fishhook crash on launch in perform_rebinding_with_section
lilyball opened this issue · comments
We've been seeing our app intermittently crash on launch when trying to run unit tests in CI. I don't know why it only crashes sometimes, but the latest crash is occurring inside of FLEX's perform_rebinding_with_section function as a null pointer dereference.
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 org.cocoapods.FLEX 0x000000011509deb2 perform_rebinding_with_section + 274 (flex_fishhook.c:130)
Full backtrace:
Exception Type: EXC_CRASH (SIGKILL)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: Namespace SPRINGBOARD, Code 0x8badf00d
Application Specific Information:
CoreSimulator 732.17 - Device: iPhone 8 (830B3EAB-16D5-4D6D-86CF-A5B31AADC0C9) - Runtime: iOS 13.4 (17E255) - DeviceType: iPhone 8
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 org.cocoapods.FLEX 0x000000011509deb2 perform_rebinding_with_section + 274 (flex_fishhook.c:130)
1 org.cocoapods.FLEX 0x000000011509dbf7 rebind_symbols_for_image + 1095 (flex_fishhook.c:244)
2 org.cocoapods.FLEX 0x000000011509dd98 _rebind_symbols_for_image + 56 (flex_fishhook.c:252)
3 dyld_sim 0x0000000111219be3 dyld::registerAddCallback(void (*)(mach_header const*, long)) + 257
4 libdyld.dylib 0x00000001287ab9cb _dyld_register_func_for_add_image + 87
5 org.cocoapods.FLEX 0x000000011509dce6 rebind_symbols + 150 (flex_fishhook.c:282)
6 org.cocoapods.FLEX 0x000000011517c57c +[FLEXSystemLogViewController load] + 188 (FLEXSystemLogViewController.m:58)
7 libobjc.A.dylib 0x000000011d5ca477 load_images + 1386
8 dyld_sim 0x0000000111217e34 dyld::notifySingle(dyld_image_states, ImageLoader const*, ImageLoader::InitializerTimingList*) + 418
9 dyld_sim 0x0000000111225856 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 438
10 dyld_sim 0x00000001112257d5 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 309
11 dyld_sim 0x0000000111223d2c ImageLoader::processInitializers(ImageLoader::LinkContext const&, unsigned int, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 188
12 dyld_sim 0x0000000111223dcc ImageLoader::runInitializers(ImageLoader::LinkContext const&, ImageLoader::InitializerTimingList&) + 82
13 dyld_sim 0x000000011121b258 dyld::runInitializers(ImageLoader*) + 82
14 dyld_sim 0x000000011121f56a dlopen_internal + 909
15 libdyld.dylib 0x00000001287abe48 dlopen + 171
16 com.apple.CoreFoundation 0x0000000126e2e1f7 _CFBundleDlfcnLoadBundle + 151
17 com.apple.CoreFoundation 0x0000000126cfbe92 _CFBundleLoadExecutableAndReturnError + 274
18 com.apple.Foundation 0x00000001153d80af -[NSBundle loadAndReturnError:] + 356
19 libXCTestBundleInject.dylib 0x00000001112bf519 __XCTestBundleInject + 721
20 dyld_sim 0x000000011122a6d9 ImageLoaderMachO::doModInitFunctions(ImageLoader::LinkContext const&) + 513
21 dyld_sim 0x000000011122aace ImageLoaderMachO::doInitialization(ImageLoader::LinkContext const&) + 40
22 dyld_sim 0x0000000111225868 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 456
23 dyld_sim 0x0000000111223d2c ImageLoader::processInitializers(ImageLoader::LinkContext const&, unsigned int, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 188
24 dyld_sim 0x0000000111223dcc ImageLoader::runInitializers(ImageLoader::LinkContext const&, ImageLoader::InitializerTimingList&) + 82
25 dyld_sim 0x000000011121822a dyld::initializeMainExecutable() + 129
26 dyld_sim 0x000000011121c1bb dyld::_main(macho_header const*, unsigned long, int, char const**, char const**, char const**, unsigned long*) + 3662
27 dyld_sim 0x00000001112171cd start_sim + 122
28 dyld 0x000000011d71385c dyld::useSimulatorDyld(int, macho_header const*, char const*, int, char const**, char const**, char const**, unsigned long*, unsigned long*) + 2308
29 dyld 0x000000011d7114f4 dyld::_main(macho_header const*, unsigned long, int, char const**, char const**, char const**, unsigned long*) + 837
30 dyld 0x000000011d70c227 dyldbootstrap::start(dyld3::MachOLoaded const*, int, char const**, dyld3::MachOLoaded const*, unsigned long*) + 453
31 dyld 0x000000011d70c025 _dyld_start + 37
This is with FLEX v4.0.0, but I took a look and the only difference in flex_fishhook.c between 4.0.0 and 4.1.1 is namespacing of the functions.
The crashing line
FLEX/Classes/Utility/Runtime/flex_fishhook.c
Line 130 in 23c7cfb
is dereferencing a pointer that's supposed to be the indirect symbols but apparently must be NULL.
What's weird is this crash only occurs occasionally, but looking at the code, this is expected to run against all loaded images every time, so it shouldn't be an issue of ordering of loads (besides which, the order of loads should presumably be deterministic). I'm really not sure what's going on here, but it might be a good idea to add some error checking in here.
That is weird. I wonder if it has to do with XCTest.
I'll have a fix for this in the next update.
@lilyball are you sure it was a NULL pointer and not just garbage or an otherwise unreadable value? I'm looking at the rest of the code, and there would have to be quite a few things that would have to be null first for this value to be null, which would be peculiar…
If you can somewhat reliably reproduce this, an example project would be so helpful!
I looked at this some more and it turns out I have some crash logs that show very similar behavior except the crash is occurring entirely in dyld without FLEX involved. I think something is indeed seriously wrong on an intermittent basis with the image information. I'm going to close this out now as it seems like it's likely not FLEX's fault.