[BUG] -[BUSize release]: message sent to deallocated

Describe the bug | 问题描述

反射调用原生模版信息流广告Crash
Environmental information | 环境信息

SDK version: | SDK 版本： 3.5.0.4
Date and time: | 日期与时间： 2020-01-01 21:00
Device model: | 设备型号：模拟器，iPhone SE 1
iOS version: | iOS 版本： 14.1
To Reproduce | 如何复现

参考示例 BUDExpressFeedViewController 中使用反射调用原生模版信息流广告时，曝光返回Crash
Backtrace | 相关堆栈

2021-03-31 11:10:27.850305+0800 聚合广告示例[6704:103080103] 【PangleUnion V3.5.0.4】-【BUFoundation】10.1.112.8
2021-03-31 11:10:27.928152+0800 聚合广告示例[6704:103080103] 【PangleUnion V3.5.0.4】-【BUFoundation】【PangleUnion】Add request: BUGetADSRequest
[YSAd][11:10:27.934]<I>[103080103] [YSAdPolyTTNative:417] perf: start:1617160226551 end:1617160227932 cost:1381
2021-03-31 11:10:28.254532+0800 聚合广告示例[6704:103080158] 【PangleUnion V3.5.0.4】-【BUFoundation】Finished Request: BUDynamicTemplateRequest
2021-03-31 11:10:28.260196+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【BUFoundation】Request queue size = 4
2021-03-31 11:10:28.304843+0800 聚合广告示例[6704:103080711] 【PangleUnion V3.5.0.4】-【BUFoundation】Finished Request: BUAdNetworkRequest
2021-03-31 11:10:28.307087+0800 聚合广告示例[6704:103080100] 【PangleUnion V3.5.0.4】-【BUFoundation】Finished Request: BUAdNetworkRequest
2021-03-31 11:10:28.308209+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【BUFoundation】Request queue size = 3
2021-03-31 11:10:28.308788+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【other】logstatusCode==200
2021-03-31 11:10:28.318604+0800 聚合广告示例[6704:103079652] Incorrect NSStringEncoding value 0x8000100 detected. Assuming NSASCIIStringEncoding. Will stop this compatibility mapping behavior in the near future.
2021-03-31 11:10:28.321802+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【BUFoundation】Request queue size = 2
2021-03-31 11:10:28.411575+0800 聚合广告示例[6704:103080711] 【PangleUnion V3.5.0.4】-【BUFoundation】Finished Request: BUTNCRequest
2021-03-31 11:10:28.412700+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【BUFoundation】Request queue size = 1
2021-03-31 11:10:28.624485+0800 聚合广告示例[6704:103080158] 【PangleUnion V3.5.0.4】-【BUFoundation】Finished Request: BUGetADSRequest
2021-03-31 11:10:28.710268+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【BUFoundation】Request queue size = 0
2021-03-31 11:10:28.730220+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【webViewPool】concurrent memory init: renderIndex 1
[YSAd][11:10:28.731]<I>[103079652] [YSAdPolyTTNative:134] nativeExpressAdSuccessToLoad
2021-03-31 11:10:28.812263+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【webViewPool】concurrent op load start: renderIndex: 1
2021-03-31 11:10:28.812734+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【webViewPool】concurrent op will render: renderIndex: 1
2021-03-31 11:10:28.836629+0800 聚合广告示例[6704:103080102] 【PangleUnion V3.5.0.4】-【BUFoundation】【PangleUnion】Add request: BUExtlogRequest
2021-03-31 11:10:28.921270+0800 聚合广告示例[6704:103079652] WF: === Starting WebFilter logging for process 聚合广告示例
2021-03-31 11:10:28.921719+0800 聚合广告示例[6704:103079652] WF: _userSettingsForUser : (null)
2021-03-31 11:10:28.922004+0800 聚合广告示例[6704:103079652] WF: _WebFilterIsActive returning: NO
2021-03-31 11:10:28.952612+0800 聚合广告示例[6704:103080102] 【PangleUnion V3.5.0.4】-【BUFoundation】【PangleUnion】Add request: BUExtlogRequest
[YSAd][11:10:29.209]<I>[103079652] [YSAdPolyTTNative:189] nativeExpressAdViewWillShow
