ios icon indicating copy to clipboard operation
ios copied to clipboard

Published 20 hours ago verified publisher icon NativeScript

Garbage pointer dereference using v 8.2.3

Open kryptus36 opened this issue 2 years ago • 2 comments

OS Version: iOS 15.4.1 (19E258) Report Version: 104

Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: BUS_NOOP at 0x1900007463656a6a Crashed Thread: 6

Application Specific Information: permessage_deflate > Attempted to dereference garbage pointer 0x1900007463656a6a.

Thread 6 Crashed: 0 NativeScript 0x102313b2c v8::internal::JSArrayBuffer::GetBackingStore 1 NativeScript 0x1020ac240 v8::ArrayBuffer::GetBackingStore 2 NativeScript 0x102001e64 -[NSDataAdapter mutableBytes] 3 Foundation 0x35aa2c318 -[NSData(NSData) enumerateByteRangesUsingBlock:] 4 Foundation 0x35aa149b0 _NSDataCreateDispatchDataFromData 5 CFNetwork 0x358c7ef70 _CFHTTPServerResponseEnqueue 6 CFNetwork 0x358c7b180 _CFHTTPServerResponseEnqueue 7 CFNetwork 0x358c7ecd8 _CFHTTPServerResponseEnqueue 8 libdispatch.dylib 0x357413e64 _dispatch_call_block_and_release 9 libdispatch.dylib 0x357415a28 _dispatch_client_callout 10 libdispatch.dylib 0x35741d120 _dispatch_lane_serial_drain 11 libdispatch.dylib 0x35741dcb0 _dispatch_lane_invoke 12 libdispatch.dylib 0x3574284fc _dispatch_workloop_worker_thread 13 libsystem_pthread.dylib 0x43a9ab0b8 _pthread_wqthread

Thread 0 0 libobjc.A.dylib 0x3893e9f04 objc_msgSend 1 NativeScript 0x102080044 ffi_call_SYSV 2 NativeScript 0x10207cac8 ffi_call_int 3 NativeScript 0x10201f9dc tns::Interop::CallFunctionInternal 4 NativeScript 0x101f8aaec tns::ArgConverter::Invoke 5 NativeScript 0x101fdd658 tns::MetadataBuilder::InvokeMethod 6 NativeScript 0x101fdcefc tns::MetadataBuilder::MethodCallback 7 NativeScript 0x1021140e4 v8::internal::FunctionCallbackArguments::Call 8 NativeScript 0x1021135e4 v8::internal::(anonymous namespace)::HandleApiCallHelper<T> 9 NativeScript 0x102112d7c v8::internal::Builtin_Impl_HandleApiCall 10 NativeScript 0x1027ee64c Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_BuiltinExit 11 NativeScript 0x102787818 [inlined] Builtins_InterpreterEntryTrampoline 12 NativeScript 0x102787818 [inlined] Builtins_InterpreterEntryTrampoline 13 NativeScript 0x102787818 [inlined] Builtins_InterpreterEntryTrampoline 14 NativeScript 0x102787818 [inlined] Builtins_InterpreterEntryTrampoline 15 NativeScript 0x102787818 [inlined] Builtins_InterpreterEntryTrampoline 16 NativeScript 0x102787818 Builtins_InterpreterEntryTrampoline 17 NativeScript 0x102834d38 Builtins_PromiseFulfillReactionJob 18 NativeScript 0x1027a6e14 Builtins_RunMicrotasks 19 NativeScript 0x1027854c4 Builtins_JSRunMicrotasksEntry 20 NativeScript 0x10225fc7c v8::internal::(anonymous namespace)::Invoke 21 NativeScript 0x102260248 v8::internal::(anonymous namespace)::InvokeWithTryCatch 22 NativeScript 0x10226033c v8::internal::Execution::TryRunMicrotasks 23 NativeScript 0x1023ca708 v8::internal::MicrotaskQueue::RunMicrotasks 24 NativeScript 0x1023ca530 v8::internal::MicrotaskQueue::PerformCheckpoint 25 NativeScript 0x10230c8a8 v8::internal::Isolate::FireCallCompletedCallback 26 NativeScript 0x1020b2894 v8::Function::Call 27 NativeScript 0x101f8bf90 tns::ArgConverter::MethodCallback 28 NativeScript 0x10207d264 ffi_closure_SYSV_inner 29 NativeScript 0x1020801b4 .Ldo_closure 30 Foundation 0x35aa260b8 __NSFireTimer 31 CoreFoundation 0x357ac7164 CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION 32 CoreFoundation 0x357a4b140 __CFRunLoopDoTimer 33 CoreFoundation 0x357a458ec __CFRunLoopDoTimers 34 CoreFoundation 0x357a23f9c __CFRunLoopRun 35 CoreFoundation 0x357a376b4 CFRunLoopRunSpecific 36 GraphicsServices 0x38fb89370 GSEventRunModal 37 UIKitCore 0x35c80de84 -[UIApplication _run] 38 UIKitCore 0x35c58f5e8 UIApplicationMain 39 NativeScript 0x102080044 ffi_call_SYSV 40 NativeScript 0x10207cac8 ffi_call_int 41 NativeScript 0x10201f9dc tns::Interop::CallFunctionInternal 42 NativeScript 0x101fe265c std::__1::__function::__func<T>::operator() 43 NativeScript 0x102042c04 tns::Tasks::Drain 44 NativeScript 0x10203cfd0 -[NativeScript initWithConfig:] 45 bingoplus 0x200d19cf4 46 0x101e4dce4

