开发者

iOS Crash Cronet!disk_cache::EntryImpl::InternalWriteData

开发者 https://www.devze.com 2022-12-07 18:09 出处:网络
Crash reason:EXC_BAD_ACCESS / KERN_INVALID_ADDRESS Crash address: 0x1073c008 Process uptime: 126675 seconds
Crash reason:  EXC_BAD_ACCESS / KERN_INVALID_ADDRESS
Crash address: 0x1073c008
Process uptime: 126675 seconds

Thread 57 (crashed)
 0  libsystem_platform.dylib!_platform_memmove + 0x2开发者_如何学运维24
     x0 = 0x000000010dad8000    x1 = 0x000000011073c008
     x2 = 0x0000000000000005    x3 = 0x000000010dad8008
     x4 = 0x000000000000006b    x5 = 0x000000000000006b
     x6 = 0x313a22726576227b    x7 = 0x000000016e39d538
     x8 = 0x0000000000004000    x9 = 0x0000000000000000
    x10 = 0x0000000000000000   x11 = 0x0000000000000000
    x12 = 0x00000000000c44b5   x13 = 0x00000000016e3600
    x14 = 0x0000000000000000   x15 = 0x00000000000000cc
    x16 = 0x00000001dd2ab820   x17 = 0x0000000071000000
    x18 = 0x0000000000000000   x19 = 0x000000010dad8000
    x20 = 0x000000011073c000   x21 = 0x000000028182cc18
    x22 = 0x0000000000000015   x23 = 0x000000010dad8000
    x24 = 0x0000000000000015   x25 = 0x0000000000000015
    x26 = 0x0000000000000000   x27 = 0x0000000000000000
    x28 = 0x0000000000000000    fp = 0x000000016e39da30
     lr = 0x000000010c96fdc0    sp = 0x000000016e39d9c0
     pc = 0x00000001dd2aba44
    Found by: given as instruction pointer in context
 1  Cronet!std::__1::enable_if<(__is_forward_iterator<char*>::value) && (is_constructible<char, std::__1::iterator_traits<char*>::reference>::value), std::__1::__wrap_iter<char*> >::type std::__1::vector<char, std::__1::allocator<char> >::insert<char*>(std::__1::__wrap_iter<char const*>, char*, char*) [memory : 1698 + 0x8]
     fp = 0x000000016e39dae0    lr = 0x000000010cb77208
     sp = 0x000000016e39da40    pc = 0x000000010c96fdc0
    Found by: previous frame's frame pointer
 2  Cronet!disk_cache::EntryImpl::InternalWriteData(int, int, net::IOBuffer*, int, base::OnceCallback<void (int)>, bool) [entry_impl.cc : 1162 + 0xc]
     fp = 0x000000016e39db40    lr = 0x000000010cb7708c
     sp = 0x000000016e39daf0    pc = 0x000000010cb77208
    Found by: previous frame's frame pointer
 3  Cronet!disk_cache::EntryImpl::WriteDataImpl(int, int, net::IOBuffer*, int, base::OnceCallback<void (int)>, bool) [entry_impl.cc : 365 + 0x1c]
     fp = 0x000000016e39dbd0    lr = 0x000000010cb7c084
     sp = 0x000000016e39db50    pc = 0x000000010cb7708c
    Found by: previous frame's frame pointer
 4  Cronet!disk_cache::BackendIO::ExecuteEntryOperation() [in_flight_backend_io.cc : 386 + 0x8]
     fp = 0x000000016e39dcb0    lr = 0x000000010cad4d24
     sp = 0x000000016e39dbe0    pc = 0x000000010cb7c084
Comment 1 by adeve...@gmail.com on Wed, Nov 23, 2022, 5:29 PM GMT+8 (13 days ago)
Here is the code that causes the crash:

  std::unique_ptr<char, base::FreeDeleter> read_buffer_;
  scoped_refptr<WrappedIOBuffer> read_buffer_wrapper_;

void HttpProtocolHandlerCore::AllocateReadBuffer(int last_read_data_size) {
  if (last_read_data_size == read_buffer_size_) {
    // If the whole buffer was filled with data then increase the buffer size
    // for the next read but don't exceed |kIOBufferMaxSize|.
    read_buffer_size_ = std::min(read_buffer_size_ * 2, kIOBufferMaxSize);
  } else if (read_buffer_size_ / 2 >= last_read_data_size) {
    // If only a half or less of the buffer was filled with data then reduce
    // the buffer size for the next read but not make it smaller than
    // |kIOBufferMinSize|.
    read_buffer_size_ = std::max(read_buffer_size_ / 2, kIOBufferMinSize);
  }
  read_buffer_.reset(static_cast<char*>(malloc(read_buffer_size_)));
  read_buffer_wrapper_ = base::MakeRefCounted<WrappedIOBuffer>(
      static_cast<const char*>(read_buffer_.get()));
}

I had found the Crash Reason: read_buffer_wrapper_ reference the memory data holded by read_buffer_. BackendIO(OP_WRITE) will reference read_buffer_wrapper_ and write the memory data to disk cache . (DISK CACHE MODE) When the http request canceled by user or timeout, the read_buffer_ will be free, and the memory data hold by read_buffer_ will be free, too.But if at the same time, a new BackendIO(OP_WRITE) task is sending to the iothread, when the iothread execute the BackendIO(OP_WRITE) task, it got crash.

My Solution: read_buffer_wrapper_ and read_buffer_ should reference to the same smart pointer.

0

精彩评论

暂无评论...
验证码 换一张
取 消