search

MailCore / mailcore2

MailCore 2 provide a simple and asynchronous API to work with e-mail protocols IMAP, POP and SMTP. The API has been redesigned from ground up.
Other
2.6k stars 624 forks source link

Crash when using a Scheme with Guard Malloc enabled. #376

Closed ghost closed 10 years ago

ghost commented 11 years ago

Crash when a MailCore2 application is doing a checkingAccountOperation. The crash happens only when the scheme used to debug the app using the "Enable Guard Malloc" diagnostic option is enabled.

Code:

self.imapSession = [[MCOIMAPSession alloc] init];
self.imapSession.hostname = @"imap.yahoo.com"; // needs to be invalid for the bug to show up. "imap.mail.yahoo.com" will not lead to a crash
self.imapSession.port = 993;
self.imapSession.username = @"someobdy@yahoo.com";
self.imapSession.password = @"clever_password";
self.imapSession.connectionType = MCOConnectionTypeTLS;

self.imapCheckOp = [self.imapSession checkAccountOperation];
[self.imapCheckOp start:^(NSError *error) {
    NSLog(@"finished checking account.");
    if (error == nil) {
    } else {
        NSLog(@"error loading account: %@", error);
    }
}];

Here is the backtrace for the crash:

* thread #4: tid = 0x2303, 0x023a79d3 libsystem_sim_network.dylib`tcp_connection_host_resolve_result + 1972, stop reason = EXC_BAD_ACCESS (code=1, address=0x161ebfd8)
    frame #0: 0x023a79d3 libsystem_sim_network.dylib`tcp_connection_host_resolve_result + 1972
    frame #1: 0x02340a67 libsystem_sim_dnssd.dylib`handle_addrinfo_response + 512
    frame #2: 0x0233ed87 libsystem_sim_dnssd.dylib`DNSServiceProcessResult + 668
    frame #3: 0x0234205f libsystem_sim_dnssd.dylib`__DNSServiceSetDispatchQueue_block_invoke_0 + 20
    frame #4: 0x0227d014 libdispatch.dylib`_dispatch_client_callout + 14
    frame #5: 0x022748b7 libdispatch.dylib`_dispatch_source_latch_and_call + 219
    frame #6: 0x02270405 libdispatch.dylib`_dispatch_source_invoke + 322
    frame #7: 0x0226d3ab libdispatch.dylib`_dispatch_queue_drain + 130
    frame #8: 0x0226d2a6 libdispatch.dylib`_dispatch_queue_invoke + 59
    frame #9: 0x0226e280 libdispatch.dylib`_dispatch_root_queue_drain + 231
    frame #10: 0x0226e450 libdispatch.dylib`_dispatch_worker_thread2 + 39
    frame #11: 0x02546e72 libsystem_c.dylib`_pthread_wqthread + 441

If this is helpful, I can send a sample project to reproduce the problem.

CodaFi commented 11 years ago

This looks to be a bug in libSim (a networking library), as none of the frames are from MailCore. Can you show a more detailed stack trace?

ghost commented 11 years ago

I forgot to mention that this happens in the simulator. I haven't tested it on a physical device yet. Might be a problem in MailCore2 or LibEtPan or the simulator libraries themselves.

It's really easy to reproduce: just add the code above to a new Mailcore project in the

Make sure the Guard Malloc is enabled (Product > Edit Scheme, Diagnostics tab). 

