Tom Sttreet created CB-821:
------------------------------
Summary: Cordova crashes with EXEC_BAD_ACCESS when using camera on
iOS 5.1.1
Key: CB-821
URL: https://issues.apache.org/jira/browse/CB-821
Project: Apache Cordova
Issue Type: Bug
Components: iOS
Affects Versions: 1.7.0
Environment: Cordova: 1.7.0
Device: iPad 3
iOS: 5.1.1
Reporter: Tom Sttreet
Assignee: Shazron Abdullah
I have a test page with a text box and a button which calls
navigator.camera.getPicture(). To reproduce this issue:
Browse to page, enter some text in the text box, tap the button to launch the
camera, cancel the camera, enter some more text in the text box, tap button to
launch camera again and then Cordova crashes out with EXEC_BAD_ACCESS.
I'm not an iOS developer or proficient Xcode user, with that in mind, here is
what Xcode tells me:
This happens in Thread 11: com.apple.camera.avcapturesession and this is what
is shown (the EXEC_BAD_ACCESS is thrown on line starting with 0x35c1725a):
WebCore`WebCore::TimerBase::setNextFireTime(double):
0x35c1717c: push {r4, r5, r6, r7, lr}
0x35c1717e: add r7, sp, #12
0x35c17180: vpush {d8}
0x35c17184: sub sp, #32
0x35c17186: vmov d8, r1, r2
0x35c1718a: vldr d16, [r0, #4]
0x35c1718e: vcmpe.f64 d16, d8
0x35c17192: vmrs apsr_nzcv, fpscr
0x35c17196: beq.w #264
0x35c1719a: mov r4, r0
0x35c1719c: movw r0, #21868
0x35c171a0: movt r0, #2424
0x35c171a4: vstr d8, [r4, #4]
0x35c171a8: add r0, pc
0x35c171aa: vcmpe.f64 d16, #0
0x35c171ae: ldr r1, [r0]
0x35c171b0: str r1, [r4, #24]
0x35c171b2: adds r1, #1
0x35c171b4: str r1, [r0]
0x35c171b6: ldr r5, [r4, #20]
0x35c171b8: vmrs apsr_nzcv, fpscr
0x35c171bc: bne 0x35c171c6 ;
WebCore::TimerBase::setNextFireTime(double) + 74
0x35c171be: mov r0, r4
0x35c171c0: bl #217280 ; 0x35c4c284
WebCore::TimerBase::heapInsert()
0x35c171c4: b 0x35c1728e ;
WebCore::TimerBase::setNextFireTime(double) + 274
0x35c171c6: vcmpe.f64 d8, #0
0x35c171ca: vmrs apsr_nzcv, fpscr
0x35c171ce: bne 0x35c17218 ;
WebCore::TimerBase::setNextFireTime(double) + 156
0x35c171d0: movs r0, #0
0x35c171d2: mov r6, r4
0x35c171d4: str r0, [r6, #4]!
