Skip to content

Potential ANR / main-thread blocking risk #16925

Open
Open
Potential ANR / main-thread blocking risk#16925
Labels
0. Needs triagebug
@venkyqz

Description

@venkyqz
venkyqz
opened on Apr 28, 2026

Environment

  • App: Nextcloud Dev (com.nextcloud.android.beta)
  • Branch checked: master
  • File: app/src/main/java/third_parties/sufficientlysecure/ProcessVEvent.java:169
  • Verified commit: b716c74d97c5ac9e74c6047ba3a9e5884977a729

The Issue

While reviewing SyncedFolderProvider.getSyncedFolders() → ContentResolver-query, I noticed a potential main-thread blocking risk around android.content.ContentResolver#query(android.net.Uri,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String).

The latest source still operates synchronously:

166:             // Determine if we need to delete a duplicate event in order to update it
167:             if (!mustDelete && dupes != DuplicateHandlingEnum.DUP_DONT_CHECK) {
168: 
169:                 cur = query(resolver, options, c);
170:                 while (!mustDelete && cur != null && cur.moveToNext()) {
171:                     if (dupes == DuplicateHandlingEnum.DUP_REPLACE) {
172:                         mustDelete = cur.getLong(EVENT_QUERY_CALENDAR_ID_COL) == selectedCal.mId;
173:                     } else {
174:                         mustDelete = true; // Replacing all (or ignoring, handled just below)

android.content.ContentResolver#query(android.net.Uri,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String) can block the calling thread while Android resolves a provider, opens a stream, performs database work, contacts account services, touches storage, or waits on remote I/O, depending on the API and URI/backend involved.

The Risk & Impact

If this method is reached from a UI-thread path, the operation can cause visible jank, StrictMode violations in debug builds, or an ANR when the provider/backend is slow, blocked, or unreachable. I am phrasing this as a source-level risk because I verified the current source pattern but did not run an on-device reproduction.

Current source path

<com.owncloud.android.datamodel.SyncedFolderProvider: java.util.List getSyncedFolders()>
  -> android.content.ContentResolver#query(android.net.Uri,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String)

Verification

I checked the latest upstream source at b716c74d97c5ac9e74c6047ba3a9e5884977a729 and found the sensitive operation still present in app/src/main/java/third_parties/sufficientlysecure/ProcessVEvent.java. This report is based on source-level inspection, not runtime reproduction.

Expected behaviour

Move this method call to a worker thread instead. Please refer to https://developer.android.com/studio/write/annotations#thread-annotations for more details.

Actual behaviour

The method call is conducted on the main thread, causing potential ANR or response-related performance issues.

Metadata

Metadata

Assignees

No one assigned

    Labels

    0. Needs triagebug

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions