github-starred/android
2
0
Fork 0
mirror of https://github.com/bitwarden/android.git synced 2026-05-07 11:29:37 -05:00
Code Issues 1.1k Packages Projects Releases 122 Wiki Activity

[GH-ISSUE #5300] App crash caused by invalid comparator logic in sorting vault entries #28130

New Issue
Closed
opened 2026-04-18 12:00:14 -05:00 by GiteaMirror · 10 comments
GiteaMirror commented 2026-04-18 12:00:14 -05:00
Owner
Copy Link

Originally created by @Halil0927 on GitHub (Jun 3, 2025).
Original GitHub issue: https://github.com/bitwarden/android/issues/5300

Steps To Reproduce

Create multiple vault entries with:

  • identical titles (e.g., "Spotify", "Microsoft")
  • titles containing diacritical marks, special Unicode characters, or emojis (e.g., “Gérard Dupont”, “Käse & Öl GmbH”, “naïve Café”, “✈️ Travel Bank Account”)
  • ensure the app is set to sort entries by name (default)
  • attempt to unlock the app or access the vault

Expected Result

The app should handle all vault entry titles gracefully, regardless of special characters, duplicated names, or locale.

Actual Result

The app crashes immediately or shortly after unlocking.
Crash logs collected via ADB (adb logcat) show the following exception:

FATAL EXCEPTION: DefaultDispatcher-worker
java.lang.IllegalArgumentException: Comparison method violates its general contract!
	at java.util.TimSort.mergeLo(TimSort.java:781)
	at java.util.TimSort.mergeAt(TimSort.java:518)
	at java.util.TimSort.mergeCollapse(TimSort.java:448)
	at java.util.TimSort.sort(TimSort.java:245)
	at java.util.Arrays.sort(Arrays.java:1271)
	at [internal Bitwarden class]

Crash Log & Vault Analysis Script

crash log collected via ADB:
crash_log.txt

I’ve included a small Python script I wrote to help identify problematic entries in the Bitwarden vault export (bitwarden_export.json). The script checks for:

  • Duplicate item titles
  • Titles containing special characters (e.g. diacritics, emojis, symbols)
  • Entries with empty or suspicious names (e.g. "null", "undefined")
  • Entries with missing item type information

It outputs the results both to the console and to an HTML file (vault_analysis.html) for better readability and sharing.

Script download:
vault_analyzer.txt

Screenshots

In the browser extension (tested in Chrome) and also in the desktop app, sorting appears inconsistent. For example, entries like "DivvyDiary" or "Yu-Gi-Oh! Wiki" are listed before "1password" or "3dmark", even though alphabetical sorting is enabled. This suggests that sorting may be unstable or affected by special characters or Unicode inconsistencies, and may be related to the crash behavior on Android.

Browser Extension:
Image

Video

https://github.com/user-attachments/assets/fe199183-dd33-4040-aa1d-8b7bb038b24d

Additional Context

  • This issue has been occurring for several weeks and months, possibly after version 2024.2.x. It may coincide with internal changes to how vault items are sorted, possibly related to comparator logic introduced or adjusted in that period.
  • Using >500 vault entries, I identified the cause via script: duplicate titles + special Unicode in names → crash.
  • Based on the crash log (IllegalArgumentException: Comparison method violates its general contract!), this strongly suggests that the issue is caused by a faulty comparator when sorting entries.
  • Titles with diacritics (e.g. Ä, Ö, Ü), emojis, or visually identical duplicates may break the comparator’s consistency, causing TimSort to fail.
  • The crash does not always happen immediately: sometimes the app opens briefly and crashes after a few seconds; other times it crashes right after unlocking. Once the crash starts happening shortly after launch, reinstalling the app usually results in immediate crashes every time.
  • After a fresh installation via the Play Store, the crash usually happens shortly after unlocking – often within a few seconds, but occasionally the app remains usable a bit longer before crashing. When installed via F-Droid, the app seemed to run noticeably longer before failing; however, this was only tested once and may not be representative.
  • Switching KDFs or clearing cache/data had no effect.
  • The same account works flawlessly in the Web Vault and on Desktop clients.

