Opened on 01/12/2018 at 07:43:23 AM
Closed on 04/13/2018 at 08:33:41 AM
#6243 closed defect (invalid)
Native crash on disposed FilterEngine access
| Reported by: | asmirnov | Assignee: | |
|---|---|---|---|
| Priority: | P4 | Milestone: | |
| Module: | Libadblockplus-Android | Keywords: | |
| Cc: | sergz | Blocked By: | |
| Blocking: | Platform: | Android | |
| Ready: | yes | Confidential: | no |
| Tester: | Unknown | Verified working: | no |
| Review URL(s): | |||
Description
Environment
Access to disposed filter engine native crash.
How to reproduce
- Create java filter engine instance (and waitForReady if it's created asynchronously)
- Remember filter engine instance ptr
- Dispose adblock engine (and filter engine)
- Call any filter engine object method (eg. getHostURL)
...
Observed behaviour
Native crash
Expected behaviour
Don't access released filter engine, no native crash happens
Attachments (3)
Change History (9)
Changed on 01/12/2018 at 07:43:33 AM by asmirnov
comment:1 Changed on 01/12/2018 at 07:46:28 AM by asmirnov
- Cc sergz added
- Ready set
comment:2 Changed on 01/12/2018 at 07:49:06 AM by asmirnov
Changed on 01/12/2018 at 07:52:59 AM by asmirnov
reproduced crash stacktrace
comment:3 Changed on 01/12/2018 at 07:55:01 AM by asmirnov
One could check refs count using AdblockHelper.get().getCounter():
https://github.com/adblockplus/libadblockplus-android/blob/master/libadblockplus-android-settings/src/org/adblockplus/libadblockplus/android/settings/AdblockHelper.java#L244
comment:4 Changed on 01/12/2018 at 08:02:36 AM by asmirnov
The crash happens if accessing filter engine after it's disposed.
It's up to developer to check that dispose() count is equal to release() jus like in C++ with new and delete. If using AdblockHelper you can use getCounter() to check instances count. Also AdblockHelper.get().getAdblockEngine() returns null after it's disposed.
I don't think we should do anything special to make it more safe (like check if filter engine is disposed every time when accessing).
If this happens in AdblockWebView this should be fixed in separate issue.
comment:5 Changed on 01/12/2018 at 08:10:01 AM by asmirnov
BTW AdblockWebView doesn't dispose external Adblock Engine instance:
https://github.com/adblockplus/libadblockplus-android/blob/master/libadblockplus-android-webview/src/org/adblockplus/libadblockplus/android/webview/AdblockWebView.java#L258
So in use case where multiple AdblockWebviews are created in Activity it's up to activity to create AdblockEngine instance in the very beginning, set it to each AdblockWebView and dispose it in the very end of Activity lifecycle (so every AdblockWebView does not release it).
Changed on 01/12/2018 at 12:29:39 PM by vickyyu
comment:6 Changed on 04/13/2018 at 08:33:41 AM by asmirnov
- Resolution set to invalid
- Status changed from new to closed
This can be reproduce with the following code:
AdblockHelper.get().waitForReady(); FilterEngine filterEngine = AdblockHelper.get().getEngine().getFilterEngine(); AdblockHelper.get().release(); String host = filterEngine.getHostFromURL("http://somehost.com/somepage.html"); // crash here