Description
Developer reports a SIGSEGV in an Android Couchbase Lite app:
0#00 pc 000ba876 (buf2kvid+53)
0#01 pc 000c24d5 (fdb_get_byoffset+232)
0#02 pc 000f83bf (cbforest::KeyStore::getByOffset(unsigned long long, unsigned long long) const+98)
0#03 pc 00100b13 (cbforest::VersionedDocument::isBodyOfRevisionAvailable(cbforest::Revision const*, unsigned long long) const+186)
0#04 pc 0010d921 (cbforest::Revision::isBodyAvailable() const+40)
0#05 pc 0010d85f (c4doc_hasRevisionBody+186)
0#06 pc 001134c9 (Java_com_couchbase_cbforest_Document_hasRevisionBody+36)
Full crash report at https://github.com/couchbase/couchbase-lite-java-core/issues/1073 but I don't think the rest is useful.
My suspicion is that this is a bug in fdb_get_byoffset when handling an invalid offset. Couchbase Lite will (intentionally) sometimes pass invalid offsets to that function.
(Why? Couchbase Lite tracks previous revisions of documents by remembering their ForestDB doc offsets. These will remain available for a while, but of course the old doc disappears on compaction and the offset becomes invalid. We detect that while attempting to recover the revision, if fdb_get_byoffset returns an error or if the doc it returns is not what we expected.)