(lldb) bt
* thread #4: tid = 0x2303, 0x023a79d3 libsystem_sim_network.dylib`tcp_connection_host_resolve_result + 1972, stop reason = EXC_BAD_ACCESS (code=1, address=0x161c9fd8)
    frame #0: 0x023a79d3 libsystem_sim_network.dylib`tcp_connection_host_resolve_result + 1972
    frame #1: 0x02340a67 libsystem_sim_dnssd.dylib`handle_addrinfo_response + 512
    frame #2: 0x0233ed87 libsystem_sim_dnssd.dylib`DNSServiceProcessResult + 668
    frame #3: 0x0234205f libsystem_sim_dnssd.dylib`__DNSServiceSetDispatchQueue_block_invoke_0 + 20
    frame #4: 0x0227d014 libdispatch.dylib`_dispatch_client_callout + 14
    frame #5: 0x022748b7 libdispatch.dylib`_dispatch_source_latch_and_call + 219
    frame #6: 0x02270405 libdispatch.dylib`_dispatch_source_invoke + 322
    frame #7: 0x0226d3ab libdispatch.dylib`_dispatch_queue_drain + 130
    frame #8: 0x0226d2a6 libdispatch.dylib`_dispatch_queue_invoke + 59
    frame #9: 0x0226e280 libdispatch.dylib`_dispatch_root_queue_drain + 231
    frame #10: 0x0226e450 libdispatch.dylib`_dispatch_worker_thread2 + 39
    frame #11: 0x02546e72 libsystem_c.dylib`_pthread_wqthread + 441
(lldb) bt
* thread #6: tid = 0x2503, 0x026877d2 libsystem_kernel.dylib`mach_msg_trap + 10
    frame #0: 0x026877d2 libsystem_kernel.dylib`mach_msg_trap + 10
    frame #1: 0x02686cb0 libsystem_kernel.dylib`mach_msg + 68
    frame #2: 0x027a5a49 CoreFoundation`__CFRunLoopServiceMachPort + 185
    frame #3: 0x027aa8d4 CoreFoundation`__CFRunLoopRun + 1380
    frame #4: 0x027a9f44 CoreFoundation`CFRunLoopRunSpecific + 276
    frame #5: 0x027a9e1b CoreFoundation`CFRunLoopRunInMode + 123
    frame #6: 0x000b3ba7 MailCoreBug`wait_runloop(s=0x16007fe0, wait_state=1) + 671 at mailstream_cfstream.c:765
    frame #7: 0x000b3388 MailCoreBug`mailstream_low_cfstream_open_voip_timeout [inlined] low_open(s=0x16007fe0) + 36 at mailstream_cfstream.c:870
    frame #8: 0x000b3364 MailCoreBug`mailstream_low_cfstream_open_voip_timeout(hostname=0x15d78ff0, port=993, voip_enabled=-1339683528, timeout=30) + 391 at mailstream_cfstream.c:506
    frame #9: 0x000b3166 MailCoreBug`mailstream_cfstream_open_voip_timeout(hostname=0x15d78ff0, port=993, voip_enabled=1, timeout=30) + 32 at mailstream_cfstream.c:209
    frame #10: 0x00075176 MailCoreBug`mailimap_ssl_connect_voip_with_callback [inlined] mailimap_cfssl_connect_voip_ssl_level(ssl_level=2) + 26 at mailimap_ssl.c:123
    frame #11: 0x0007515c MailCoreBug`mailimap_ssl_connect_voip_with_callback [inlined] mailimap_cfssl_connect_voip(, server=0x15d78ff0) at mailimap_ssl.c:140
    frame #12: 0x0007515c MailCoreBug`mailimap_ssl_connect_voip_with_callback(f=0x15d42f90, server=0x15d78ff0) + 46 at mailimap_ssl.c:77
    frame #13: 0x000752d6 MailCoreBug`mailimap_ssl_connect_voip(f=0x15d42f90, server=0x15d78ff0, port=993, voip_enabled=1) + 55 at mailimap_ssl.c:114
    frame #14: 0x0040d3c9 MailCoreBug`mailcore::IMAPSession::connect(this=0x15aeff10, pError=0xb0260e9c) + 761 at MCIMAPSession.cc:591
    frame #15: 0x0040dec7 MailCoreBug`mailcore::IMAPSession::connectIfNeeded(this=0x15aeff10, pError=0xb0260e9c) + 103 at MCIMAPSession.cc:664
    frame #16: 0x004258a0 MailCoreBug`mailcore::IMAPCheckAccountOperation::main(this=0x15b57f80) + 64 at MCIMAPCheckAccountOperation.cc:19
    frame #17: 0x00405797 MailCoreBug`mailcore::OperationQueue::runOperations(this=0x15afdf70) + 631 at MCOperationQueue.cc:89
    frame #18: 0x00405517 MailCoreBug`mailcore::OperationQueue::runOperationsOnThread(queue=0x15afdf70) + 23 at MCOperationQueue.cc:51
    frame #19: 0x025445b7 libsystem_c.dylib`_pthread_start + 344
(lldb)
dinhvh commented 11 years ago

How does it behave without GuardMalloc? I think @CodaFi is right. It's a glitch either in libSim or in GuardMalloc.

ghost commented 11 years ago

Without GuardMalloc it doesn't crash. It also doesn't crash if the server DNS name is correct. As you know, GuardMalloc triggers this type of crash if code tries to use some freed block of memory. I thought it was worth investigating since it's easy to reproduce.

dinhvh commented 10 years ago

Closing since it's probably not an issue of mailcore2.