Crashes Package Installer on Android 14 QPR1

[t-m-w]

Preliminary checklist

• I have read the README.
• I have searched the existing issues for my problem. This is a new ticket, NOT a duplicate or related to another open issue.
• I have read the FAQs.
• I have updated Cromite to the latest version. The bug is reproducible on this latest version.
• This is a bug report about the Cromite browser; not the website nor F-Droid nor anything else.

Can the bug be reproduced with corresponding Chromium version?

Yes

Cromite version

120.0.6099.63

Device architecture

arm64-v8a

Platform version

Android 14

Android Device model

Google Pixel 6 Pro / Google Pixel 7a

Is the device rooted?

No

Changed flags

no flags changed

Is this bug happening in an incognito tab?

No

Is this bug caused by the adblocker?

No

Is this bug a crash?

12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: FATAL EXCEPTION: main
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: Process: com.android.packageinstaller, PID: 3713
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: java.lang.RuntimeException: Could not copy bitmap to parcel blob.
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: 	at android.graphics.Bitmap.nativeWriteToParcel(Native Method)
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: 	at android.graphics.Bitmap.writeToParcel(Bitmap.java:2271)
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: 	at android.os.Parcel.writeParcelable(Parcel.java:2584)
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: 	at com.android.packageinstaller.PackageUtil$AppSnippet.writeToParcel(PackageUtil.java:151)
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: 	at android.os.Parcel.writeParcelable(Parcel.java:2584)
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: 	at android.os.Parcel.writeValue(Parcel.java:2485)
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: 	at android.os.Parcel.writeValue(Parcel.java:2362)
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: 	at android.os.Parcel.writeArrayMapInternal(Parcel.java:1298)
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: 	at android.os.BaseBundle.writeToParcelInner(BaseBundle.java:1843)
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: 	at android.os.Bundle.writeToParcel(Bundle.java:1389)
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: 	at android.os.Parcel.writeBundle(Parcel.java:1367)
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: 	at android.content.Intent.writeToParcel(Intent.java:11807)
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: 	at android.os.Parcel.writeTypedObject(Parcel.java:2203)
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: 	at android.app.IActivityTaskManager$Stub$Proxy.startActivity(IActivityTaskManager.java:2093)
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: 	at android.app.Instrumentation.execStartActivity(Instrumentation.java:1873)
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: 	at android.app.Activity.startActivityForResult(Activity.java:5615)
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: 	at android.app.Activity.startActivityForResult(Activity.java:5573)
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: 	at android.app.Activity.startActivity(Activity.java:6071)
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: 	at android.app.Activity.startActivity(Activity.java:6038)
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: 	at com.android.packageinstaller.PackageInstallerActivity.startInstall(PackageInstallerActivity.java:701)
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: 	at com.android.packageinstaller.PackageInstallerActivity.lambda$bindUi$0(PackageInstallerActivity.java:479)
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: 	at com.android.packageinstaller.PackageInstallerActivity.$r8$lambda$RCIm8wl1VPqdfQgkgmrBIDbuvOQ(PackageInstallerActivity.java:0)
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: 	at com.android.packageinstaller.PackageInstallerActivity$$ExternalSyntheticLambda0.onClick(R8$$SyntheticClass:0)
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: 	at com.android.packageinstaller.AlertController$ButtonHandler.handleMessage(AlertController.java:144)
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: 	at android.os.Handler.dispatchMessage(Handler.java:106)
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: 	at android.os.Looper.loopOnce(Looper.java:205)
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: 	at android.os.Looper.loop(Looper.java:294)
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: 	at android.app.ActivityThread.main(ActivityThread.java:8194)
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: 	at java.lang.reflect.Method.invoke(Native Method)
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: 	at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:552)
12-10 11:37:18.446 10095  3713  3713 E AndroidRuntime: 	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:971)

The crash is basically the same on stock Pixel OS, except the package name is com.google.android.packageinstaller instead of com.android.packageinstaller.

Describe the bug

Trying to install/update Cromite using the built-in "Package Installer", which is used by default when tapping on the download and is the only built-in option available on AOSP, results in Package Installer disappearing / crashing without completing the task. This is not reproducible with Android 14, but it is reproducible with Android 14 QPR1 stock Google Pixel builds and in an AOSP fork.

This can be worked around by using a third-party package installer, such as "APK Explorer & Editor" or "App Manager" from F-Droid.

