iOS 11.X ImageIO crash: CFDataGetBytes: data: 0x1c3445730 size: 5456 offset: 0 count: 8 dst: 0x14e1e183c

Originator:felipekellermann
Number:rdar://35399602 Date Originated:November 7 2017
Status:Closed Resolved:December 28 2017
Product:iOS + SDK Product Version:11.1 (15B93)
Classification:Critical Bug Reproducible:Always
 
Area:
Image I/O

Summary:
The crash affects only our customers using iOS 11.0/11.1. Previous versions (9.3.5 - 10.3.3) using the exact same builds/configs are not affected. This is causing some crashers per day.

Steps to Reproduce:
N/A

See the back trace which is 98 frames deep (full is attached in a TXT because it is too long).

Crashed: com.apple.main-thread
0  libsystem_platform.dylib       0x185ba5bd8 _platform_memmove + 296
1  CoreFoundation                 0x185e76ba0 CFDataGetBytes + 268
2  CoreFoundation                 0x185e76ba0 CFDataGetBytes + 268
3  ImageIO                        0x18801dd88 IIOImageRead::getCFDataBytesAtOffset(void*, unsigned long, unsigned long) + 264
4  ImageIO                        0x18801d8a8 IIOImageRead::getBytesAtOffset(void*, unsigned long, unsigned long) + 348
5  ImageIO                        0x187f3d5f8 IIOImageReadSession::getBytes(void*, unsigned long) + 32
6  ImageIO                        0x187ea961c read_fn(png_struct_def*, unsigned char*, unsigned long) + 44
7  ImageIO                        0x188056798 png_read_sig + 72
8  ImageIO                        0x1880a0494 _cg_png_read_info + 56
9  ImageIO                        0x187ead6e4 PNGReadPlugin::copyImageBlockSet(InfoRec*, CGImageProvider*, CGRect, CGSize, __CFDictionary const*) + 1768
10 ImageIO                        0x187eabb00 PNGReadPlugin::CopyImageBlockSetProc(void*, CGImageProvider*, CGRect, CGSize, __CFDictionary const*) + 192
11 ImageIO                        0x187eb5b74 IIOImageProviderInfo::copyImageBlockSetWithOptions(CGImageProvider*, CGRect, CGSize, __CFDictionary const*) + 632
12 ImageIO                        0x187eb3444 IIOImageProviderInfo::CopyImageBlockSetWithOptions(void*, CGImageProvider*, CGRect, CGSize, __CFDictionary const*) + 596
13 CoreGraphics                   0x1877540d8 CGImageProviderCopyImageBlockSet + 220
14 CoreGraphics                   0x1878c2af0 img_blocks_create + 316
15 CoreGraphics                   0x1878c2e34 img_blocks_extent + 100
16 CoreGraphics                   0x1878c73ec img_interpolate_extent + 152
17 CoreGraphics                   0x1878cb7a0 img_data_lock + 6928
18 CoreGraphics                   0x1878c9c38 CGSImageDataLock + 184
19 CoreGraphics                   0x1876ea704 ripc_AcquireRIPImageData + 308
20 CoreGraphics                   0x1878de87c ripc_DrawImage + 644
21 CoreGraphics                   0x1878ce678 CGContextDrawImageWithOptions + 632
22 UIKit                          0x18f3a4fd8 -[UIImage drawInRect:blendMode:alpha:] + 1816
23 UIKit                          0x18fa3e89c -[UIGraphicsRenderer runDrawingActions:completionActions:format:error:] + 452
24 UIKit                          0x18fa3e6a4 -[UIGraphicsRenderer runDrawingActions:completionActions:error:] + 120
25 UIKit                          0x18fdd25f0 -[UIGraphicsImageRenderer imageWithActions:] + 152

Expected Results:
N/A

Actual Results:
N/A

Version/Build:

Comments

I've not seen this crash since iOS 11.2

I've not seen this crash since iOS 11.2

By felipekellermann at Dec. 28, 2017, 1:36 p.m. (reply...)

Additional crash logs

Additional crash logs: https://www.dropbox.com/s/m6n05l54jlfrx6e/Radar-35399850.zip?dl=0

By felipekellermann at Dec. 14, 2017, 4:03 p.m. (reply...)

Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!