[Bug] Crash During XML Parsing in Release Build

[lorenzo-appload]

Describe the bug

We are encountering a crash when parsing an OPDS feed using Fuzi.XMLDocument in the release version of our iOS app. The crash does not occur in debug builds and seems to be related to memory management when passing an UnsafeBufferPointer to the XML parser. After enabling Malloc Scribble, we confirmed that the issue is likely caused by a use-after-free or memory corruption during XML parsing. The stack trace indicates that the crash happens in XMLDocument.__allocating_init(cChars:), which is using UnsafeBufferPointer. The error thrown is EXC_BAD_ACCESS, suggesting that the buffer is either deallocated too early or there is an out-of-bounds access.

Expected Behavior: The XML should be parsed without causing any memory access violations. Actual Behavior: The app crashes with EXC_BAD_ACCESS when the UnsafeBufferPointer is passed to XMLDocument.

Potential Cause: There seems to be an issue with memory management, possibly a use-after-free or buffer overflow. The problem may be related to compiler optimizations in the release build, as it does not occur in debug builds.

How to reproduce?

Run the app in release mode. Trigger XML parsing by loading an OPDS feed or publication. The crash occurs at the point where XMLDocument is initialized with the UnsafeBufferPointer.

Readium version

2.7.3

OS version

16.7.10

Testing device

iPhone 8

Environment

Readium version: 2.7.3
Fuzi version: 3.1.3
Device: iPhone 8 
Xcode version: 16.0
iOS version: iOS 16.7.10

Additional context

The problem occurs specifically with large XML data (over 30,000+ characters), and it only affects the release build. We have tried using Guard Malloc and static analyzers to track the issue, but it appears to be deep within the buffer handling process. Would appreciate any insight or suggestions on how to safely manage the buffer or prevent the crash.

[tnorbert]

I have the same issue. One thing that I observed is that all the crash seemingly happens in iOS versions below 18. I cannot reproduce the crash in 18, at least on my device.

[tnorbert]

@lorenzo-appload Okay, I got a temporary solution. We needed a quick fix due to the crashes in production. So, The first step is to make sure to use 2.7.3. The second, to use Xcode 15.4 for building the application. Unfortunately, by default, the newest macOS doesn't support xcode 15 BUT if you download the installer and open the package in Finder, you can actually start xcode 15 from the MacOS folder. By our quick testing, the crashes disappeard.

[mickael-menu]

Do you have a test publication or feed that I could use to reproduce the issue? I couldn't so far.

[mickael-menu]

I found this alternative XML parser with XPath support which is still actively maintained: https://github.com/tid-kijyun/Kanna

[tnorbert]

In our case, the app crashed even when opening a test epub you suggested in one of your comments, the "childrens-literature.epub". As a summary

• We were building with Xcode 16, targeting ios 15
• All the devices run either ios 16 or ios 17 (ios 18 did not crash)
• All of them were running from TestFlight (Release build). Debug builds did not crash, it makes it hard to reproduce and debug
• In rare cases, opening the book did not cause crash but it crashed in 9/10 times.
• The project is an older UIKit application but was maintained continuously.