Crash on iPhone

[chanduthedev]

Hi Brian, I can able to transfer data using Quiet framework in iOS. But consistently app is crashing in iOS due to below error message. I think this is related incorrect memory access. But I didn't do any code changes related to memory issue. Can you please help on this? You can find the code if required https://github.com/chanduthedev/iOS/tree/master/QuietShare

Error log:

2019-05-06 11:39:28.695414+0800 TestSoundPayment[745:112219] In receive profile :ultrasonic-experimental TestSoundPayment(745,0x104cfebc0) malloc: Incorrect checksum for freed object 0x10581f000: probably modified after being freed. Corrupt value: 0x0 TestSoundPayment(745,0x104cfebc0) malloc: *** set a breakpoint in malloc_error_break to debug (lldb)

Crash backtrace:

[brian-armstrong]

Hi,

Are you sure that your repo contains the most recent version of your code? Your stacktrace references lines/functions that don't seem to exist.

[chanduthedev]

HI Brian, Thanks for quick reply. Yes backtrace is from that repo only. Please check another latest backtrace below which is also taken from same repo, but some UI changes in storyboard. I hope UI changes wont effect this crash.

Crash logs:

2019-05-06 17:47:48.714653+0800 QuietShare[1094:179918] granted is 1 QuietShare(1094,0x1024fabc0) malloc: Incorrect checksum for freed object 0x120869000: probably modified after being freed. Corrupt value: 0x0 QuietShare(1094,0x1024fabc0) malloc: *** set a breakpoint in malloc_error_break to debug (lldb) bt QuietModemKit was compiled with optimization - stepping may behave oddly; variables may not be available. warning: could not execute support code to read Objective-C class data in the process. This may reduce the quality of type information available.

• thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGABRT frame #0: 0x0000000190ca20dc libsystem_kernel.dylib__pthread_kill + 8 frame #1: 0x0000000190d1b094 libsystem_pthread.dylibpthread_kill$VARIANT$mp + 380 frame #2: 0x0000000190bfbea8 libsystem_c.dylibabort + 140 frame #3: 0x0000000190cf5780 libsystem_malloc.dylibmalloc_vreport + 564 frame #4: 0x0000000190cf59a8 libsystem_malloc.dylibmalloc_zone_error + 100 frame #5: 0x0000000190ce3b30 libsystem_malloc.dylibfree_list_checksum_botch + 36 frame #6: 0x0000000190ce0ff4 libsystem_malloc.dylibsmall_free_list_remove_ptr_no_clear + 1232 frame #7: 0x0000000190ce1e94 libsystem_malloc.dylibfree_small + 676 frame #8: 0x00000001025cf748 QuietModemKit`flexframesync_destroy + 80
  • frame #9: 0x000000010259a720 QuietModemKitquiet_decoder_destroy(d=0x000000011fd0bf40) at decoder.c:708:9 [opt] frame #10: 0x0000000102598094 QuietModemKit-[QuietReceiver dealloc](self=0x000000028326eca0, _cmd=) at QuietReceiver.m:69:3 [opt] frame #11: 0x00000001902de7cc libobjc.A.dylibobject_cxxDestructFromClass(objc_object*, objc_class*) + 148 frame #12: 0x00000001902ee6b8 libobjc.A.dylibobjc_destructInstance + 68 frame #13: 0x00000001902ee720 libobjc.A.dylibobject_dispose + 16 frame #14: 0x0000000102596c90 QuietModemKit-[QMFrameReceiver dealloc](self=0x0000000282717600, _cmd=) at QMFrameReceiver.m:124:1 [opt] frame #15: 0x00000001021f8ce8 QuietShare-[ViewController rcvText:](self=0x000000011fd13480, _cmd="rcvText:", sender=0x000000011fe07400) at ViewController.m:41:8 frame #16: 0x00000001bd649230 UIKitCore-[UIApplication sendAction:to:from:forEvent:] + 96 frame #17: 0x00000001bd0f2af8 UIKitCore-[UIControl sendAction:to:forEvent:] + 80 frame #18: 0x00000001bd0f2e18 UIKitCore-[UIControl _sendActionsForEvents:withEvent:] + 440 frame #19: 0x00000001bd0f1e84 UIKitCore-[UIControl touchesEnded:withEvent:] + 568 frame #20: 0x00000001bd68029c UIKitCore-[UIWindow _sendTouchesForEvent:] + 2108 frame #21: 0x00000001bd6814c4 UIKitCore-[UIWindow sendEvent:] + 3140 frame #22: 0x00000001bd661534 UIKitCore-[UIApplication sendEvent:] + 340 frame #23: 0x00000001bd7277c0 UIKitCore__dispatchPreprocessedEventFromEventQueue + 1768 frame #24: 0x00000001bd729eec UIKitCore__handleEventQueueInternal + 4828 frame #25: 0x00000001bd72311c UIKitCore__handleHIDEventFetcherDrain + 152 frame #26: 0x00000001910962bc CoreFoundationCFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION + 24 frame #27: 0x000000019109623c CoreFoundation__CFRunLoopDoSource0 + 88 frame #28: 0x0000000191095b24 CoreFoundation__CFRunLoopDoSources0 + 176 frame #29: 0x0000000191090a60 CoreFoundation__CFRunLoopRun + 1004 frame #30: 0x0000000191090354 CoreFoundationCFRunLoopRunSpecific + 436 frame #31: 0x000000019329079c GraphicsServicesGSEventRunModal + 104 frame #32: 0x00000001bd647b68 UIKitCoreUIApplicationMain + 212 frame #33: 0x00000001021fa168 QuietSharemain(argc=1, argv=0x000000016dc0b960) at main.m:14:16 frame #34: 0x0000000190b568e0 libdyld.dylibstart + 4 (lldb)