Thread 1 name: V8 DefaultWorke 0 libsystem_kernel.dylib 0x3c70cdf64 __psynch_cvwait 1 libsystem_pthread.dylib 0x43a9b2294 _pthread_cond_wait 2 NativeScript 0x1028b8a10 v8::platform::DelayedTaskQueue::GetNext 3 NativeScript 0x1028b865c v8::platform::DefaultWorkerThreadsTaskRunner::WorkerThread::Run 4 NativeScript 0x1028b08cc v8::base::ThreadEntry 5 libsystem_pthread.dylib 0x43a9ab9a8 _pthread_start

Thread 2 name: V8 DefaultWorke 0 libsystem_kernel.dylib 0x3c70cdf64 __psynch_cvwait 1 libsystem_pthread.dylib 0x43a9b2294 _pthread_cond_wait 2 NativeScript 0x1028b8a10 v8::platform::DelayedTaskQueue::GetNext 3 NativeScript 0x1028b865c v8::platform::DefaultWorkerThreadsTaskRunner::WorkerThread::Run 4 NativeScript 0x1028b08cc v8::base::ThreadEntry 5 libsystem_pthread.dylib 0x43a9ab9a8 _pthread_start

Thread 3 name: V8 DefaultWorke 0 libsystem_kernel.dylib 0x3c70cdf64 __psynch_cvwait 1 libsystem_pthread.dylib 0x43a9b2294 _pthread_cond_wait 2 NativeScript 0x1028b8a10 v8::platform::DelayedTaskQueue::GetNext 3 NativeScript 0x1028b865c v8::platform::DefaultWorkerThreadsTaskRunner::WorkerThread::Run 4 NativeScript 0x1028b08cc v8::base::ThreadEntry 5 libsystem_pthread.dylib 0x43a9ab9a8 _pthread_start

Thread 4 name: V8 DefaultWorke 0 libsystem_kernel.dylib 0x3c70cdf64 __psynch_cvwait 1 libsystem_pthread.dylib 0x43a9b2294 _pthread_cond_wait 2 NativeScript 0x1028b8a10 v8::platform::DelayedTaskQueue::GetNext 3 NativeScript 0x1028b865c v8::platform::DefaultWorkerThreadsTaskRunner::WorkerThread::Run 4 NativeScript 0x1028b08cc v8::base::ThreadEntry 5 libsystem_pthread.dylib 0x43a9ab9a8 _pthread_start

Thread 5 name: V8 DefaultWorke 0 libsystem_kernel.dylib 0x3c70cdf64 __psynch_cvwait 1 libsystem_pthread.dylib 0x43a9b2294 _pthread_cond_wait 2 NativeScript 0x1028b8a10 v8::platform::DelayedTaskQueue::GetNext 3 NativeScript 0x1028b865c v8::platform::DefaultWorkerThreadsTaskRunner::WorkerThread::Run 4 NativeScript 0x1028b08cc v8::base::ThreadEntry 5 libsystem_pthread.dylib 0x43a9ab9a8 _pthread_start

