Description
[READ] Step 1: Are you in the right place?
Yes
[REQUIRED] Step 2: Describe your environment
- Android Studio version: Android Studio Giraffe | 2022.3.1 Patch 4
- Firebase Component: com.google.android.gms:play-services-measurement-base
- Component version: 21.5.1
[REQUIRED] Step 3: Describe the problem
On Android 7.1 and lower Bundle unparceling is not thread safe.
There was a similar problem before, but it has been fixed now. The problem occurred in the firebase-messaging module. The related discussion can be seen here. #3090
In the onActivityCreated method of the class com.google.android.gms.measurement.internal.zzjx.java, the intent.getextras method is called, which may cause a crash. This issue has not been fixed yet.
#01 pc 000000000006ac60 /system/lib64/libc.so (pthread_kill+68)
#02 pc 000000000002419c /system/lib64/libc.so (raise+28)
#03 pc 000000000001ca40 /system/lib64/libc.so (abort+56)
#04 pc 00000000000c64c8 /system/lib64/libandroid_runtime.so
#05 pc 00000000021bf1c0 /system/framework/arm64/boot-framework.oat (oatexec+9466304)
******* Java stack for JNI crash *******
android.os.Parcel.nativeAppendFrom(Parcel.java)
android.os.Parcel.appendFrom(Parcel.java:463)
android.os.BaseBundle.<init>(BaseBundle.java:164)
android.os.Bundle.<init>(Bundle.java:106)
android.content.Intent.getExtras(Intent.java:6635)
com.google.android.gms.measurement.internal.zzjx.onActivityCreated(zzjx.java:79)
com.google.android.gms.measurement.internal.AppMeasurementDynamiteService.onActivityCreated(AppMeasurementDynamiteService.java:128)
com.google.android.gms.internal.measurement.zzeo.zza(zzeo.java:11)
com.google.android.gms.internal.measurement.zzdf$zza.run(zzdf.java:12)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607)
java.lang.Thread.run(Thread.java:761)
In addition, sometimes, AppMeasurementDynamiteService.class is loaded from this path "/data/user_de/0/com.google.android.gms/app_chimera/m/000000be/MeasurementDynamite.apk" through DynamiteModule, and these codes are not in our integrated firebase sdk. There is a similar set of code in MeasurementDynamite.apk, which will have the same problem. The stack is as follows:
#00 pc 0000000000026304 /system/lib64/libbinder.so (android::acquire_object(android::sp<android::ProcessState> const&, flat_binder_object const&, void const*, unsigned long*)+20)
#01 pc 00000000000282d4 /system/lib64/libbinder.so (android::Parcel::appendFrom(android::Parcel const*, unsigned long, unsigned long)+524)
#02 pc 00000000000a7a98 /system/lib64/libandroid_runtime.so
#03 pc 00000000034ee448 /data/dalvik-cache/arm64/system@[email protected] (oatexec+19776584)
******* Java stack for JNI crash *******
android.os.Parcel.nativeAppendFrom(Parcel.java)
android.os.Parcel.appendFrom(Parcel.java:461)
android.os.BaseBundle.<init>(BaseBundle.java:126)
android.os.Bundle.<init>(Bundle.java:102)
android.content.Intent.getExtras(Intent.java:5694)
m.ll.onActivityCreated(:com.google.android.gms.dynamite_measurementdynamite@[email protected] (040400-0):35)
com.google.android.gms.measurement.internal.AppMeasurementDynamiteService.onActivityCreated(:com.google.android.gms.dynamite_measurementdynamite@[email protected] (040400-0):29)
m.cs.a(:com.google.android.gms.dynamite_measurementdynamite@[email protected] (040400-0):114)
m.v.onTransact(:com.google.android.gms.dynamite_measurementdynamite@[email protected] (040400-0):21)
android.os.Binder.transact(Binder.java:387)
com.google.android.gms.internal.measurement.zzbu.zzb(zzbu.java:21)
com.google.android.gms.internal.measurement.zzcw.onActivityCreated(zzcw.java:117)
com.google.android.gms.internal.measurement.zzeo.zza(zzeo.java:11)
com.google.android.gms.internal.measurement.zzdf$zza.run(zzdf.java:12)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1113)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:588)
java.lang.Thread.run(Thread.java:818)
Relevant Code:
com.google.android.gms.measurement.internal.zzjx.java