Suggested Fix

Ensure the Comparator used for sorting vault entries in the Android client:

  • is transitive and stable
  • properly handles Unicode (e.g. via Collator or safe Comparator.comparing(...))
  • gracefully skips or isolates invalid or ambiguous entries
  • avoids relying on String.compareTo(...) alone, as it may fail with composed Unicode or locale-specific characters
  • optionally: use locale-aware, normalized comparisons (Normalizer.normalize(...)) to prevent hidden inconsistencies between visually identical strings

Build Version

2025.4.0 (Latest on google playstore)

What server are you connecting to?

EU

Self-host Server Version

No

Environment Details

Device: Pixel 9 Pro & Samsung Galaxy Tab S9 Plus
OS: Android 15
KDF: Argon2id, 64MB, 3 iterations, parallelism 2
Rooted: No
Plan: Family

Related Issues

This seems related to (or the same as) issue #4651

Issue Tracking Info

  • I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
Originally created by @Halil0927 on GitHub (Jun 3, 2025). Original GitHub issue: https://github.com/bitwarden/android/issues/5300 ### Steps To Reproduce Create multiple vault entries with: - identical titles (e.g., "Spotify", "Microsoft") - titles containing diacritical marks, special Unicode characters, or emojis (e.g., “Gérard Dupont”, “Käse & Öl GmbH”, “naïve Café”, “✈️ Travel Bank Account”) - ensure the app is set to sort entries by name (default) - attempt to unlock the app or access the vault ### Expected Result The app should handle all vault entry titles gracefully, regardless of special characters, duplicated names, or locale. ### Actual Result The app crashes immediately or shortly after unlocking. Crash logs collected via ADB (`adb logcat`) show the following exception: ```java FATAL EXCEPTION: DefaultDispatcher-worker java.lang.IllegalArgumentException: Comparison method violates its general contract! at java.util.TimSort.mergeLo(TimSort.java:781) at java.util.TimSort.mergeAt(TimSort.java:518) at java.util.TimSort.mergeCollapse(TimSort.java:448) at java.util.TimSort.sort(TimSort.java:245) at java.util.Arrays.sort(Arrays.java:1271) at [internal Bitwarden class] ``` ### Crash Log & Vault Analysis Script crash log collected via ADB: [crash_log.txt](https://github.com/user-attachments/files/20590477/crash_log.txt) I’ve included a small Python script I wrote to help identify problematic entries in the Bitwarden vault export (bitwarden_export.json). The script checks for: - Duplicate item titles - Titles containing special characters (e.g. diacritics, emojis, symbols) - Entries with empty or suspicious names (e.g. "null", "undefined") - Entries with missing item type information It outputs the results both to the console and to an HTML file (vault_analysis.html) for better readability and sharing. Script download: [vault_analyzer.txt](https://github.com/user-attachments/files/20572723/vault_analyzer.txt) ### Screenshots In the browser extension (tested in Chrome) and also in the desktop app, sorting appears inconsistent. For example, entries like "DivvyDiary" or "Yu-Gi-Oh! Wiki" are listed before "1password" or "3dmark", even though alphabetical sorting is enabled. This suggests that sorting may be unstable or affected by special characters or Unicode inconsistencies, and may be related to the crash behavior on Android. Browser Extension: ![Image](https://github.com/user-attachments/assets/c3a96da4-1ede-43f2-8fc6-af61ae8e3ecf) ### Video https://github.com/user-attachments/assets/fe199183-dd33-4040-aa1d-8b7bb038b24d ### Additional Context - This issue has been occurring for several weeks and months, possibly after version 2024.2.x. It may coincide with internal changes to how vault items are sorted, possibly related to comparator logic introduced or adjusted in that period. - Using >500 vault entries, I identified the cause via script: duplicate titles + special Unicode in names → crash. - Based on the crash log (`IllegalArgumentException: Comparison method violates its general contract!`), this strongly suggests that the issue is caused by a faulty comparator when sorting entries. - Titles with diacritics (e.g. Ä, Ö, Ü), emojis, or visually identical duplicates may break the comparator’s consistency, causing TimSort to fail. - The crash does not always happen immediately: sometimes the app opens briefly and crashes after a few seconds; other times it crashes right after unlocking. Once the crash starts happening shortly after launch, reinstalling the app usually results in immediate crashes every time. - After a fresh installation via the Play Store, the crash usually happens shortly after unlocking – often within a few seconds, but occasionally the app remains usable a bit longer before crashing. When installed via F-Droid, the app seemed to run noticeably longer before failing; however, this was only tested once and may not be representative. - Switching KDFs or clearing cache/data had no effect. - The same account works flawlessly in the Web Vault and on Desktop clients. ### Suggested Fix Ensure the Comparator used for sorting vault entries in the Android client: - is transitive and stable - properly handles Unicode (e.g. via `Collator` or safe `Comparator.comparing(...)`) - gracefully skips or isolates invalid or ambiguous entries - avoids relying on `String.compareTo(...)` alone, as it may fail with composed Unicode or locale-specific characters - optionally: use locale-aware, normalized comparisons (`Normalizer.normalize(...)`) to prevent hidden inconsistencies between visually identical strings ### Build Version 2025.4.0 (Latest on google playstore) ### What server are you connecting to? EU ### Self-host Server Version No ### Environment Details Device: Pixel 9 Pro & Samsung Galaxy Tab S9 Plus OS: Android 15 KDF: Argon2id, 64MB, 3 iterations, parallelism 2 Rooted: No Plan: Family ### Related Issues This seems related to (or the same as) issue [#4651](https://github.com/bitwarden/android/issues/4651) ### Issue Tracking Info - [x] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
GiteaMirror added the bugapp:password-manager labels 2026-04-18 12:00:14 -05:00
GiteaMirror commented 2026-04-18 12:00:16 -05:00
Author
Owner
Copy Link

