Native crash: Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xff00000c in tid 18434 (GLThread 5902), pid 18031 (gpuimage.sample)

[dd2664]

Relevant labels
Native, Fatal signal 11, ReleasePrimitiveArrayCritical

Bug Reporting

crash in native function: Java_jp_co_cyberagent_android_gpuimage_GPUImageNativeLibrary_YUVtoRBGA
crash in this line: (*env)->ReleasePrimitiveArrayCritical(env, yuv420sp, yuv, 0);

logcat:
A/libc: Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xff00000c in tid 18434 (GLThread 5902), pid 18031 (gpuimage.sample)

native crash dump:
********** Crash dump: **********
Build fingerprint: 'HUAWEI/HMA-AL00/HWHMA:10/HUAWEIHMA-AL00/10.1.0.163C00:user/release-keys'
#00 0x00000000003f8e78 /apex/com.android.runtime/lib64/libart.so (art::JNI::ReleasePrimitiveArrayCritical(_JNIEnv*, _jarray*, void*, int)+672) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)
#1 0x0000000000000ce0 /data/app/jp.co.cyberagent.android.gpuimage.sample-ZcxMIcpmCCFzM-LRhbt41A==/lib/arm64/libyuv-decoder.so (Java_jp_co_cyberagent_android_gpuimage_GPUImageNativeLibrary_YUVtoRBGA+1012) (BuildId: dc9ad768a7afe51f1
86405e3bd3821d1db855cbe)
Java_jp_co_cyberagent_android_gpuimage_GPUImageNativeLibrary_YUVtoRBGA
E:/work/github/android-gpuimage/library/src/main/cpp\yuv-decoder.c:63:5
#2 0x000000000014f350 /apex/com.android.runtime/lib64/libart.so (art_quick_generic_jni_trampoline+144) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)
#3 0x00000000001465b8 /apex/com.android.runtime/lib64/libart.so (art_quick_invoke_static_stub+568) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)
#4 0x00000000001551d4 /apex/com.android.runtime/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+284) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)
#5 0x00000000002fbfec /apex/com.android.runtime/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+384) (BuildId: 19bbc2cfafe97c9664
d1bc891cd9abfa)
#6 0x00000000002f72bc /apex/com.android.runtime/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+912) (BuildId: 19
bbc2cfafe97c9664d1bc891cd9abfa)
#7 0x00000000005cc7f4 /apex/com.android.runtime/lib64/libart.so (MterpInvokeStatic+368) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)
#8 0x0000000000140994 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_static+20) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)
#9 0x000000000013d196 [anon:dalvik-classes.dex extracted in memory from /data/app/jp.co.cyberagent.android.gpuimage.sample-ZcxMIcpmCCFzM-LRhbt41A==/base.apk] (jp.co.cyberagent.android.gpuimage.GPUImageRenderer$1.run+46)
#10 0x00000000002cc918 /apex/com.android.runtime/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEbb.llvm.9717788196832654690+320) (BuildId: 19bbc2cfafe97c9664d1bc89
1cd9abfa)
#11 0x00000000005ba77c /apex/com.android.runtime/lib64/libart.so (artQuickToInterpreterBridge+1012) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)
#12 0x000000000014f468 /apex/com.android.runtime/lib64/libart.so (art_quick_to_interpreter_bridge+88) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)
#13 0x000000000200fef4 /memfd:/jit-cache (deleted) (jp.co.cyberagent.android.gpuimage.GPUImageRenderer.runAll+196)
#14 0x000000000200afe8 /memfd:/jit-cache (deleted) (jp.co.cyberagent.android.gpuimage.GPUImageRenderer.onDrawFrame+88)
#15 0x0000000002004f34 /memfd:/jit-cache (deleted) (jp.co.cyberagent.android.gpuimage.GLTextureView$GLThread.guardedRun+2836)
#16 0x000000000014663c /apex/com.android.runtime/lib64/libart.so (art_quick_osr_stub+60) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)