0x35c171d8: movs r0, #0
0x35c171da: movt r0, #65520
0x35c171de: str r0, [r6, #4]
0x35c171e0: str r5, [sp]
0x35c171e2: bl #217354 ; 0x35c4c2f0
WebCore::threadGlobalData()
0x35c171e6: mov r3, sp
0x35c171e8: mov r1, r5
0x35c171ea: ldr r0, [r0, #4]
0x35c171ec: movs r2, #0
0x35c171ee: ldr r0, [r0, #4]
0x35c171f0: ldr.w r0, [r0, r5, lsl #2]
0x35c171f4: str r0, [sp, #4]
0x35c171f6: movs r0, #0
0x35c171f8: bl #217772 ; 0x35c4c4a8 void
std::__push_heap<WebCore::TimerHeapIterator, int,
WebCore::TimerHeapElement>(WebCore::TimerHeapIterator, int, int,
WebCore::TimerHeapElement)
0x35c171fc: bl #276312 ; 0x35c5a958
WebCore::TimerBase::heapPopMin()
0x35c17200: vstr d8, [r6]
0x35c17204: bl #217320 ; 0x35c4c2f0
WebCore::threadGlobalData()
0x35c17208: ldr r0, [r0, #4]
0x35c1720a: ldr r1, [r0]
0x35c1720c: subs r1, #1
0x35c1720e: str r1, [r0]
0x35c17210: mov.w r0, #4294967295
0x35c17214: str r0, [r4, #20]
0x35c17216: b 0x35c1728e ;
WebCore::TimerBase::setNextFireTime(double) + 274
0x35c17218: vcmpe.f64 d16, d8
0x35c1721c: vmrs apsr_nzcv, fpscr
0x35c17220: ble 0x35c1723c ;
WebCore::TimerBase::setNextFireTime(double) + 192
0x35c17222: str r5, [sp, #8]
0x35c17224: bl #217288 ; 0x35c4c2f0
WebCore::threadGlobalData()
0x35c17228: mov r1, r5
0x35c1722a: ldr r0, [r0, #4]
0x35c1722c: ldr r0, [r0, #4]
0x35c1722e: ldr.w r0, [r0, r5, lsl #2]
0x35c17232: str r0, [sp, #12]
0x35c17234: movs r0, #0
0x35c17236: add r3, sp, #8
0x35c17238: mov r2, r0
0x35c1723a: b 0x35c1728a ;
WebCore::TimerBase::setNextFireTime(double) + 270
0x35c1723c: movs r0, #0
0x35c1723e: mov r6, r4
0x35c17240: str r0, [r6, #4]!
0x35c17244: movs r0, #0
0x35c17246: movt r0, #65520
0x35c1724a: str r0, [r6, #4]
0x35c1724c: str r5, [sp, #16]
0x35c1724e: bl #217246 ; 0x35c4c2f0
WebCore::threadGlobalData()
0x35c17252: mov r1, r5
0x35c17254: movs r2, #0
0x35c17256: ldr r0, [r0, #4]
0x35c17258: ldr r0, [r0, #4]
0x35c1725a: ldr.w r0, [r0, r5, lsl #2]
0x35c1725e: str r0, [sp, #20]
0x35c17260: add r3, sp, #16
0x35c17262: movs r0, #0
0x35c17264: bl #217664 ; 0x35c4c4a8 void
std::__push_heap<WebCore::TimerHeapIterator, int,
WebCore::TimerHeapElement>(WebCore::TimerHeapIterator, int, int,
WebCore::TimerHeapElement)
0x35c17268: bl #276204 ; 0x35c5a958
WebCore::TimerBase::heapPopMin()
0x35c1726c: vstr d8, [r6]
0x35c17270: ldr r6, [r4, #20]
0x35c17272: str r6, [sp, #24]
0x35c17274: bl #217208 ; 0x35c4c2f0
WebCore::threadGlobalData()
0x35c17278: movs r2, #0
0x35c1727a: ldr r0, [r0, #4]
0x35c1727c: mov r1, r6
0x35c1727e: ldr r0, [r0, #4]
0x35c17280: ldr.w r0, [r0, r6, lsl #2]
0x35c17284: str r0, [sp, #28]
0x35c17286: add r3, sp, #24
0x35c17288: movs r0, #0
0x35c1728a: bl #217626 ; 0x35c4c4a8 void
std::__push_heap<WebCore::TimerHeapIterator, int,
WebCore::TimerHeapElement>(WebCore::TimerHeapIterator, int, int,
WebCore::TimerHeapElement)
0x35c1728e: cmp r5, #0
0x35c17290: itt ne
0x35c17292: ldrne r0, [r4, #20]
0x35c17294: cmpne r0, #0
0x35c17296: bne 0x35c172a2 ;
WebCore::TimerBase::setNextFireTime(double) + 294
0x35c17298: bl #217172 ; 0x35c4c2f0
WebCore::threadGlobalData()
0x35c1729c: ldr r0, [r0, #4]
0x35c1729e: bl #217814 ; 0x35c4c578
WebCore::ThreadTimers::updateSharedTimer()
0x35c172a2: add sp, #32
0x35c172a4: vpop {d8}
0x35c172a8: pop {r4, r5, r6, r7, pc}
0x35c172aa: nop
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
