Rendering pages on multiple threads with one CGPDFDocumentRef can lead to a double free/crash.
| Originator: | steipete | ||
| Number: | rdar://19073954 | Date Originated: | 24-Nov-2014 05:44 PM |
| Status: | Closed | Resolved: | |
| Product: | iOS | Product Version: | iOS 8.1.1 |
| Classification: | Crash/Hang/Data Loss | Reproducible: | Always |
Summary:
Rendering pages on multiple threads with one CGPDFDocumentRef can lead to a double free/crash.
Steps to Reproduce:
Open sample, run it. Observe that is crashes almost instantly. Since this is a timing dependent bug, it might take a bit for you to get it to crash.
Expected Results:
CGPDF promises thread safe usage. Should not crash when accessing on multiple threads.
Actual Results:
Crash. Looks like a double free in the CMap parser.
A common output is this:
2014-11-24 17:21:25.021 ThreadRenderingSample[85940:3983383] Creating document
2014-11-24 17:21:25.030 ThreadRenderingSample[85940:3983590] Spawning block …
ThreadRenderingSample(85940,0x1104ec000) malloc: *** error for object 0x7f9281e199b0: pointer being freed was not allocated
*** set a breakpoint in malloc_error_break to debug
ThreadRenderingSample(85940,0x1105f2000) malloc: *** error for object 0xdfffffffc: pointer being freed was not allocated
*** set a breakpoint in malloc_error_break to debug
With a crash in:
* thread #4: tid = 0x3cc8e5, 0x0000000104c10282 libsystem_kernel.dylib`__pthread_kill + 10, queue = 'render-queue', stop reason = signal SIGABRT
frame #2: 0x00000001049a019a libsystem_sim_c.dylib`abort + 129
frame #3: 0x0000000104ae5553 libsystem_malloc.dylib`free + 428
frame #4: 0x00000001025b24f5 CoreGraphics`load_font + 138
frame #5: 0x00000001025b26b7 CoreGraphics`CGPDFFontGetMutator + 33
frame #6: 0x00000001025b56df CoreGraphics`draw_glyphs + 557
frame #7: 0x000000010256bc44 CoreGraphics`cid_draw + 465
frame #8: 0x000000010256ba3c CoreGraphics`CGPDFTextLayoutDrawGlyphs + 81
frame #9: 0x0000000102593078 CoreGraphics`op_TJ + 68
https://gist.github.com/steipete/fa785aac824b9d8ba548
Regression:
This example runs fine in iOS 7.1.2. The crash first appeared in iOS 8.0.
Notes:
We’re using the PDF renderer heavily in PSPDFKit and had to disable multi-threaded rendering in iOS 8 because of this issue.
This of course led to reduced performance so we’re very interested in a fix.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!
Fixed in iOS 9 confirmed.
Update: This is not fixed yet they closed the radar with following response:
Apple Developer Relations07-Dec-2015 05:36 PM
There are no plans to address this.
We are now closing this report.
If you have questions about the resolution, or if this is still a critical issue for you, then please update your bug report with that information.
Please be sure to regularly check new Apple releases for any updates that might affect this issue.
Fixed in iOS 9 and some future Mac update (10.10.4?)
Cannot attach example publicly since the PDF inside is proprietary.