Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SR-9404] KeyPath.appending crashes when appending to an objc variable #51870

Closed
swift-ci opened this issue Dec 3, 2018 · 4 comments
Closed

[SR-9404] KeyPath.appending crashes when appending to an objc variable #51870

swift-ci opened this issue Dec 3, 2018 · 4 comments
Assignees
@mikeash
Labels
bug Runtime RunTimeCrash Standard Library

Comments

@swift-ci
Copy link
Collaborator

@swift-ci swift-ci commented Dec 3, 2018

Previous ID SR-9404
Radar rdar://problem/46457346
Original Reporter benpious (JIRA User)
Type Bug
Status Resolved
Resolution Done

Attachment: Download

Environment

Swift 4.2 or 4.0 in Xcode 10.0.0.10A255

Additional Detail from JIRA
Votes 0
Component/s Standard Library
Labels Bug, RunTimeCrash, Runtime
Assignee @mikeash
Priority Medium

md5: 8bd28f6fa907ba484f6bdae411fe2915

Issue Description:

The code snippet below crashes if you run it a few times on the iPhone XS simulator. I've also attached a sample project demonstrating the issue.

Changing the name of the var with the ``s in it can cause the crash to occur more or less often. I'm not actually sure if the `` is directly responsible, but since it seems to have a special significance in name mangling, I assume that the objc selector is name-mangled, and the code for `appending` seems to be doing some kind of manipulation of the selector name I'm guessing it's related.

The crash is usually similar to what's reproduced below:

KeyPathTest(97433,0x700004484000) malloc: Heap corruption detected, free list is damaged at 0x60000006eb50
*** Incorrect guard value: 34080200846080
KeyPathTest(97433,0x700004484000) malloc: *** set a breakpoint in malloc_error_break to debug
import UIKit

func test() {
    // In my real app, it usually breaks immediately on the first run,
    // but in the sample app I had to run the code several times before it would crash.
    for _ in 0..<1000 {
        print((\Theme.snek_lll_ll).appending(path: \ColorSplash.camelCaseVar))
        
    }
}

@objc
public protocol Theme: AnyObject {
    
    var snek_lll_ll: ColorSplash { get }
    
}

public class ColorSplash: NSObject {
    
    @objc
    public var camelCaseVar: UIColor {
        return .white
    }
    
}
@belkadan
Copy link
Contributor

@belkadan belkadan commented Dec 4, 2018

@jckarter, @DougGregor?

@jckarter
Copy link
Member

@jckarter jckarter commented Dec 4, 2018

The "_" seems like a red herring to me. It might be some faulty pointer manipulation when we concatenate the KVC strings that coincidentally only occurs for certain string lengths or something. All the operation does is paste the KVC strings together with a "." in between.

@mikeash
Copy link
Contributor

@mikeash mikeash commented Dec 4, 2018

PR: #21008

Turns out it was the classic mistake of not accounting for the terminating NUL when allocating space for a C string.

@mikeash
Copy link
Contributor

@mikeash mikeash commented Dec 5, 2018

All good now. Thanks a bunch for the excellent bug report.

@swift-ci swift-ci transferred this issue from apple/swift-issues Apr 25, 2022
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mikeash mikeash

Labels
bug Runtime RunTimeCrash Standard Library
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jckarter @mikeash @belkadan @swift-ci