Null pointer dereference in Android #831

HoangPhamThai · 2022-01-13T02:50:31Z

Describe the bug

I used 3 Android devices (Android 11) to test group call with mediasoup. I saw that sometimes the app was crashed after pressing the end call button.

I also tested the app with 2 Android devices and 1 iOS device, the crash always occurred on the Android devices.

Here is the logcat:

--------- beginning of crash
01-10 15:07:41.859 18028 21014 F libc 01-10 15:07:42.024 21019 21019 F DEBUG 01-10 15:07:42.024 21019 21019 F DEBUG 01-10 15:07:42.024 21019 21019 F DEBUG 01-10 15:07:42.024 21019 21019 F DEBUG 01-10 15:07:42.025 21019 21019 F DEBUG 01-10 15:07:42.027 21019 21019 F DEBUG 01-10 15:07:42.027 21019 21019 F DEBUG 01-10 15:07:42.027 21019 21019 F DEBUG 01-10 15:07:42.027 21019 21019 F DEBUG 01-10 15:07:42.027 21019 21019 F DEBUG 01-10 15:07:42.027 21019 21019 F DEBUG : 01-10 15:07:42.027 21019 21019 F DEBUG : 01-10 15:07:42.027 21019 21019 F DEBUG : 01-10 15:07:42.028 21019 21019 F DEBUG : 01-10 15:07:42.028 21019 21019 F DEBUG : 01-10 15:07:42.028 21019 21019 F DEBUG : 01-10 15:07:42.028 21019 21019 F DEBUG : 01-10 15:07:42.028 21019 21019 F DEBUG : 01-10 15:07:42.028 21019 21019 F DEBUG : 01-10 15:07:42.217 21019 21019 F DEBUG 01-10 15:07:42.217 21019 21019 F DEBUG : 01-10 15:07:42.217 21019 21019 F DEBUG : 01-10 15:07:42.217 21019 21019 F DEBUG : 01-10 15:07:42.217 21019 21019 F DEBUG : 01-10 15:07:42.217 21019 21019 F DEBUG : 01-10 15:07:42.218 21019 21019 F DEBUG : 01-10 15:07:42.218 21019 21019 F DEBUG : 01-10 15:07:42.218 21019 21019 F DEBUG : 01-10 15:07:42.218 21019 21019 F DEBUG : 01-10 15:07:42.218 21019 21019 F DEBUG : 01-10 15:07:42.218 21019 21019 F DEBUG : 01-10 15:07:42.218 21019 21019 F DEBUG : 01-10 15:07:42.218 21019 21019 F DEBUG : 01-10 15:07:42.218 21019 21019 F DEBUG : 01-10 15:07:42.218 21019 21019 F DEBUG : 01-10 15:07:42.218 21019 21019 F DEBUG : 01-10 15:07:42.218 21019 21019 F DEBUG : 01-10 15:07:42.218 21019 21019 F DEBUG : 01-10 15:07:42.219 21019 21019 F DEBUG : 01-10 15:07:42.219 21019 21019 F DEBUG : 01-10 15:07:42.219 21019 21019 F DEBUG : 01-10 15:07:42.219 21019 21019 F DEBUG : 01-10 15:07:42.219 21019 21019 F DEBUG : 01-10 15:07:42.219 21019 21019 F DEBUG : 01-10 15:07:42.219 21019 21019 F DEBUG : 01-10 15:07:42.219 21019 21019 F DEBUG : 01-10 15:07:42.219 21019 21019 F DEBUG : 01-10 15:07:42.219 21019 21019 F DEBUG : : Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0 in tid 21014 (Thread-11), pid 18028 (example.example)
: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
: Build fingerprint: 'samsung/gta4xlwifieea/gta4xlwifi:11/RP1A.200720.012/P610XXU2DUK1:user/release-keys'
: Revision: '7'
: ABI: 'arm64'
: Processor: '4'
: Timestamp: 2022-01-10 15:07:42+0700
: pid: 18028, tid: 21014, name: Thread-11 >>> com.example.example <<<
: uid: 10012
: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0
: Cause: null pointer dereference
x0 0000000000000000 x1 0000007748098a28 x2 0000007748098260 x3 0000000000000006
x4 00000077bea9c300 x5 00000077bea9c4b0 x6 0000000000000002 x7 0000007748097fd0
x8 15cb795669a283b7 x9 15cb795669a283b7 x10 0000000000000015 x11 0000007780000000
x12 00000000000cf8c0 x13 0000000000000001 x14 000000007ffbffff x15 0000000000000012
x16 00000078bf59d9b8 x17 00000078bf591f7c x18 0000007743550000 x19 00000077be9d7a00
x20 0000132918d66678 x21 00000077be9d7a18 x22 0000000000000001 x23 000000774809a000
x24 0000000063ed98b4 x25 000000774809a000 x26 00000000000005e3 x27 0000000000000003
x28 0000007748098ce0 x29 0000007748098c50
lr 0000007829fa9548 sp 0000007748098260 pc 0000007829fa9554 pst 0000000060000000
: backtrace:
#00 pc 0000000000516554 /data/app/~~6Bdsngb3Ra3xcsytbZxmEA==/com.example.example-kU1gMBP6cLqd40pC14l3tA==/lib/arm64/libjingle_peerconnection_so.so (BuildId: bc662912e660ccb2)
#1 pc 00000000005163dc /data/app/~~6Bdsngb3Ra3xcsytbZxmEA==/com.example.example-kU1gMBP6cLqd40pC14l3tA==/lib/arm64/libjingle_peerconnection_so.so (Java_org_webrtc_VideoEncoderWrapper_nativeOnEncodedFrame+32) (BuildId: bc662912e660ccb2)
