Crash in `FLEXNetworkRecorder`
hzh137940556 opened this issue · comments
Environment
- Platform+version: iOS 13
- FLEX version: 4.6.1
Bug Report
| 0 | libobjc.A.dylib | _objc_retain |
|---|---|---|
| 1 | CoreFoundation | _cow_copy_storage |
| 2 | CoreFoundation | _cow_mutate_slow |
| 3 | CoreFoundation | -[__NSArrayM insertObject:atIndex:] |
| 4 | FLEX | __85-[FLEXNetworkRecorder recordRequestWillBeSentWithRequestID:request:redirectResponse:]_block_invoke |
| 5 | libdispatch.dylib | _dispatch_call_block_and_release |
| 6 | libdispatch.dylib | _dispatch_client_callout |
| 7 | libdispatch.dylib | _dispatch_lane_serial_drain |
| 8 | libdispatch.dylib | _dispatch_lane_invoke |
| 9 | libdispatch.dylib | _dispatch_workloop_worker_thread |
| 10 | libsystem_pthread.dylib | _pthread_wqthread |
| 11 | libsystem_pthread.dylib | _start_wqthread |
@NSExceptional help fix it, thanks
App(3531,0x16b30f000) malloc: *** error for object 0x11d13a800: pointer being freed was not allocated
App(3531,0x16b30f000) malloc: *** set a breakpoint in malloc_error_break to debug
may be fix it,
but I do not have permission to submit PR
I think @matrush fixed this with #593! Reopen this issue if it persists with the new version (which I have not released yet)
The funny thing is I think he reports 2 issues that I'm trying to fix with #593 and #592. His screenshots are basically what I did in #593 but the original reported issue was what I'm trying to fix with #592.
Okay, I suspect I know what is happening…
We are fetching a copy of orderedHTTPTransactions here:
FLEX/Classes/Network/FLEXNetworkMITMViewController.m
Lines 65 to 67 in 6c21395
but I suspect foundation is not actually giving us a copy yet. Hence the "cow" in the stack traces which stands for "copy on write". I think we are being given the same array (well, not the object, but I think each of the array objects has the same backing storage) and it is copying itself later when it gets mutated. This data source is what populates the
allTransactions property in the screenshot above.
So, until one thread mutates the array, they are both actually pointing to the same array.
Now, why is this causing a crash? I have no idea O_o
I swore I saw an article about this years ago but I can't find it.
Anyway we may be able to fix this by making HTTPTransactions return self.orderedHTTPTransactions.mutableCopy.copy or something
🤞🏻