2021-03-31 11:10:29.237031+0800 聚合广告示例[6704:103080100] 【PangleUnion V3.5.0.4】-【BUFoundation】【PangleUnion】Add request: BUExtlogRequest
2021-03-31 11:10:29.434756+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【other】startURLSchemeTask-https://sf3-fe-tos.pglstatp-toutiao.com/obj/ad-pattern/renderer/42a435/index.html
2021-03-31 11:10:29.437514+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【other】isexistData-https://sf3-fe-tos.pglstatp-toutiao.com/obj/ad-pattern/renderer/42a435/index.html
2021-03-31 11:10:29.467688+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【other】startURLSchemeTask-https://sf3-fe-tos.pglstatp-toutiao.com/obj/ad-pattern/renderer/42a435/index.js
2021-03-31 11:10:29.474125+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【other】isexistData-https://sf3-fe-tos.pglstatp-toutiao.com/obj/ad-pattern/renderer/42a435/index.js
2021-03-31 11:10:29.723497+0800 聚合广告示例[6704:103080101] 【PangleUnion V3.5.0.4】-【BUFoundation】【PangleUnion】Add request: BUExtlogRequest
2021-03-31 11:10:29.858319+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【other】startURLSchemeTask-http://sf6-be-pack.pglstatp-toutiao.com/obj/web.business.image/202102055d0d2f55e505cb5443baa2aa
2021-03-31 11:10:29.862668+0800 聚合广告示例[6704:103080716] 【PangleUnion V3.5.0.4】-【other】unexistData-http://sf6-be-pack.pglstatp-toutiao.com/obj/web.business.image/202102055d0d2f55e505cb5443baa2aa
2021-03-31 11:10:29.881708+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【other】startURLSchemeTask-http://sf6-be-pack.pglstatp-toutiao.com/obj/web.business.image/202008195d0dfa951321fe794a5fa481
2021-03-31 11:10:29.884428+0800 聚合广告示例[6704:103080101] 【PangleUnion V3.5.0.4】-【other】unexistData-http://sf6-be-pack.pglstatp-toutiao.com/obj/web.business.image/202008195d0dfa951321fe794a5fa481
2021-03-31 11:10:29.904293+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【other】全链路埋点上报的顺序：render_start->before_webview_request->webview_load_start->webview_jsb_start->webview_jsb_end->webview_load_success->render_success
2021-03-31 11:10:29.908390+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【webViewPool】concurrent op did render: renderIndex:1
[YSAd][11:10:29.907]<I>[103079652] [YSAdPoly:67] respondsToSelector: nativeExpressAdViewRenderSuccess:
[YSAd][11:10:29.908]<I>[103079652] [YSAdPolyTTNative:174] nativeExpressAdViewRenderSuccess
2021-03-31 11:10:29.918656+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【webViewPool】concurrent done: renderIndex: 1
2021-03-31 11:10:29.919154+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【webViewPool】concurrent memory dealloc: renderIndex 1
2021-03-31 11:10:29.926332+0800 聚合广告示例[6704:103080102] 【PangleUnion V3.5.0.4】-【BUFoundation】【PangleUnion】Add request: BUExtlogRequest
2021-03-31 11:10:30.022436+0800 聚合广告示例[6704:103080102] 【PangleUnion V3.5.0.4】-【BUFoundation】【PangleUnion】Add request: BUExtlogRequest
2021-03-31 11:10:30.051135+0800 聚合广告示例[6704:103080102] 【PangleUnion V3.5.0.4】-【BUFoundation】【PangleUnion】Add request: BUExtlogRequest
2021-03-31 11:10:30.369702+0800 聚合广告示例[6704:103080717] 【PangleUnion V3.5.0.4】-【BUFoundation】Finished Request: BUExtlogRequest
2021-03-31 11:10:30.371144+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【BUFoundation】Request queue size = 6
2021-03-31 11:10:30.371669+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【other】logstatusCode==200