#2 pc 000000000013eed4 /apex/com.android.art/lib64/libart.so (art_quick_generic_jni_trampoline+148) (BuildId: e6ec6e98496fc31eee712d0c54dbde3b)
#3 pc 00000000001357e8 /apex/com.android.art/lib64/libart.so (art_quick_invoke_static_stub+568) (BuildId: e6ec6e98496fc31eee712d0c54dbde3b)
#4 pc 00000000001aaa94 /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+228) (BuildId: e6ec6e98496fc31eee712d0c54dbde3b)
#5 pc 000000000032229c /apex/com.android.art/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+376) (BuildId: e6ec6e98496fc31eee712d0c54dbde3b)
#6 pc 00000000003185c8 /apex/com.android.art/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+996) (BuildId: e6ec6e98496fc31eee712d0c54dbde3b)
#7 pc 000000000068a230 /apex/com.android.art/lib64/libart.so (MterpInvokeStatic+548) (BuildId: e6ec6e98496fc31eee712d0c54dbde3b)
#8 pc 000000000012f994 /apex/com.android.art/lib64/libart.so (mterp_op_invoke_static+20) (BuildId: e6ec6e98496fc31eee712d0c54dbde3b)
#9 pc 00000000002a96c0 [anon:dalvik-classes.dex extracted in memory from /data/app/~~6Bdsngb3Ra3xcsytbZxmEA==/com.example.example-kU1gMBP6cLqd40pC14l3tA==/base.apk] (org.webrtc.VideoEncoderWrapper.lambda$createEncoderCallback$0)
#10 pc 000000000068a4d4 /apex/com.android.art/lib64/libart.so (MterpInvokeStatic+1224) (BuildId: e6ec6e98496fc31eee712d0c54dbde3b)
#11 pc 000000000012f994 /apex/com.android.art/lib64/libart.so (mterp_op_invoke_static+20) (BuildId: e6ec6e98496fc31eee712d0c54dbde3b)
#12 pc 000000000028f8d8 [anon:dalvik-classes.dex extracted in memory from /data/app/~~6Bdsngb3Ra3xcsytbZxmEA==/com.example.example-kU1gMBP6cLqd40pC14l3tA==/base.apk] (org.webrtc.-$$Lambda$VideoEncoderWrapper$V7w9xAx2svrNbdf3v5wgQjncQ24.onEncodedFrame+4)
#13 pc 0000000000688fb0 /apex/com.android.art/lib64/libart.so (MterpInvokeInterface+1808) (BuildId: e6ec6e98496fc31eee712d0c54dbde3b)
#14 pc 000000000012fa14 /apex/com.android.art/lib64/libart.so (mterp_op_invoke_interface+20) (BuildId: e6ec6e98496fc31eee712d0c54dbde3b)
#15 pc 000000000029ca1a [anon:dalvik-classes.dex extracted in memory from /data/app/~~6Bdsngb3Ra3xcsytbZxmEA==/com.example.example-kU1gMBP6cLqd40pC14l3tA==/base.apk] (org.webrtc.HardwareVideoEncoder.deliverEncodedImage+554)
#16 pc 0000000000687578 /apex/com.android.art/lib64/libart.so (MterpInvokeVirtual+1520) (BuildId: e6ec6e98496fc31eee712d0c54dbde3b)
#17 pc 000000000012f814 /apex/com.android.art/lib64/libart.so (mterp_op_invoke_virtual+20) (BuildId: e6ec6e98496fc31eee712d0c54dbde3b)
#18 pc 000000000029b1b0 [anon:dalvik-classes.dex extracted in memory from /data/app/~~6Bdsngb3Ra3xcsytbZxmEA==/com.example.example-kU1gMBP6cLqd40pC14l3tA==/base.apk] (org.webrtc.HardwareVideoEncoder$1.run+20)
#19 pc 000000000030fbc4 /apex/com.android.art/lib64/libart.so (art::interpreter::Execute(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame&, art::JValue, bool, bool) (.llvm.16619280533006879875)+268) (BuildId: e6ec6e98496fc31eee712d0c54dbde3b)
#20 pc 0000000000675d5c /apex/com.android.art/lib64/libart.so (artQuickToInterpreterBridge+780) (BuildId: e6ec6e98496fc31eee712d0c54dbde3b)
#21 pc 000000000013eff8 /apex/com.android.art/lib64/libart.so (art_quick_to_interpreter_bridge+88) (BuildId: e6ec6e98496fc31eee712d0c54dbde3b)
#22 pc 0000000000135564 /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+548) (BuildId: e6ec6e98496fc31eee712d0c54dbde3b)
#23 pc 00000000001aaa78 /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+200) (BuildId: e6ec6e98496fc31eee712d0c54dbde3b)
#24 pc 000000000055f278 /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeVirtualOrInterfaceWithJValuesart::ArtMethod*(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, jvalue const*)+460) (BuildId: e6ec6e98496fc31eee712d0c54dbde3b)
#25 pc 00000000005aea3c /apex/com.android.art/lib64/libart.so (art::Thread::CreateCallback(void*)+1308) (BuildId: e6ec6e98496fc31eee712d0c54dbde3b)
#26 pc 00000000000eb7a8 /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+64) (BuildId: 698b6aef520f034a9d40736d477f7a96)
#27 pc 000000000008bc8c /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 698b6aef520f034a9d40736d477f7a96)

