Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
bug: MessageHandler usage of JavaScriptReplyProxy is triggering a native crash on webview
See original GitHub issueBug Report
Capacitor Version
@capacitor/cli: 4.1.0 @capacitor/android: 4.1.0 @capacitor/ios: 4.1.0 @capacitor/core: 4.1.0
Platform(s)
Android
Current Behavior
For some reason the app crashes when the webview is under stress, triggering a native crash:
Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0 in tid 13176 (app package id), pid 13176 (app package id)
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2022-09-23 16:34:21.809 13609-13609 DEBUG pid-13609 A Build fingerprint: 'google/crosshatch/crosshatch:12/SP1A.210812.016.C1/8029091:user/release-keys'
2022-09-23 16:34:21.809 13609-13609 DEBUG pid-13609 A Revision: 'MP1.0'
2022-09-23 16:34:21.809 13609-13609 DEBUG pid-13609 A ABI: 'arm64'
2022-09-23 16:34:21.809 13609-13609 DEBUG pid-13609 A Timestamp: 2022-09-23 16:34:21.107842893+0200
2022-09-23 16:34:21.809 13609-13609 DEBUG pid-13609 A Process uptime: 0s
2022-09-23 16:34:21.809 13609-13609 DEBUG pid-13609 A Cmdline: app package id
2022-09-23 16:34:21.809 13609-13609 DEBUG pid-13609 A pid: 13176, tid: 13176, name: app process name >>> app package id <<<
2022-09-23 16:34:21.810 13609-13609 DEBUG pid-13609 A uid: 11403
2022-09-23 16:34:21.810 13609-13609 DEBUG pid-13609 A signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0
2022-09-23 16:34:21.810 13609-13609 DEBUG pid-13609 A Cause: null pointer dereference
2022-09-23 16:34:21.810 13609-13609 DEBUG pid-13609 A x0 0000007fd1c72788 x1 0000007fd1c72788 x2 0000007e55faf2c0 x3 0000007ce48c55dc
2022-09-23 16:34:21.810 13609-13609 DEBUG pid-13609 A x4 0000007fd1c723f0 x5 0000007fd1c72308 x6 0000000000000000 x7 0000000000000000
2022-09-23 16:34:21.810 13609-13609 DEBUG pid-13609 A x8 0000000000000000 x9 3192123bb699877f x10 0000000000000010 x11 0000000000000160
2022-09-23 16:34:21.810 13609-13609 DEBUG pid-13609 A x12 000000000000000a x13 0000000000000000 x14 0000007fd1c71c20 x15 000000000000000f
2022-09-23 16:34:21.810 13609-13609 DEBUG pid-13609 A x16 0000000000000001 x17 0000007f981e6b40 x18 0000007f9ebd2000 x19 0000000000000000
2022-09-23 16:34:21.810 13609-13609 DEBUG pid-13609 A x20 0000007da5fa9ab0 x21 0000007a005c70c0 x22 0000007da5fa9ab0 x23 0000000000000007
2022-09-23 16:34:21.810 13609-13609 DEBUG pid-13609 A x24 0000000000000007 x25 0000007fd1c728a8 x26 0000000010300011 x27 0000000000000008
2022-09-23 16:34:21.810 13609-13609 DEBUG pid-13609 A x28 0000007fd1c728c0 x29 0000007fd1c727a0
2022-09-23 16:34:21.810 13609-13609 DEBUG pid-13609 A lr 0000007c7fe4ccbc sp 0000007fd1c72780 pc 0000007c7fe4ccbc pst 0000000060000000
2022-09-23 16:34:21.810 13609-13609 DEBUG pid-13609 A backtrace:
2022-09-23 16:34:21.810 13609-13609 DEBUG pid-13609 A #00 pc 0000000001c28cbc /data/app/~~bJpCPv5dhtSWFX32lsHHfg==/com.google.android.webview-tjDobPBo0L-9pipJRhM6aQ==/base.apk!libmonochrome.so (Java_J_N_MayS5i9E+80) (BuildId: 30bb452c0c8c3eb67961996b4977370b3485b3d3)
2022-09-23 16:34:21.810 13609-13609 DEBUG pid-13609 A #01 pc 00000000001e63f4 /data/app/~~bJpCPv5dhtSWFX32lsHHfg==/com.google.android.webview-tjDobPBo0L-9pipJRhM6aQ==/oat/arm64/base.odex (art_jni_trampoline+132)
2022-09-23 16:34:21.840 827-827 tombstoned pid-827 E Tombstone written to: tombstone_17
I have changed the app package id for security reasons.
Expected Behavior
The app shouldn’t crash
Code Reproduction
The crash is not triggered anymore if the change that was made on sendResponseMessage is reverted:
Now (Doesn’t Work):
boolean isValidCallbackId = !call.getCallbackId().equals(PluginCall.CALLBACK_ID_DANGLING);
if (isValidCallbackId) {
if (WebViewFeature.isFeatureSupported(WebViewFeature.WEB_MESSAGE_LISTENER) && javaScriptReplyProxy != null) {
javaScriptReplyProxy.postMessage(data.toString());
} else {
final String runScript = "window.Capacitor.fromNative(" + data.toString() + ")";
final WebView webView = this.webView;
webView.post(() -> webView.evaluateJavascript(runScript, null));
}
}
Before (Works):
boolean isValidCallbackId = !call.getCallbackId().equals(PluginCall.CALLBACK_ID_DANGLING);
if (isValidCallbackId) {
final String runScript = "window.Capacitor.fromNative(" + data.toString() + ")";
final WebView webView = this.webView;
webView.post(() -> webView.evaluateJavascript(runScript, null));
} else {
bridge.getApp().fireRestoredResult(data);
}
So I guess something is wrong with this call:
javaScriptReplyProxy.postMessage(data.toString());
Other Technical Details
The crash doesn’t happen with Capacitor 3.8.0 but still happens with Capacitor 4.3.0
npm --version output:
8.1.0
node --version output:
v16.13.0
Issue Analytics
- State:
- Created a year ago
- Comments:16 (7 by maintainers)
Top Results From Across the Web
Webview crashes when instantiating shared workers in IOS 16.1
It should work fine with 16.0 but crashes the native webview process in 16.1. ... regarding SharedWorker in WKWebView on iOS 16.1, and...
Read more >Here's how to fix those mysterious Android WebView crashes
How to Fix the Recent App Crashes. To use WatfordHert's method, go to the main Android Settings menu, then tap "Apps & Notifications"...
Read more >Webview causing react-native app to crash on navigation
Have you seen this Screen with WebView crashes App during navigation? Workarounds: <Stack.Screen ... options={{animationEnabled: false}} ...
Read more >Fixing the Latest Apps Crashing Bug from Android System ...
If you have noticed your Android apps crashing all of a sudden, ... for the Chrome application as well as the Android System...
Read more >Apps crashing since morning - OnePlus Community
The problem you are experiencing is to do with a Google Webview bug which popped up about 12 hours ago. Go into the...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I’ve added this as feature request to allow to use the old bridge. But there are a lot more chances of working on it if it was a bug that could be reproduced instead of a feature request.
Also using the old bridge is more insecure and google could remove it at any time while the new one is more future proof.
Thanks for the issue! This issue is being locked to prevent comments that are not relevant to the original issue. If this is still an issue with the latest version of Capacitor, please create a new issue and ensure the template is fully filled out.