HACK: Redefine free() to fix bug in AXRuntime.framework #99

Merged
merged 1 commit into from Jan 15, 2016
Jump to file or symbol
Failed to load files and symbols.
+46 −1
Split
View
@@ -9,16 +9,19 @@ xcodeproj 'WebDriverAgent.xcodeproj'
# UIAutomation Testing
target :WebDriverAgent, :exclusive => true do
+ pod 'fishhook', :git => 'https://github.com/facebook/fishhook.git', :commit => '8dbd09b'
pod 'KissXML'
pod 'RoutingHTTPServer'
end
target :WebDriverAgentLib, :exclusive => true do
+ pod 'fishhook', :git => 'https://github.com/facebook/fishhook.git', :commit => '8dbd09b'
pod 'KissXML'
pod 'RoutingHTTPServer'
end
target :WebDriverAgentLibTests, :exclusive => true do
+ pod 'fishhook', :git => 'https://github.com/facebook/fishhook.git', :commit => '8dbd09b'
pod 'KissXML'
pod 'RoutingHTTPServer'
pod 'OCMock'
@@ -28,11 +31,13 @@ end
# XCT Testing
target :XCTWebDriverAgentLib, :exclusive => true do
+ pod 'fishhook', :git => 'https://github.com/facebook/fishhook.git', :commit => '8dbd09b'
@marekcirkos

marekcirkos Jan 15, 2016

Contributor

Do we needed in XCT as well?

@mmmulani

mmmulani Jan 15, 2016

Contributor

I'm not sure but I think so because we share the same main.m? was more afraid of breaking it to be honest :P

pod 'KissXML'
pod 'RoutingHTTPServer'
end
target :XCTUITestRunner, :exclusive => true do
+ pod 'fishhook', :git => 'https://github.com/facebook/fishhook.git', :commit => '8dbd09b'
pod 'KissXML'
pod 'RoutingHTTPServer'
-end
+end
View
@@ -11,20 +11,33 @@ PODS:
- CocoaLumberjack/Core
- CocoaLumberjack/Extensions (2.0.3):
- CocoaLumberjack/Default
+ - fishhook (0.1)
- KissXML (5.0)
- OCMock (3.2)
- RoutingHTTPServer (1.0.0):
- CocoaHTTPServer (~> 2.3)
DEPENDENCIES:
+ - fishhook (from `https://github.com/facebook/fishhook.git`, commit `8dbd09b`)
- KissXML
- OCMock
- RoutingHTTPServer
+EXTERNAL SOURCES:
+ fishhook:
+ :commit: 8dbd09b
+ :git: https://github.com/facebook/fishhook.git
+
+CHECKOUT OPTIONS:
+ fishhook:
+ :commit: 8dbd09b
+ :git: https://github.com/facebook/fishhook.git
+
SPEC CHECKSUMS:
CocoaAsyncSocket: f5783bdedd232d91b89769bc4b5a1580aed518ad
CocoaHTTPServer: 5624681fc3473d43b18202f635f9b3abb013b530
CocoaLumberjack: f58d8a19629f4d8379ae14bb3534def24161430e
+ fishhook: 6d204de227d0fa80dca600bb3bc15c0d257756b0
KissXML: ce643413d618ad69886d0d43c3792b7dedfe476e
OCMock: 28def049ef47f996b515a8eeea958be7ccab2dbb
RoutingHTTPServer: fab8b13e725f26720500c146d43c98c11ebc4d47
View
@@ -9,8 +9,35 @@
#import <WebDriverAgentLib/FBUIAWebDriverAgent.h>
+#import <dlfcn.h>
+#import <fishhook/fishhook.h>
+
+void my_free(void *ptr);
+static void (*orig_free)(void *);
+
+static void *badFreeCaller;
+
+void my_free(void *ptr) {
+ void *caller = __builtin_return_address(0);
+ if (caller == badFreeCaller) {
+ return;
+ }
+ orig_free(ptr);
+}
+
+
int main(int argc, char *argv[]) {
@autoreleasepool {
+ // This is all one terrible hack to deal with a bug in AXRuntime cfAttributedStringUnserialize() where they attempt
+ // to free a pointer which was not allocated.
+ // From doing pointer arithmetic, at the end of this `badFreeCaller` is set to the exact address of the caller which attempts
+ // this within cfAttributedStringUnserialize.
+ // This issue shows up in Xcode 7.2.
+ rebind_symbols((struct rebinding[1]){{"free", my_free, (void *)&orig_free}}, 1);
+ void *AXRuntimeImage = dlopen("/System/Library/PrivateFrameworks/AXRuntime.framework/AXRuntime", RTLD_NOW);
+ void *knownAddress = dlsym(AXRuntimeImage, "AXUnserializeCFType");
+ badFreeCaller = knownAddress + 0x1F69;
+
[[FBUIAWebDriverAgent sharedAgent] start];
}