In MethodCallHandlerImpl.java, I replaced the code inside ensureInitialized() with the following code:

PeerConnectionFactory.initialize(PeerConnectionFactory.InitializationOptions.builder(context).createInitializationOptions());

PeerConnectionFactory.Options options = new PeerConnectionFactory.Options();
EglBase.Context eglContext = EglUtils.getRootEglBaseContext();
getUserMediaImpl = new GetUserMediaImpl(this, context);

audioDeviceModule = JavaAudioDeviceModule.builder(context)
        .setUseHardwareAcousticEchoCanceler(true)
        .setUseHardwareNoiseSuppressor(true)
        .setSamplesReadyCallback(getUserMediaImpl.inputSamplesInterceptor)
        .createAudioDeviceModule();

DefaultVideoEncoderFactory defaultVideoEncoderFactory = new DefaultVideoEncoderFactory(
        eglContext,  /* enableIntelVp8Encoder */true,  /* enableH264HighProfile */true);
DefaultVideoDecoderFactory defaultVideoDecoderFactory = new DefaultVideoDecoderFactory(eglContext);

mFactory = PeerConnectionFactory.builder()
        .setVideoEncoderFactory(defaultVideoEncoderFactory)
        .setVideoDecoderFactory(defaultVideoDecoderFactory)
        .setOptions(options)
        .setAudioDeviceModule(audioDeviceModule)
        .createPeerConnectionFactory();

and tested again several times, the bug disappeared. So it seems that there is something wrong with the SimulcastVideoEncoderFactoryWrapper().