#17 0x00000000003509c4 /apex/com.android.runtime/lib64/libart.so (art::jit::Jit::MaybeDoOnStackReplacement(art::Thread*, art::ArtMethod*, unsigned int, int, art::JValue*)+1660) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)
#18 0x00000000005d4b20 /apex/com.android.runtime/lib64/libart.so (MterpMaybeDoOnStackReplacement+212) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)
#19 0x0000000000145350 /apex/com.android.runtime/lib64/libart.so (MterpHelpers+240) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)
#20 0x000000000013b838 [anon:dalvik-classes.dex extracted in memory from /data/app/jp.co.cyberagent.android.gpuimage.sample-ZcxMIcpmCCFzM-LRhbt41A==/base.apk] (jp.co.cyberagent.android.gpuimage.GLTextureView$GLThread.guardedRun+1076
)
#21 0x00000000005cc2e8 /apex/com.android.runtime/lib64/libart.so (MterpInvokeDirect+1168) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)
#22 0x0000000000140914 /apex/com.android.runtime/lib64/libart.so (mterp_op_invoke_direct+20) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)
#23 0x000000000013bd14 [anon:dalvik-classes.dex extracted in memory from /data/app/jp.co.cyberagent.android.gpuimage.sample-ZcxMIcpmCCFzM-LRhbt41A==/base.apk] (jp.co.cyberagent.android.gpuimage.GLTextureView$GLThread.run+48)
#24 0x00000000002cc918 /apex/com.android.runtime/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEbb.llvm.9717788196832654690+320) (BuildId: 19bbc2cfafe97c9664d1bc89
1cd9abfa)
#25 0x00000000005ba77c /apex/com.android.runtime/lib64/libart.so (artQuickToInterpreterBridge+1012) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)
#26 0x000000000014f468 /apex/com.android.runtime/lib64/libart.so (art_quick_to_interpreter_bridge+88) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)
#27 0x0000000000146334 /apex/com.android.runtime/lib64/libart.so (art_quick_invoke_stub+548) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)
#28 0x00000000001551b4 /apex/com.android.runtime/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+252) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)
#29 0x00000000004d6f0c /apex/com.android.runtime/lib64/libart.so (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, ch
ar const*)+104) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)
#30 0x00000000004d7fa0 /apex/com.android.runtime/lib64/libart.so (art::InvokeVirtualOrInterfaceWithJValues(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, jvalue const*)+416) (BuildId: 19bbc2cfafe97c9664d1bc89
1cd9abfa)
#31 0x000000000051b178 /apex/com.android.runtime/lib64/libart.so (art::Thread::CreateCallback(void*)+1232) (BuildId: 19bbc2cfafe97c9664d1bc891cd9abfa)
#32 0x00000000000cf700 /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+36) (BuildId: d17e124089d1aef31580833df572fae0)
#33 0x00000000000720e8 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: d17e124089d1aef31580833df572fae0)
Crash dump is completed

Steps to Reproduce

1. modify demo code : Camera2Loader,line21, cameraFacing: Int = CameraCharacteristics.LENS_FACING_FRONT
2. run demo, click "CAMERA", into CameraActivity, click switch camera button to LENS_FACING_BACK
3. crash on some phone model：HUAWEI Mate 20(HarmonyOS 2.0.0), XIAOMI 11 ultra(Android 11)

• Device:HUAWEI Mate 20, XIAOMI 11 ultra
• OS:HarmonyOS 2.0.0, Android 11

[dd2664]

I found the reason is the variable "glRgbBuffer" in GPUImageRenderer. When click into CameraActivity with front camera, camera preview size is 352 * 288，then switch to back camera, preview size is 480 * 360, but glRgbBuffer do not change, so in native function Java_jp_co_cyberagent_android_gpuimage_GPUImageNativeLibrary_YUVtoRBGA, "rgbOut" array out of bounds.

My temporary solution is: make sure that the preview size of the front and back camera is the same.