KVC can corrupt NSObjects isa & return garbage.

[psineur]

When getting struct value with memory footprint not multiple of 4 ( i.e. ccColor3B - 3 bytes) with valueForKey: via property's/method name (not via ivar name) - isa pointer can be changed (sic!).

Looks like it happens on iOS 4.3

Affected:

• iPhone 4 with iOS 4.3.2
• iPod Touch 4G with iOS 4.3.1
• iPad 2 with iOS 4.3.5
• 4.3 Simulator ( 5 bytes struct crashes, 4 bytes struct works ok)

Nonaffected:

• iPad 2 with iOS 5.0.1
• Mac OS X 10.7.2
• 5.0 Simulator

[psineur]

Update: this happens with struct like { GLubyte r; GLubyte g; GLubyte b; }

but not with

{ GLubyte r; GLubyte g; GLubyte b;
GLubyte reserved1; GLubyte reserved2; }

Probably KVC can get struct with property/method properly only if it's size > 4 bytes. Bigger, not bigger or equal!

[psineur]

Update: restoring isa can help avoid crashes after using valueForKey: BUT! value that gets returned can be garbage.

[psineur]

Update: tested on iPad 2 with iOS 5.0.1 - works ok, bug doesn't exist. Updated first post.

[psineur]

Update: tested on iPad 2 with iOS 4.3.5 - affected.

[psineur]

Update: ccColor3B should be 4 bytes under 4.3 simulator to avoid KVC failure.