EXC_BAD_ACCESS randomly after the app launches

[CraigSiemens]

We've been seeing some crashes come in from TrustKit.

We're using the latest version of TrustKit. So far we've seen in iOS 13.4.1, 14.4.1, 14.4.2, and 14.5. It seems to only happen shortly after the app launches so it might be caused by the first network request. All the crashes we've gotten have been within the first 5-10 seconds of the app being launched.

The exception is

EXC_BAD_ACCESS
containsObject: > hashSubjectPublicKeyInfoFromCertificate: > 
Attempted to dereference garbage pointer 0x20.

And here's the related part of the stack trace

0   libobjc.A.dylib                 0x348153c90         objc_retain
1   CoreFoundation                  0x31f9578f0         __NSSingleObjectArrayI_new
2   Security                        0x32da65278         SecTrustCreateWithCertificates
3   TrustKit                        0x1068c0710         -[TSKSPKIHashCache copyPublicKeyFromCertificate:] (TSKSPKIHashCache.m:260)
4   TrustKit                        0x1068bfd50         -[TSKSPKIHashCache hashSubjectPublicKeyInfoFromCertificate:] (TSKSPKIHashCache.m:175)
5   TrustKit                        0x1068bf9f0         verifyPublicKeyPin (ssl_pin_verifier.m:71)
6   TrustKit                        0x1068c6d10         -[TSKPinningValidator evaluateTrust:forHostname:] (TSKPinningValidator.m:126)
7   TrustKit                        0x1068c70e0         -[TSKPinningValidator handleChallenge:completionHandler:] (TSKPinningValidator.m:202)

[nabla-c0d3]

Hello and thanks for the bug report. It could be due to unsupported certificates/algorithms that these users are seeing on the network (because of some kind of network device/router).

When we get to https://github.com/datatheorem/TrustKit/issues/236 , it would probably fix this crash (but the app still wouldn't work if the certificates are unsupported).