2021-03-31 11:10:30.383993+0800 聚合广告示例[6704:103080717] 【PangleUnion V3.5.0.4】-【BUFoundation】Finished Request: BUExtlogRequest
2021-03-31 11:10:30.385114+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【BUFoundation】Request queue size = 5
2021-03-31 11:10:30.386300+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【other】logstatusCode==200
2021-03-31 11:10:30.390747+0800 聚合广告示例[6704:103080717] 【PangleUnion V3.5.0.4】-【BUFoundation】Finished Request: BUExtlogRequest
2021-03-31 11:10:30.392104+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【BUFoundation】Request queue size = 4
2021-03-31 11:10:30.392634+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【other】logstatusCode==200
2021-03-31 11:10:30.414013+0800 聚合广告示例[6704:103080717] 【PangleUnion V3.5.0.4】-【BUFoundation】Finished Request: BUExtlogRequest
2021-03-31 11:10:30.415185+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【BUFoundation】Request queue size = 3
2021-03-31 11:10:30.415669+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【other】logstatusCode==200
2021-03-31 11:10:30.419838+0800 聚合广告示例[6704:103080101] 【PangleUnion V3.5.0.4】-【BUFoundation】Finished Request: BUExtlogRequest
2021-03-31 11:10:30.421303+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【BUFoundation】Request queue size = 2
2021-03-31 11:10:30.422101+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【other】logstatusCode==200
2021-03-31 11:10:30.442794+0800 聚合广告示例[6704:103080717] 【PangleUnion V3.5.0.4】-【BUFoundation】Finished Request: BUExtlogRequest
2021-03-31 11:10:30.446682+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【BUFoundation】Request queue size = 1
2021-03-31 11:10:30.447598+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【other】logstatusCode==200
2021-03-31 11:10:30.447536+0800 聚合广告示例[6704:103080717] 【PangleUnion V3.5.0.4】-【BUFoundation】Finished Request: BUExtlogRequest
2021-03-31 11:10:30.449070+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【BUFoundation】Request queue size = 0
2021-03-31 11:10:30.450501+0800 聚合广告示例[6704:103079652] 【PangleUnion V3.5.0.4】-【other】logstatusCode==200
2021-03-31 11:10:33.570544+0800 聚合广告示例[6704:103079652] *** -[BUSize release]: message sent to deallocated instance 0x60000364a640
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_INSTRUCTION (code=EXC_I386_INVOP, subcode=0x0)
    frame #0: 0x00007fff204a47bf CoreFoundation`___forwarding___.cold.2 + 87
    frame #1: 0x00007fff20425f4a CoreFoundation`___forwarding___ + 1253
    frame #2: 0x00007fff20428068 CoreFoundation`__forwarding_prep_0___ + 120
    frame #3: 0x00000001065dc268 聚合广告示例`-[BUAdSlot .cxx_destruct] + 103
    frame #4: 0x00007fff201770f0 libobjc.A.dylib`object_cxxDestructFromClass(objc_object*, objc_class*) + 83
    frame #5: 0x00007fff20188f11 libobjc.A.dylib`objc_destructInstance + 64
    frame #6: 0x00007fff20430bc7 CoreFoundation`-[NSObject(NSObject) __dealloc_zombie] + 159
    frame #7: 0x00007fff2018f834 libobjc.A.dylib`objc_object::sidetable_release(bool, bool) + 174
    frame #8: 0x00007fff201770f0 libobjc.A.dylib`object_cxxDestructFromClass(objc_object*, objc_class*) + 83
    frame #9: 0x00007fff20188f11 libobjc.A.dylib`objc_destructInstance + 64
    frame #10: 0x00007fff20430bc7 CoreFoundation`-[NSObject(NSObject) __dealloc_zombie] + 159