@bitwarden-bot commented on GitHub (Jun 3, 2025):

Thank you for your report! We've added this to our internal board for review.
ID: PM-22327

<!-- gh-comment-id:2934623189 --> @bitwarden-bot commented on GitHub (Jun 3, 2025): Thank you for your report! We've added this to our internal board for review. ID: PM-22327
GiteaMirror commented 2026-04-18 12:00:17 -05:00
Author
Owner
Copy Link

@daniellbw commented on GitHub (Jun 3, 2025):

Hi there,

This issue has been escalated for further investigation. If you have more information that can help us, please add it below.

Thanks!

<!-- gh-comment-id:2934733495 --> @daniellbw commented on GitHub (Jun 3, 2025): Hi there, This issue has been escalated for further investigation. If you have more information that can help us, please add it below. Thanks!
GiteaMirror commented 2026-04-18 12:00:18 -05:00
Author
Owner
Copy Link

@Halil0927 commented on GitHub (Jun 4, 2025):

Hi there,

This issue has been escalated for further investigation. If you have more information that can help us, please add it below.

Thanks!

Hi there,
Thanks for following up. I've just edited my report to include new details that may help with the investigation.

Let me know if I can assist further!

<!-- gh-comment-id:2939656458 --> @Halil0927 commented on GitHub (Jun 4, 2025): > Hi there, > > This issue has been escalated for further investigation. If you have more information that can help us, please add it below. > > Thanks! Hi there, Thanks for following up. I've just edited my report to include new details that may help with the investigation. Let me know if I can assist further!
GiteaMirror commented 2026-04-18 12:00:18 -05:00
Author
Owner
Copy Link

@Razor221 commented on GitHub (Jun 12, 2025):

@Halil0927 Based on your username, I assume you are Turkish, right? Like you, I have over 500 entries, and some of them contain diacritics. I think we are having the same problem. I hope the bitwarden team fixes this. In the meantime, I switched to Proton Pass free plan only for Android, but it doesn't support credit card autofill on the free plan.

<!-- gh-comment-id:2968193219 --> @Razor221 commented on GitHub (Jun 12, 2025): @Halil0927 Based on your username, I assume you are Turkish, right? Like you, I have over 500 entries, and some of them contain diacritics. I think we are having the same problem. I hope the bitwarden team fixes this. In the meantime, I switched to Proton Pass free plan only for Android, but it doesn't support credit card autofill on the free plan.
GiteaMirror commented 2026-04-18 12:00:19 -05:00
Author
Owner
Copy Link

@Halil0927 commented on GitHub (Jun 19, 2025):

@Halil0927 Based on your username, I assume you are Turkish, right? Like you, I have over 500 entries, and some of them contain diacritics. I think we are having the same problem. I hope the bitwarden team fixes this. In the meantime, I switched to Proton Pass free plan only for Android, but it doesn't support credit card autofill on the free plan.

Yes, that's right. Sounds like we’re running into the same issue – hopefully Bitwarden will fix it soon. Would be great to keep using it reliably on Android again. Thanks for sharing your experience!