Steps to reproduce the bug

1. Via Cromite or any Chromium-based browser, download the latest Cromite, or try to update if offered.
2. When the download has finished, tap the download notification and try to install/update, or visit the Downloads section and tap it from there. If prompted to choose an installer, choose Package Installer. (If not prompted, this is the default action / no alternatives exist.)

Expected behavior

The install/update succeeds, and reports success as usual.

Screenshots

Details

[t-m-w]

On the one hand, this seems to me like a regression in Package Installer, since everything was fine before 14 QPR1, so ideally that would get fixed in AOSP. At the same time, it could be that Package Installer expects something (an image/icon, in a certain format?) in an APK that it is not finding in Cromite, so if that can be added to Cromite and fix this, all the better!

I'm willing to help test if needed.

[uazo]

I don't think it's something I can solve.

Assuming the problem is here, I don't seem to have zero bytes resources in the apk.

I'm willing to help test if needed.

you are welcome.

[t-m-w]

It looks like there's some bizarre Binder stuff going on in Android 14 QPR1. The problem for Cromite isn't a zero-byte resource, but that the generated Bitmap of the icon is larger than can be written to a parcel in-place. If I figure out anything actionable, I'll let you know, since I don't know if/when AOSP will fix this. In the meantime, this is kind of an info dump, so feel free to disregard.

I needed to add log lines to get to this point, but with writeBlob in frameworks/base/libs/hwui/jni/Bitmap.cpp

E Bitmap  : writeBlob failed transaction: size 9922500 > 1048576

...with 1048576 being BLOB_MAX_INPLACE_LIMIT.

Cromite can be installed with Package Installer if you do something strange like this:

adb shell wm density 72
# optionally, or everything is too small to see: adb shell wm size 240x320
# install Cromite with Package Installer (i.e. from Files, etc.). it succeeds
adb shell wm reset

^ This is just to illustrate the problem with Package Installer, since with adb you could easily install Cromite using adb install.

But, oddly, at certain densities like 100, the error changes vs the error I initially showed, appearing to fail even earlier in the process (can't even send the Intent to InstallInstalling, inside which is where my issue's log fails when trying to write to parcel):

W BpBinder: Large outgoing transaction of 566984 bytes, interface descriptor , code 54
E JavaBinder: !!! FAILED BINDER TRANSACTION !!!  (parcel size = 566984)
E ActivityTaskManager: Second failure launching com.android.packageinstaller/.InstallInstalling, giving up
E ActivityTaskManager: android.os.TransactionTooLargeException: data parcel size 566984 bytes

(My initial log for this issue is with a default density of 420 on a Pixel 6a.)

[uazo]

it is not clear to me which bitmap/file we are talking about, is it possible to deduce this somehow?
I would like to rule out the possibility that it is something introduced by some patch of mine (I can think of one that inserts icons).

[t-m-w]

it is not clear to me which bitmap/file we are talking about, is it possible to deduce this somehow? I would like to rule out the possibility that it is something introduced by some patch of mine (I can think of one that inserts icons).

For easier testing, I imported Cromite's icons into an empty Android app.

It's @drawable/ic_launcher leading to a crash. From what I can see, this is aliased to @mipmap/app_icon (chrome/android/java/res_base/values/ic_launcher_alias.xml), but if I change the icon to @mipmap/app_icon directly, I don't run into a problem.

Alternatively, if I delete drawable-v26/ic_launcher.xml, the problem goes away.

Again though, this is all just in a test app at the moment.

[t-m-w]

It turns out the issue is chrome/android/java/res_chromium_base/drawable/themed_app_icon.xml. Using Chromium's, all is fine (even in Cromite build, not just test app).

Cromite's is 900x900, Chromium's is 90x90. I suppose it should be scaled down.

Android Studio shows:

Limit vector icons sizes to 200×200 to keep icon drawing fast; see https://developer.android.com/studio/write/vector-asset-studio#when for more
Very long vector path (803 characters), which is bad for performance. Considering reducing precision, removing minor details or rasterizing vector.
Very long vector path (3333 characters), which is bad for performance. Considering reducing precision, removing minor details or rasterizing vector.
Very long vector path (1707 characters), which is bad for performance. Considering reducing precision, removing minor details or rasterizing vector.

[uazo]

could you verify that it works with the new version? thank you

[t-m-w]

Works great, thanks!