firebase-ios-sdk icon indicating copy to clipboard operation
firebase-ios-sdk copied to clipboard

Published 20 hours ago verified publisher icon firebase

When I use NSProxy to hook NSURLSession, I get a crash in +[GULSwizzler ivarObjectsForObject].

Open ritchie7 opened this issue 2 years ago • 6 comments 

+ (NSArray<id> *)ivarObjectsForObject:(id)object {
  NSMutableArray *array = [NSMutableArray array];
  unsigned int count;
  Ivar *vars = class_copyIvarList([object class], &count);
  for (NSUInteger i = 0; i < count; i++) {
    const char *typeEncoding = ivar_getTypeEncoding(vars[i]);
    // Check to see if the ivar is an object.
    if (strncmp(typeEncoding, "@", 1) == 0) {
      id ivarObject = object_getIvar(object, vars[i]);
      [array addObject:ivarObject];
    }
  }
  free(vars);
  return array;
}

In my project, object is a real obj for NSURLSession's NSProxy, and class_copyIvarList([object class], &count) is the function that gets the real object (NSURLSession instance). When the code reaches object_getIvar(), an EXC_BAD_ACCESS crash will occur.

thanks.

ritchie7 avatar Jun 27 '22 09:06 ritchie7

I found a few problems with this issue:

  • I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
  • This issue does not seem to follow the issue template. Make sure you provide all the required information.

google-oss-bot avatar Jun 27 '22 09:06 google-oss-bot

Thanks for reporting, @ritchie7. Please fill out the needed information from the template so we could try to reproduce the issue.

rizafran avatar Jun 27 '22 11:06 rizafran

Sorry, here is the information I added:

  • Xcode version: 13.2.1 (13C100)
  • Firebase SDK version: 8.14.0
  • Installation method: CocoaPods
  • Firebase Component: Analytics, Core, Database, Firestore, Messaging, Storage, Performance, RemoteConfig, FirebaseAnalytics, FirebaseABTesting
  • Target platform(s): iOS

CleanShot 2022-06-28 at 10 15 57@2x

In my project, object is a real obj for NSURLSession's NSProxy, and class_copyIvarList([object class], &count) is the function that gets the real object (NSURLSession instance). When the code reaches object_getIvar(), an EXC_BAD_ACCESS crash will occur.

Here is my code for hooking NSURLSession.

// The implementation of `NSProxy1`/`NSProxy2` and GULProxy is the same.
+ (NSURLSession *)swizzling_sharedSession {
    NSURLSession *session = [NSProxy1 proxyWithTarget:[self swizzling_sharedSession]];
    return session;
}

+ (NSURLSession *)swizzling_sessionWithConfiguration:(NSURLSessionConfiguration *)configuration
                                    delegate:(id<NSURLSessionDelegate>)delegate
                               delegateQueue:(NSOperationQueue *)queue {
    
    id delegateProxy = [NSProxy2  proxyWithTarget:delegate];
    
    NSURLSession *session = [self swizzling_sessionWithConfiguration:configuration
                                                    delegate:delegateProxy
                                               delegateQueue:queue];
    return (id<NSObject>)[NSProxy1 proxyWithTarget:session];
}

Thanks

ritchie7 avatar Jun 28 '22 02:06 ritchie7

Does removing FirebasePerformance make a difference?

paulb777 avatar Jun 28 '22 22:06 paulb777

Thank you for your reply. If firebasePerformance is removed, the crash will not occur, because -[FPRNSURLSessionInstrument registerProxyObject:] is not executed.

ritchie7 avatar Jun 29 '22 02:06 ritchie7

Thanks. I'll assign to the Performance team for investigation.

paulb777 avatar Jun 29 '22 19:06 paulb777