<!-- gh-comment-id:2987553629 --> @Halil0927 commented on GitHub (Jun 19, 2025): > [@Halil0927](https://github.com/Halil0927) Based on your username, I assume you are Turkish, right? Like you, I have over 500 entries, and some of them contain diacritics. I think we are having the same problem. I hope the bitwarden team fixes this. In the meantime, I switched to Proton Pass free plan only for Android, but it doesn't support credit card autofill on the free plan. Yes, that's right. Sounds like we’re running into the same issue – hopefully Bitwarden will fix it soon. Would be great to keep using it reliably on Android again. Thanks for sharing your experience!
GiteaMirror commented 2026-04-18 12:00:21 -05:00
Author
Owner
Copy Link

@Razor221 commented on GitHub (Jun 19, 2025):

I tried to clear all diacritics, etc, from my entry names to the best of my ability, but still bitwarden crashes on Android. iOS is fine; It doesn't have the same problem as Android does.

@Halil0927 You gave bitwarden pretty good suggestions, I hope their dev team considers those. Maybe they can use the same code from their iOS version, which works flawlessly.

<!-- gh-comment-id:2989165303 --> @Razor221 commented on GitHub (Jun 19, 2025): I tried to clear all diacritics, etc, from my entry names to the best of my ability, but still bitwarden crashes on Android. iOS is fine; It doesn't have the same problem as Android does. @Halil0927 You gave bitwarden pretty good suggestions, I hope their dev team considers those. Maybe they can use the same code from their iOS version, which works flawlessly.
GiteaMirror commented 2026-04-18 12:00:22 -05:00
Author
Owner
Copy Link

@Halil0927 commented on GitHub (Jun 20, 2025):

@Razor221 Thanks for your input — I initially suspected that diacritics or other special characters might be the cause, so I cleaned up my vault by removing them from all entry names and even deleted or renamed suspicious entries. However, the crash still persisted, which was puzzling at first.

To investigate further, I ran a manual analysis of my vault using a Python script. I found that many entries contained emojis, special characters, or duplicate titles — but none had null or empty strings. So while I didn’t see any obviously invalid data, there were several cases that could affect how sorting behaves under the hood.

The crash log revealed a more specific issue:

java.lang.IllegalArgumentException: Comparison method violates its general contract!

This suggests that the comparator used for sorting entries (probably by title) is not fully stable under all input conditions — likely violating transitivity or consistency in some edge cases. That explains why even after deleting "suspicious" entries, the problem remained: the underlying sort logic can still break depending on subtle string variations or duplicates.

Interestingly, this issue doesn't occur on iOS, likely because it uses a different or more robust sort implementation. I agree that aligning Android's logic with iOS might help prevent this class of bugs.

Appreciate your suggestions — they definitely helped validate the direction of this investigation.

<!-- gh-comment-id:2991640185 --> @Halil0927 commented on GitHub (Jun 20, 2025): @Razor221 Thanks for your input — I initially suspected that diacritics or other special characters might be the cause, so I cleaned up my vault by removing them from all entry names and even deleted or renamed suspicious entries. However, **the crash still persisted**, which was puzzling at first. To investigate further, I ran a manual analysis of my vault using a Python script. I found that many entries contained **emojis, special characters, or duplicate titles** — but none had `null` or empty strings. So while I didn’t see any obviously invalid data, there were several cases that could affect how sorting behaves under the hood. The crash log revealed a more specific issue: ```java java.lang.IllegalArgumentException: Comparison method violates its general contract! ``` This suggests that the comparator used for sorting entries (probably by title) is not fully stable under all input conditions — likely violating transitivity or consistency in some edge cases. That explains why even after deleting "suspicious" entries, the problem remained: the underlying sort logic can still break depending on subtle string variations or duplicates. Interestingly, this issue doesn't occur on iOS, likely because it uses a different or more robust sort implementation. I agree that aligning Android's logic with iOS might help prevent this class of bugs. Appreciate your suggestions — they definitely helped validate the direction of this investigation.
GiteaMirror commented 2026-04-18 12:00:22 -05:00
Author
Owner
Copy Link

@Razor221 commented on GitHub (Jun 20, 2025):

@Razor221 Thanks for your input — I initially suspected that diacritics or other special characters might be the cause, so I cleaned up my vault by removing them from all entry names and even deleted or renamed suspicious entries. However, the crash still persisted, which was puzzling at first.