Crash backtrace:

[brian-armstrong]

Unfortunately I don'trealy have time to look into this right now. I believe the tests in QuietModemKit do try to test that dealloc works though. Can you verify whether the tests pass for you, and if so, can you try to modify them to reproduce the behavior you're seeing here? If I do get some time for this, it will be much easier for me look into it inside the tests.

[chanduthedev]

Thanks for the suggestion @brian-armstrong . I will try to run test cases and update if I face any issues. Thanks again for the prompt response.

[chanduthedev]

Hi @brian-armstrong , I am getting below error while building QuietModemKit in xcode. Please let me know id I need to do any settings in xcode. I can able to build successfully using 'carthage update'

Error message:

does not appear to contain CMakeLists.txt.

[chanduthedev]

Hi @brian-armstrong I can able to resolve some of the dependency issues while building QuietModemKit binary for running tests cases in xcode and I struck with below error. Can you please check if you can help on this error.

[brian-armstrong]

It looks like you're missing the submodules. You might need to do something like git submodule update --init --recursive

[chanduthedev]

thanks very much @brian-armstrong . Actually I installed all sub modules manually, after submodules installation I tried to build, then only I got this error.

[chanduthedev]

I cloned in a separate folder and did git submodule update --init --recursive. Now I can able to build successfully and able to run the test cases. thanks @brian-armstrong. Now I will try to modify test cases to reproduce my scenario in test cases.

[chanduthedev]

Hi @brian-armstrong I tried with test cases and no crash issue occurred. Let me explain my scenario, so that you will get better understanding of the crash.

My app has three buttons as below.

1. Receive (to receive data, listening mode)
2. Send (To send data, sending mode)
3. Cancel (Cancelling the send mode)

Scenario 1 (No crash):

If I use CFRunLoopRun() in sending/receive mode , crash is not happening. But once started, we cant stop sending/receiving mode in this scenario.

Scenario 2 (Crash issue):

To have more control on sending/receive mode, I added timer instead of CFRunLoopRun(). In this case crash is happening. 1. Receive: When click on this button, I am calling setblocking method for 10 secs. So app will be in listening mode for 10 secs and stops after 10 sec if no data is received or stops whenever data received. 2. Send: When click on this button, Timer will start for 1sec and ultrasonic-experimental profile sound will be generated for every sec until cancel button clicked. 3. Cancel : This will stop the timer for sending data.

Below are the steps to reproduce crash issue:

1. Click on receive button, (button will be disabled until data received or for 10secs)
2. send data from other device
3. Repeat from step1

My Analyses:

• In Scenario 1, there was no crash as we are using CFRunLoopRun

   QMReceiverConfig *rxConf = [[QMReceiverConfig alloc] initWithKey:_selectedProfile];
   QMFrameReceiver *rx = [[QMFrameReceiver alloc] initWithConfig:rxConf];
   CFRunLoopRun();
    if (rx != nil) {
        [rx close];
    }

• In Scenario 2, crash is occurring when using setblocking and closing when data received,

  QMReceiverConfig *rxConf = [[QMReceiverConfig alloc] initWithKey:_selectedProfile];
  QMFrameReceiver *rx = [[QMFrameReceiver alloc] initWithConfig:rxConf];

   [rx setBlocking:10 withNano:0];
   [rx setReceiveCallback:recv_callback];
   if (rx != nil) {
       NSString *temp = [NSString stringWithFormat:@"%s", [[rx receive] bytes]];
       [rx close];
   }

• My suspect is that while using setBlocking method, After receiving data, memory handling is not proper.

can you please help on this?

Thanks again for your support.

[brian-armstrong]

I haven't had a chance to try any of the code myself, but one thing that looks suspicious here is setting a receive callback and calling receive. I don't think that would cause a crash, but it probably won't give you predictable behavior. If you specify a callback then QMKit assumes you won't call receive yourself.

[chanduthedev]

I removed setReceiveCallback method and tried again, still facing crash issue.

[chanduthedev]

Hi @brian-armstrong I tried using CFRunLoopRun();, in this case there is no crash issue. But when I use setBlocking method, I face crash consistently. Below code may help to find the root cause.

No Crash occurring Code :

` -(IBAction)clickMe:(id)sender { [[AVAudioSession sharedInstance] requestRecordPermission:request_callback];

CFRunLoopRun();
if (rx != nil) {
    [rx close];
}

} `

Crash occurring code:

`

[[AVAudioSession sharedInstance] requestRecordPermission:request_callback];

[rx setBlocking:10 withNano:0];
if (rx != nil) {
    NSData *recvd = [[rx receive] copy];
    NSString *temp = [NSString stringWithFormat:@"%s", [recvd bytes]];
    [rx close];
    NSLog(@"rx value is  %@", temp);
}

`

Thanks in advance.