Thread 6 Crashed: 0 NativeScript 0x102313b2c v8::internal::JSArrayBuffer::GetBackingStore 1 NativeScript 0x1020ac240 v8::ArrayBuffer::GetBackingStore 2 NativeScript 0x102001e64 -[NSDataAdapter mutableBytes] 3 Foundation 0x35aa2c318 -[NSData(NSData) enumerateByteRangesUsingBlock:] 4 Foundation 0x35aa149b0 _NSDataCreateDispatchDataFromData 5 CFNetwork 0x358c7ef70 _CFHTTPServerResponseEnqueue 6 CFNetwork 0x358c7b180 _CFHTTPServerResponseEnqueue 7 CFNetwork 0x358c7ecd8 _CFHTTPServerResponseEnqueue 8 libdispatch.dylib 0x357413e64 _dispatch_call_block_and_release 9 libdispatch.dylib 0x357415a28 _dispatch_client_callout 10 libdispatch.dylib 0x35741d120 _dispatch_lane_serial_drain 11 libdispatch.dylib 0x35741dcb0 _dispatch_lane_invoke 12 libdispatch.dylib 0x3574284fc _dispatch_workloop_worker_thread 13 libsystem_pthread.dylib 0x43a9ab0b8 _pthread_wqthread

Thread 7 0 libsystem_kernel.dylib 0x3c70cda6c __semwait_signal 1 libsystem_c.dylib 0x36dcd50d8 nanosleep 2 libsystem_c.dylib 0x36dce937c sleep 3 Sentry 0x1035aea20 monitorCachedData 4 libsystem_pthread.dylib 0x43a9ab9a8 _pthread_start

Thread 8 name: SentryCrash Exception Handler (Secondary) 0 libsystem_kernel.dylib 0x3c70cd4e0 mach_msg_trap 1 libsystem_kernel.dylib 0x3c70cdb20 mach_msg 2 Sentry 0x1035bbd6c handleExceptions 3 libsystem_pthread.dylib 0x43a9ab9a8 _pthread_start

Thread 10 name: com.apple.uikit.eventfetch-thread 0 libsystem_kernel.dylib 0x3c70cd4e0 mach_msg_trap 1 libsystem_kernel.dylib 0x3c70cdb20 mach_msg 2 CoreFoundation 0x357a1f81c __CFRunLoopServiceMachPort 3 CoreFoundation 0x357a23ca8 __CFRunLoopRun 4 CoreFoundation 0x357a376b4 CFRunLoopRunSpecific 5 Foundation 0x35aa0c410 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] 6 Foundation 0x35aa4dca8 -[NSRunLoop(NSRunLoop) runUntilDate:] 7 UIKitCore 0x35c787fac -[UIEventFetcher threadMain] 8 Foundation 0x35aa5c558 NSThread__start 9 libsystem_pthread.dylib 0x43a9ab9a8 _pthread_start

Thread 11 name: com.apple.NSURLConnectionLoader 0 libsystem_kernel.dylib 0x3c70cd4e0 mach_msg_trap 1 libsystem_kernel.dylib 0x3c70cdb20 mach_msg 2 CoreFoundation 0x357a1f81c __CFRunLoopServiceMachPort 3 CoreFoundation 0x357a23ca8 __CFRunLoopRun 4 CoreFoundation 0x357a376b4 CFRunLoopRunSpecific 5 CFNetwork 0x358ccb4d4 _CFURLStorageSessionDisableCache 6 Foundation 0x35aa5c558 NSThread__start 7 libsystem_pthread.dylib 0x43a9ab9a8 _pthread_start

Thread 12 0 libsystem_kernel.dylib 0x3c70cdab4 __workq_kernreturn 1 libsystem_pthread.dylib 0x43a9ab104 _pthread_wqthread

Thread 13 0 libsystem_kernel.dylib 0x3c70cdab4 __workq_kernreturn 1 libsystem_pthread.dylib 0x43a9ab104 _pthread_wqthread

Thread 14 0 libsystem_pthread.dylib 0x43a9aae54 start_wqthread

EOF

kryptus36 avatar May 17 '22 20:05 kryptus36

Please provide more information. These stack traces can help us identify where the crash happened natively but aren't of much use without the accompanying JS stack trace or way to reproduce it.

This case specifically is probably an issue with accessing some ArrayBuffer that was released somewhere along the way, but this is just an educated guess.

edusperoni avatar May 17 '22 21:05 edusperoni

According to the sentry breadcrumbs the last thing to happen before the crash was a successful network call.

GET https://..... [200]

{reason: no error, request_body_size: 0, response_body_size: 5051}

beyond that, I have asked for help in discord on how to configure sentry to provide more info. I don't know how to get the js stack :(

kryptus36 avatar May 17 '22 23:05 kryptus36