CFNetwork - CFArrayGetCount crash

Question

Created Oct ’22

Replies 4

Boosts 0

Views 1.2k

Participants 2

Hi'

Some of our uses are currently experiencing crashes in our app that are quite hard to solve, since the information from the crash in Xcode (14.0.1) is not very informative:

I'm able to reproduce the crash, which happens with a certain network call we're making. The crash seems to only happen on older devices like iPhone 6, 6S, a few 7s and old iPads. All running iOS versions from 12.x.x to 14.x.x.

The crash happens after the request has been sent and the response seems to be there. But nothing is, from what is visible through Xcode, received at the time of crashing. So my guess is it's due to some processing of the response, right before we can actually deal with the received data.

The called endpoint is to a danish address lookup - if it helps: https://dawa.aws.dk/stednavne2/autocomplete?hovedtype=Bebyggelse&undertype=bydel&q=st&fuzzy

I've tried moving the network call to another project - same crash. I've also tried making the network request with a URLSession data request (normally we use Moya / Alamofire), with the same result.

I've included a crash report.

AeldreSagen-2022-10-25-134628.txt

Can someone help identify the problem?

Boost

Answer 1

DTS Engineer OP

Apple

Oct ’22

You posted a screen shot and a crash report. Unfortunately the crash report is not symbolicated, which makes it hard to offer any insight here. However, the fact that you posted a screen shot suggests that you can reproduce the problem. Is that true?

If so, you should be able to use Xcode to symbolicate your crash report, per the Symbolicate the crash report in Xcode section of Adding Identifiable Symbol Names to a Crash Report. Please do that, and then post the updated report.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

KimNyhuusAdapt OP

Nov ’22

Here you go - does it look correct? :-)

AeldreSagen 07-11-2022, 11.47.crash

AeldreSagen 07-11-2022, 11.47.txt

0

Answer 3

DTS Engineer OP

Apple

Nov ’22

Accepted Answer

Consider this:

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000000

Your app has crashed trying to access nil. Now look at the crashing thread:

Thread 13 Crashed:
0   CoreFoundation    … CFArrayGetCount + 16
1   CFNetwork         … HTTP2Stream::_onqueue_processRawHeaders+ 1451312 () + 56
2   CFNetwork         … HTTP2Stream::_onqueue_endTrailers+ 1452404 () + 24
3   libdispatch.dylib … _dispatch_call_block_and_release + 24
…

If you disassemble CFArrayGetCount, you’ll see that the instruction at offset + 16 is the first time it dereferences the incoming CFArray value. So, the crash is happening because the HTTP/2 implementation in frame 1 has passed nil to CFArrayGetCount.

I had a look at the code for frame 1 and somewhere in the iOS 14.x timeframe (post iOS 14.0 but pre-iOS 15.0) we added an explicit check for that CFArray being nil. This gels with the fact that both of the crash reports you sent me were from iOS 12. And also with this comment in your original post:

All running iOS versions from 12.x.x to 14.x.x.

In summary, this is a bug in the HTTP/2 support in NSURLSession on older versions of iOS. You have a number of options:

Drop support for those older releases.
Tweak your client (or server I guess) to not use HTTP/2 on those older releases.
Use a different HTTP/2 implementation on those older releases.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

1

Answer 4

KimNyhuusAdapt OP

Nov ’22

Thank you so much for looking into this! That was really helpful 🎉

0