Issue metadata
Sign in to add a comment
|
Lint error building chrome_public_apk: StaticFieldLeak in VrShellDelegate.java |
||||||||||||||||||||||||||||
Issue description
Can't build chrome_public_apk , with the following lint output:
...
Lint found 1 error, 1 warning
/tmp/tmpeOZgbg/SRC_ROOT1/chrome/android/java/src/org/chromium/chrome/browser/customtabs/OriginVerifier.java:190 Reading app signatures from getPackageInfo: The app signatures could be exploited if not validated properly; see issue explanation for details.: PackageManagerGetSignatures [warning]
packageInfo = pm.getPackageInfo(packageName, PackageManager.GET_SIGNATURES);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/tmp/tmpeOZgbg/SRC_ROOT1/chrome/android/java/src/org/chromium/chrome/browser/vr_shell/VrShellDelegate.java:120 Do not place Android context classes in static fields; this is a memory leak (and also breaks Instant Run): StaticFieldLeak [warning]
private static View sBlackOverlayView;
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Lint found 2 new issues.
...
Traceback (most recent call last):
File "../../build/android/gyp/lint.py", line 385, in <module>
sys.exit(main())
File "../../build/android/gyp/lint.py", line 381, in main
depfile_deps=classpath)
File "/usr/local/google/home/awdf/repos/clankium/src/build/android/gyp/util/build_utils.py", line 592, in CallAndWriteDepfileIfStale
pass_changes=True)
File "/usr/local/google/home/awdf/repos/clankium/src/build/android/gyp/util/md5_check.py", line 87, in CallAndRecordIfStale
function(*args)
File "/usr/local/google/home/awdf/repos/clankium/src/build/android/gyp/util/build_utils.py", line 575, in on_stale_md5
function(*args)
File "../../build/android/gyp/lint.py", line 376, in <lambda>
silent=args.silent),
File "../../build/android/gyp/lint.py", line 245, in _OnStaleMd5
raise Exception('Lint failed.')
Exception: Lint failed.
[1095/6535] CXX clang_x86_v8_arm/obj/v8/v8_base/objects.o
ninja: build stopped: subcommand failed.
My gn args:
target_os = "android"
enable_chrome_android_internal = false
use_goma = true
enable_incremental_javac = true
disable_incremental_isolated_processes = true
Output of out/AndroidDebug/gen/chrome/android/chrome_java__lint/result.xml :
<issues format="4" by="lint 26.0.2">
<issue id="PackageManagerGetSignatures" severity="Information" message="Reading app signatures from getPackageInfo: The app signatures could be exploited if not validated properly; see issue explanation for details." category="Security" priority="8" summary="Potential Multiple Certificate Exploit" explanation="Improper validation of app signatures could lead to issues where a malicious app submits itself to the Play Store with both its real certificate and a fake certificate and gains access to functionality or information it shouldn't have due to another application only checking for the fake certificate and ignoring the rest. Please make sure to validate all signatures returned by this method." url="https://bluebox.com/technical/android-fake-id-vulnerability/" urls="https://bluebox.com/technical/android-fake-id-vulnerability/" errorLine1=" packageInfo = pm.getPackageInfo(packageName, PackageManager.GET_SIGNATURES);" errorLine2=" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~">
<location file="/tmp/tmpGofU0r/SRC_ROOT1/chrome/android/java/src/org/chromium/chrome/browser/customtabs/OriginVerifier.java" line="190" column="58"/>
</issue>
<issue id="StaticFieldLeak" severity="Error" message="Do not place Android context classes in static fields; this is a memory leak (and also breaks Instant Run)" category="Performance" priority="6" summary="Static Field Leaks" explanation="A static field will leak contexts." errorLine1=" private static View sBlackOverlayView;" errorLine2=" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~">
<location file="/tmp/tmpGofU0r/SRC_ROOT1/chrome/android/java/src/org/chromium/chrome/browser/vr_shell/VrShellDelegate.java" line="120" column="5"/>
</issue>
</issues>
,
Jul 17 2017
,
Jul 17 2017
,
Jul 17 2017
This was added by the ymalik in the following CL: https://chromium.googlesource.com/chromium/src/+/5f35110e22745 I can't reproduce this locally, nor do any of the bots seem to be affected.
,
Jul 17 2017
,
Jul 17 2017
Really weird if I'm the only one affected by this.
For the record, adding @SuppressLint("StaticFieldLeak") above the affected line works as a temporary workaround.
,
Jul 17 2017
Hey Anita - does a git clean -df from //third_party/android_tools also fix the issue? It may have something to do with Android Studio messing with that directory.
,
Jul 18 2017
Thanks - that seems to have fixed it (although I also did a fresh pull + gclient sync this morning so it could have been that)
$ cd third_party/android_tools && git status
On branch master
Your branch is up-to-date with 'origin/master'.
Untracked files:
(use "git add <file>..." to include in what will be committed)
sdk/build-tools/25.0.2/
sdk/platforms/android-25/
$ git clean -fd
[removed those folders]
Now I can build fine without the workaround. Although I do still get a bunch of 'Unexpected failure during lint analysis' warnings in the output:
Unexpected failure during lint analysis of ChromeContextMenuPopulator.java (this is a bug in lint or one of the libraries it depends on)
AbortCompilation:ProblemHandler.handle(ProblemHandler.java:159)<-ProblemHandler.handle(ProblemHandler.java:226)<-ProblemReporter.handle(ProblemReporter.java:2393)<-ProblemReporter.isClassPathCorrect(ProblemReporter.java:4761)
Unexpected failure during lint analysis of LocationBarLayout.java (this is a bug in lint or one of the libraries it depends on)
AbortCompilation:ProblemHandler.handle(ProblemHandler.java:159)<-ProblemHandler.handle(ProblemHandler.java:226)<-ProblemReporter.handle(ProblemReporter.java:2393)<-ProblemReporter.isClassPathCorrect(ProblemReporter.java:4761)
Unexpected failure during lint analysis of GeolocationHeader.java (this is a bug in lint or one of the libraries it depends on)
AbortCompilation:ProblemHandler.handle(ProblemHandler.java:159)<-ProblemHandler.handle(ProblemHandler.java:226)<-ProblemReporter.handle(ProblemReporter.java:2393)<-ProblemReporter.isClassPathCorrect(ProblemReporter.java:4761)
Unexpected failure during lint analysis of ContextualSearchPolicy.java (this is a bug in lint or one of the libraries it depends on)
AbortCompilation:ProblemHandler.handle(ProblemHandler.java:159)<-ProblemHandler.handle(ProblemHandler.java:226)<-ProblemReporter.handle(ProblemReporter.java:2393)<-ProblemReporter.isClassPathCorrect(ProblemReporter.java:4761)
Unexpected failure during lint analysis of UrlUtilities.java (this is a bug in lint or one of the libraries it depends on)
AbortCompilation:ProblemHandler.handle(ProblemHandler.java:159)<-ProblemHandler.handle(ProblemHandler.java:226)<-ProblemReporter.handle(ProblemReporter.java:2393)<-ProblemReporter.isClassPathCorrect(ProblemReporter.java:4761)
[21560/21560] STAMP obj/chrome/android/chrome_public_apk_incremental.stamp
,
Aug 11 2017
|
|||||||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||||||
Comment 1 by awdf@chromium.org
, Jul 17 2017