UITextView crashes on a combination of Unicode characters

Originator:jbernal
Number:rdar://15459068 Date Originated:13-Nov-2013 05:24 PM
Status:Open Resolved:
Product:iOS SDK Product Version:7.0.3
Classification:Crash Reproducible:Always
 
Summary:
When you call -[UITextView setText:] with certain combinations of Arabic/Indic characters it crashes.

(lldb) bt
* thread #1: tid = 0x20ef2, 0x3641c704 UIFoundation`-[NSATSLineFragment saveWithGlyphOrigin:] + 3476, queue = 'com.apple.main-thread, stop reason = EXC_BAD_ACCESS (code=1, address=0x3f18953c)
    frame #0: 0x3641c704 UIFoundation`-[NSATSLineFragment saveWithGlyphOrigin:] + 3476
    frame #1: 0x364130a6 UIFoundation`-[NSATSTypesetter _layoutLineFragmentStartingWithGlyphAtIndex:characterIndex:atPoint:renderingContext:] + 4170
    frame #2: 0x364139b2 UIFoundation`-[NSATSTypesetter layoutParagraphAtPoint:] + 158
    frame #3: 0x3645fe00 UIFoundation`-[NSTypesetter _layoutGlyphsInLayoutManager:startingAtGlyphIndex:maxNumberOfLineFragments:maxCharacterIndex:nextGlyphIndex:nextCharacterIndex:] + 3564
    frame #4: 0x36460d4c UIFoundation`-[NSTypesetter layoutCharactersInRange:forLayoutManager:maximumNumberOfLineFragments:] + 212
    frame #5: 0x36414310 UIFoundation`-[NSATSTypesetter layoutCharactersInRange:forLayoutManager:maximumNumberOfLineFragments:] + 540
    frame #6: 0x36402c02 UIFoundation`-[NSLayoutManager(NSPrivate) _fillLayoutHoleForCharacterRange:desiredNumberOfLines:isSoft:] + 1138
    frame #7: 0x36408416 UIFoundation`_NSFastFillAllLayoutHolesForGlyphRange + 1214
    frame #8: 0x364069aa UIFoundation`-[NSLayoutManager(NSPrivate) _rectArrayForRange:withinSelectionRange:rangeIsCharRange:singleRectOnly:fullLineRectsOnly:inTextContainer:rectCount:rangeWithinContainer:glyphsDrawOutsideLines:rectArray:rectArrayCapacity:] + 650
    frame #9: 0x36408aa4 UIFoundation`-[NSLayoutManager(NSPrivate) _rectArrayForRange:withinSelectionRange:rangeIsCharRange:singleRectOnly:fullLineRectsOnly:inTextContainer:rectCount:rangeWithinContainer:glyphsDrawOutsideLines:] + 84
    frame #10: 0x36435858 UIFoundation`-[NSLayoutManager rectArrayForCharacterRange:withinSelectedCharacterRange:inTextContainer:rectCount:] + 60
    frame #11: 0x313cd078 UIKit`-[_UITextContainerView updateInsertionPointStateAndRestartTimer:] + 244
    frame #12: 0x3640c35a UIFoundation`-[NSLayoutManager(NSPrivate) _invalidateLayoutForExtendedCharacterRange:isSoft:invalidateUsage:] + 1966
    frame #13: 0x3640c3ce UIFoundation`-[NSLayoutManager(NSPrivate) _invalidateLayoutForExtendedCharacterRange:isSoft:] + 30
    frame #14: 0x364325b2 UIFoundation`-[NSLayoutManager textStorage:edited:range:changeInLength:invalidatedRange:] + 210
    frame #15: 0x36432758 UIFoundation`-[NSLayoutManager processEditingForTextStorage:edited:range:changeInLength:invalidatedRange:] + 52
    frame #16: 0x3645378a UIFoundation`-[NSTextStorage _notifyEdited:range:changeInLength:invalidatedRange:] + 122
    frame #17: 0x3645331e UIFoundation`-[NSTextStorage processEditing] + 422
    frame #18: 0x36452f0c UIFoundation`-[NSTextStorage endEditing] + 80
    frame #19: 0x313cf05c UIKit`-[UITextView setAttributedText:] + 252
    frame #20: 0x313cef4a UIKit`-[UITextView setText:] + 134

Steps to Reproduce:
I haven't pinpointed the exact combination, but I've reduced it to a 935 character string that crashes always. Run the included sample project

Expected Results:


Actual Results:


Version:
7.0.3

Notes:


Configuration:
Crashes on iPad, iPhone and simulator

Attachments:
https://cloudup.com/c9P9Mw4qTdm

Comments

@JBernal possibly seeing the same issue, but unable to get the suspect text. It looks like the original attachment has expired; are you able to re-upload the sample? Thanks!

By jsalvador at May 5, 2020, 11:57 p.m. (reply...)

Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!