To Reproduce

Run mediasoup in 3 Android devices. Hardcode the room id so you don't need to enter the room url whenever you start a call.

Start video call several times (e.g. 15 times).

Expected behavior
All the devices should end call normally in all the test.

Platform information

Flutter version**:
Doctor summary (to see all details, run flutter doctor -v):
[√] Flutter (Channel stable, 2.8.1, on Microsoft Windows [Version 10.0.19042.1415], locale en-US)
[√] Android toolchain - develop for Android devices (Android SDK version 31.0.0)
[√] Chrome - develop for the web
[√] Android Studio (version 2020.3)
[√] VS Code (version 1.63.2)
[√] Connected device (3 available)

• No issues found!

Dart SDK version: 2.15.1 (stable) (Tue Dec 14 13:32:21 2021 +0100) on "windows_x64"

Plugin version: flutter_webrtc: ^0.8.1
OS: Android 11
OS version:

The text was updated successfully, but these errors were encountered:

MinhCuongIT · 2022-01-14T04:12:18Z

Any update for this? :D

ghost · 2022-01-18T08:58:43Z

Experiencing the same thing. The solution proposed works for me also.

thammaknot · 2022-02-13T15:44:11Z

Thank you so much for sharing this solution.
I tried it and it seems to have fixed the issue.

What I did was I modified the MethodCallHandlerImpl.java found under the flutter/.pub-cached/pub.dartlang.org/flutter_webrtc-0.8.0/ folder.

Is this the right way to do it? It feels a bit hacky.

FeleConvo · 2022-02-25T22:20:41Z

Same happening over here, Android hangup throws and error 40%ish time we hangup.

@davidliu @hiroshihorie You guys think we should go ahead and just create a PR with the proposed fix?

davidliu · 2022-02-26T03:28:20Z

This might be the same issue I saw over here:

livekit/client-sdk-android#52

This was fixed by the upgrade to WebRTC M97, which we've also recently merged in here. Can I ask you all to try out the latest build and see if it's resolved there?

dependencies {
    implementation 'com.github.flutter-webrtc:flutter-webrtc:95be5f0090'
}

FeleConvo · 2022-02-26T13:09:34Z

This might be the same issue I saw over here:

livekit/client-sdk-android#52

This was fixed by the upgrade to WebRTC M97, which we've also recently merged in here. Can I ask you all to try out the latest build and see if it's resolved there?
dependencies {
    implementation 'com.github.flutter-webrtc:flutter-webrtc:95be5f0090'
}

@gabeconvo could you confirm issue is fixed in new version?

FeleConvo · 2022-02-28T17:00:38Z

@davidliu @hiroshihorie

Issue is still present in 0.8.2

 flutter_webrtc: 0.8.2

but fixed when:

 flutter_webrtc:
    git:
      url: git@github.com:flutter-webrtc/flutter-webrtc.git
      ref: 95be5f0090

hiroshihorie · 2022-03-01T01:37:49Z

@FeleConvo that's good to know it's fixed with M97 !

davidliu · 2022-06-28T07:11:56Z

Closing since this seems to be fixed.

ghost mentioned this issue Jan 14, 2022

App randomly crashing when starting screen share and always crashing when going back to camera #820

Closed

HoangPhamThai mentioned this issue Jan 19, 2022

Crash after ending call in group call with 3 P2P connections flutter-webrtc/flutter-webrtc-demo#171

Open

HoangPhamThai mentioned this issue Feb 13, 2022

android crash #804

Open

jakobleck mentioned this issue Feb 14, 2022

iOS vs. Firefox compatibility problem? EXC_BAD_ACCESS crash #855

Closed

davidliu closed this as completed Jun 28, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Null pointer dereference in Android #831

Null pointer dereference in Android #831

Null pointer dereference in Android #831

Null pointer dereference in Android #831

Comments