cursor.getCount() crash in Android 5.1,

SQLCipher Issues
1

There is a problem of the code:
field_slot_t * CursorWindow::allocRow()
{
// Fill in the row slot
row_slot_t * rowSlot = allocRowSlot();
if (rowSlot == NULL) {
return NULL;
}

// Allocate the slots for the field directory
size_t fieldDirSize = mHeader->numColumns * sizeof(field_slot_t);
uint32_t fieldDirOffset = alloc(fieldDirSize);
if (!fieldDirOffset) {
    mHeader->numRows--;
    LOGE("The row failed, so back out the new row accounting from allocRowSlot %d", mHeader->numRows);
    return NULL;
}
field_slot_t * fieldDir = (field_slot_t *)offsetToPtr(fieldDirOffset);
memset(fieldDir, 0x0, fieldDirSize);

LOG_WINDOW(“Allocated row %u, rowSlot is at offset %u, fieldDir is %d bytes at offset %u\n”, (mHeader->numRows - 1), ((uint8_t *)rowSlot) - mData, fieldDirSize, fieldDirOffset);
rowSlot->offset = fieldDirOffset;

return fieldDir;

}

2

field_slot_t * CursorWindow::allocRow(){
// Fill in the row slot
row_slot_t * rowSlot = allocRowSlot();
if (rowSlot == NULL) {
return NULL;
}
// Allocate the slots for the field directory
size_t fieldDirSize = mHeader->numColumns * sizeof(field_slot_t);
uint32_t fieldDirOffset = alloc(fieldDirSize);
if (!fieldDirOffset || ((uint8_t *)rowSlot) - mData > mMaxSize) {
mHeader->numRows–;
LOGEE(“The row failed, so back out the new row accounting from allocRowSlot %d”, mHeader->numRows);
return NULL;
}
field_slot_t * fieldDir = (field_slot_t *)offsetToPtr(fieldDirOffset);
memset(fieldDir, 0x0, fieldDirSize);
LOGEE(“Allocated row %u, rowSlot is at offset %u, fieldDir is %d bytes at offset %u\n”, (mHeader->numRows - 1), ((uint8_t *)rowSlot) - mData, fieldDirSize, fieldDirOffset);
rowSlot->offset = fieldDirOffset;
return fieldDir;
}

3

@Forest Are you saying that the change to the if (!fieldDirOffset || ((uint8_t *)rowSlot) - mData > mMaxSize) line resolved the issue for you? Can you explain the purpose of that change in the context of your problem?