    frame #11: 0x00007fff2018f834 libobjc.A.dylib`objc_object::sidetable_release(bool, bool) + 174
  * frame #12: 0x00000001065bf7fb 聚合广告示例`-[YSAdPolyTTNative .cxx_destruct](self=0x00006000012c4240, _cmd=<no value available>) at YSAdPolyTTNative.m:31:17
    frame #13: 0x00007fff201770f0 libobjc.A.dylib`object_cxxDestructFromClass(objc_object*, objc_class*) + 83
    frame #14: 0x00007fff20188f11 libobjc.A.dylib`objc_destructInstance + 64
    frame #15: 0x00007fff20430bc7 CoreFoundation`-[NSObject(NSObject) __dealloc_zombie] + 159
    frame #16: 0x00000001065bc8e7 聚合广告示例`-[YSAdPolyTTNative dealloc](self=0x00006000012c4240, _cmd="dealloc") at YSAdPolyTTNative.m:127:1
    frame #17: 0x00007fff2018f834 libobjc.A.dylib`objc_object::sidetable_release(bool, bool) + 174
    frame #18: 0x00000001065a8f0f 聚合广告示例`-[YSAdNative .cxx_destruct](self=0x0000600001d98000, _cmd=<no value available>) at YSAdNative.m:57:17
    frame #19: 0x00007fff201770f0 libobjc.A.dylib`object_cxxDestructFromClass(objc_object*, objc_class*) + 83
    frame #20: 0x00007fff20188f11 libobjc.A.dylib`objc_destructInstance + 64
    frame #21: 0x00007fff20430bc7 CoreFoundation`-[NSObject(NSObject) __dealloc_zombie] + 159
    frame #22: 0x00007fff2018f834 libobjc.A.dylib`objc_object::sidetable_release(bool, bool) + 174
    frame #23: 0x000000010657ea5b 聚合广告示例`-[NativeAdViewController .cxx_destruct](self=0x00007f969bf49000, _cmd=<no value available>) at NativeAdViewController.m:21:17
    frame #24: 0x00007fff201770f0 libobjc.A.dylib`object_cxxDestructFromClass(objc_object*, objc_class*) + 83
    frame #25: 0x00007fff20188f11 libobjc.A.dylib`objc_destructInstance + 64
    frame #26: 0x00007fff20430bc7 CoreFoundation`-[NSObject(NSObject) __dealloc_zombie] + 159
    frame #27: 0x00007fff246ca581 UIKitCore`-[UIResponder dealloc] + 145
    frame #28: 0x00007fff23f5f281 UIKitCore`-[UIViewController dealloc] + 1362
    frame #29: 0x000000010657dd34 聚合广告示例`-[NativeAdViewController dealloc](self=0x00007f969bf49000, _cmd="dealloc") at NativeAdViewController.m:31:1
    frame #30: 0x00007fff2019101b libobjc.A.dylib`AutoreleasePoolPage::releaseUntil(objc_object**) + 175
    frame #31: 0x00007fff20192b8d libobjc.A.dylib`AutoreleasePoolPage::popPageDebug(void*, AutoreleasePoolPage*, objc_object**) + 37
    frame #32: 0x00007fff20430a07 CoreFoundation`_CFAutoreleasePoolPop + 22
    frame #33: 0x00007fff2038f223 CoreFoundation`__CFRunLoopPerCalloutARPEnd + 41
    frame #34: 0x00007fff2038a677 CoreFoundation`__CFRunLoopRun + 2742
    frame #35: 0x00007fff203896d6 CoreFoundation`CFRunLoopRunSpecific + 567
    frame #36: 0x00007fff2c257db3 GraphicsServices`GSEventRunModal + 139
    frame #37: 0x00007fff24696cf7 UIKitCore`-[UIApplication _run] + 912
    frame #38: 0x00007fff2469bba8 UIKitCore`UIApplicationMain + 101
    frame #39: 0x0000000106581a20 聚合广告示例`main(argc=1, argv=0x00007ffee968ac88) at main.m:16:16
    frame #40: 0x00007fff2025a3e9 libdyld.dylib`start + 1
    frame #41: 0x00007fff2025a3e9 libdyld.dylib`start + 1
(lldb)
Additional context | 附言

如果不设置slot1 的 imgSize 则不会crash 注意：通过反射方式调用 NSSelectorFromString 获得BUSize Class 然后NSInvocation 调用 sizeBy SEL 获取的对象通过 NSInvocation setImgSize SEL赋值给 slot1
bytedance / Bytedance-UnionAD

[BUG] -[BUSize release]: message sent to deallocated #133

Describe the bug | 问题描述

Environmental information | 环境信息

To Reproduce | 如何复现

Backtrace | 相关堆栈

Additional context | 附言
