Titanium

[TIMOB-991] Crash on startup in iPhone OS 4.0

GitHub Issuen/a
TypeBug
PriorityMedium
StatusClosed
ResolutionFixed
Resolution Date2011-04-17T01:54:54.000+0000
Affected Version/sn/a
Fix Version/sRelease 1.4.0
ComponentsiOS
Labelsios, iphone, mobile
ReporterBlain Hamon
AssigneeReggie Seagraves
Created2011-04-15T02:40:53.000+0000
Updated2011-04-17T01:54:54.000+0000

Description

When running any Titanium 0.9+ app in 4.0, the app crashes on start. Jeff and I tracked it down to inside TiJSCore, namely calling vm_map returns a mapped area in 3.x, but returns 4 (Invalid parameters) with address 0. TiJSCore next tries to dereference the 0 address, crashing.

In some situations, building for 4.0 works but then it crashes on 3.x. We may need to compare the arguments generated in each case, and dynamically try (Or try multiple times) to get the memory to stop the crasher.

Attachments

FileDateSize
archive.zip2011-04-15T02:40:56.000+000011950081

Comments

  1. Blain Hamon 2011-04-15

    The plot thickens. Why does this one project have vm_map fail and succeed in the same run? (Built in b2)

  2. Blain Hamon 2011-04-15

    Words fail me. When building for 4.0b4 or 3.2, running on a 3.1.3 device:

       void foo(vm_address_t *unused)
   {
       vm_address_t resultaddress = 0;
       vm_address_t *address = &resultaddress;
       kern_return_t result;
   
       printf("We're calling vm_map(0x%X (0x%X))\n",(unsigned int)address,*address);
       result = vm_map(current_task(),address,BLOCK_SIZE,BLOCK_OFFSET_MASK,VM_FLAGS_ANYWHERE | VM_MAKE_TAG(63),MEMORY_OBJECT_NULL,0,FALSE,VM_PROT_DEFAULT,VM_PROT_DEFAULT,VM_INHERIT_DEFAULT);
       printf("vm_map2 function was 0x%X. Result was 0x%X, Address is 0x%X\n",(unsigned int)vm_map,result,*address);
   }

    foo(NULL); will succeed. {vm_address_t resultaddress = 0; foo(&resultaddress);} will fail.

    You read that right. A nonzero value in an unused variable will cause an error in a called function. I spent several minutes saying, "What?!"

    For 3.2 or 4.0b4 on a 4.0b4 device, the unused variable has no effect, as what should happen.

    This does not explain why there is a failure for 4.0 against the old 3.1-era TiJSCore code, but we at least have a workaround, and we can safely build tiJSCore with 3.2 as the base SDK, and it should be backwards and forwards compatible.

  3. Blain Hamon 2011-04-15

    Fix implemented in TiJSCore.

JSON Source