To investigate further, I ran a manual analysis of my vault using a Python script. I found that many entries contained emojis, special characters, or duplicate titles — but none had null or empty strings. So while I didn’t see any obviously invalid data, there were several cases that could affect how sorting behaves under the hood.

The crash log revealed a more specific issue:

java.lang.IllegalArgumentException: Comparison method violates its general contract!

This suggests that the comparator used for sorting entries (probably by title) is not fully stable under all input conditions — likely violating transitivity or consistency in some edge cases. That explains why even after deleting "suspicious" entries, the problem remained: the underlying sort logic can still break depending on subtle string variations or duplicates.

Interestingly, this issue doesn't occur on iOS, likely because it uses a different or more robust sort implementation. I agree that aligning Android's logic with iOS might help prevent this class of bugs.

Appreciate your suggestions — they definitely helped validate the direction of this investigation.

Thank you for debugging this issue further than I could ever do by myself. I'm no programmer. I only know how to get adb logs, but I couldn't understand what they meant.

Earlier, I uploaded my adb crash logs to my issue and compared them with yours. The app gives exact errors before and after the crash. I hope bitwarden solves this problem, and I don't think it would be a hard fix because the crash exclusively happens on Android, they can easily implement it from other sources. On other platforms, bitwarden is rock solid. It's probably the best free password manager I have used to this day.

<!-- gh-comment-id:2993008514 --> @Razor221 commented on GitHub (Jun 20, 2025): > [@Razor221](https://github.com/Razor221) Thanks for your input — I initially suspected that diacritics or other special characters might be the cause, so I cleaned up my vault by removing them from all entry names and even deleted or renamed suspicious entries. However, **the crash still persisted**, which was puzzling at first. > > To investigate further, I ran a manual analysis of my vault using a Python script. I found that many entries contained **emojis, special characters, or duplicate titles** — but none had `null` or empty strings. So while I didn’t see any obviously invalid data, there were several cases that could affect how sorting behaves under the hood. > > The crash log revealed a more specific issue: > > java.lang.IllegalArgumentException: Comparison method violates its general contract! > > This suggests that the comparator used for sorting entries (probably by title) is not fully stable under all input conditions — likely violating transitivity or consistency in some edge cases. That explains why even after deleting "suspicious" entries, the problem remained: the underlying sort logic can still break depending on subtle string variations or duplicates. > > Interestingly, this issue doesn't occur on iOS, likely because it uses a different or more robust sort implementation. I agree that aligning Android's logic with iOS might help prevent this class of bugs. > > Appreciate your suggestions — they definitely helped validate the direction of this investigation. Thank you for debugging this issue further than I could ever do by myself. I'm no programmer. I only know how to get adb logs, but I couldn't understand what they meant. Earlier, I uploaded my adb crash logs to my issue and compared them with yours. The app gives exact errors before and after the crash. I hope bitwarden solves this problem, and I don't think it would be a hard fix because the crash exclusively happens on Android, they can easily implement it from other sources. On other platforms, bitwarden is rock solid. It's probably the best free password manager I have used to this day.
GiteaMirror commented 2026-04-18 12:00:23 -05:00
Author
Owner
Copy Link

@david-livefront commented on GitHub (Aug 25, 2025):

This bug has been addressed in this PR.

The changes will be available to the public in the 2025.8.1 release.

<!-- gh-comment-id:3220721845 --> @david-livefront commented on GitHub (Aug 25, 2025): This bug has been addressed in [this PR](https://github.com/bitwarden/android/pull/5762). The changes will be available to the public in the 2025.8.1 release.
GiteaMirror commented 2026-04-18 12:00:24 -05:00
Author
Owner
Copy Link

@Razor221 commented on GitHub (Aug 29, 2025):

#5762 Fixed the issue for me and it's rock solid now

<!-- gh-comment-id:3236036521 --> @Razor221 commented on GitHub (Aug 29, 2025): #5762 Fixed the issue for me and it's rock solid now
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
app:authenticator
app:password-manager
bug
bug-passkey
customer-support
duplicate
enhancement
good first issue
help wanted
needs-reply
needs-response
pull-request
Mirrored from GitHub Pull Request
 question
No Label app:password-manager bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/android#28130
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?