
Bundle bundleMap = new Bundle();
for (int k = 0; k < 1000; k++) {
bundleMap.putString("test" + k, "hello world " + k);
}
new Thread(() -> {
for (int i = 0; i < 100000000; i++) {
Parcel parcel = Parcel.obtain();
bundleMap.writeToParcel(parcel, 0);
parcel.setDataPosition(0);
Bundle bundleParcel = new Bundle();
bundleParcel.readFromParcel(parcel);
parcel.recycle();
new Thread(() -> {
Thread.yield();
try {
new Bundle(bundleParcel);
} catch (RuntimeException e) {
Log.e("testtesttest", "exception ", e);
}
}).start();
new Thread(() -> {
Thread.yield();
bundleParcel.getString("test10");
}).start();
Log.e("testtesttest", "run: " + i);
}
}).start();
}I reproduced this problem with the above codes on an Android 5.1.1 phone.
java.lang.NullPointerException: Attempt to invoke virtual method 'int android.os.Parcel.dataSize()' on a null object reference
android.os.BaseBundle.<init>(BaseBundle.java:126)
android.os.Bundle.<init>(Bundle.java:102)
......#00 pc 0000000000013b98 libc.so (memcpy+336)
#01 pc 000000000002d4f0 libbinder.so (android::Parcel::appendFrom(android::Parcel const*, unsigned long, unsigned long)+332)
#02 pc 00000000000d01c0 libandroid_runtime.so
#03 pc 00000000747d6df4 <unknown>
******* Java stack for JNI crash *******
android.os.Parcel.nativeAppendFrom(Parcel.java)
android.os.Parcel.appendFrom(Parcel.java:446)
android.os.BaseBundle.<init>(BaseBundle.java:126)
android.os.Bundle.<init>(Bundle.java:102)
......There are two main types of errors, including NullPointerException and JNI crash. The NullPointerException is easy to reproduce after hundreds or thousands of attempts, but the JNI crash may requires tens of thousands of attempts to reproduce.
In class zzjx of Firebase Sdk, the RuntimeException is caught, just like I did in the demo above, so our app crashes are basically JNI crash.
lehcar09
commented
1 day ago Thank you for the additional details @allenjia. I was able to reproduce the issue with the code snippet you shared with me. I'll inform our engineers and see what we can do here.
In the meantime, could you share the contents of your gradle files?
[READ] Step 1: Are you in the right place?
Yes
[REQUIRED] Step 2: Describe your environment
[REQUIRED] Step 3: Describe the problem
On Android 7.1 and lower Bundle unparceling is not thread safe.
There was a similar problem before, but it has been fixed now. The problem occurred in the firebase-messaging module. The related discussion can be seen here. https://github.com/firebase/firebase-android-sdk/issues/3090
In the onActivityCreated method of the class com.google.android.gms.measurement.internal.zzjx.java, the intent.getextras method is called, which may cause a crash. This issue has not been fixed yet.
In addition, sometimes, AppMeasurementDynamiteService.class is loaded from this path "/data/user_de/0/com.google.android.gms/app_chimera/m/000000be/MeasurementDynamite.apk" through DynamiteModule, and these codes are not in our integrated firebase sdk. There is a similar set of code in MeasurementDynamite.apk, which will have the same problem. The stack is as follows:
Relevant Code:
com.google.android.gms.measurement.internal.zzjx.java