Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

socket_connect_addr crash #12

Open
AiXanadu opened this issue Nov 22, 2021 · 7 comments
Open

socket_connect_addr crash #12

AiXanadu opened this issue Nov 22, 2021 · 7 comments

Comments

@AiXanadu
Copy link

0 libsystem_kernel.dylib 0x00007fff92875d42 __pthread_kill + 10
1 libsystem_pthread.dylib 0x00007fff92963457 pthread_kill + 90
2 libsystem_c.dylib 0x00007fff927db4bb __abort + 140
3 libsystem_c.dylib 0x00007fff927dbd7e __stack_chk_fail + 205
4 libimobiledevice-glue-1.0.0.dylib 0x000000011cd252f7 socket_connect_addr + 1607
5 libimobiledevice-1.0.6.dylib 0x000000011ccdcc34 idevice_connect + 308 (idevice.c:517)
6 libimobiledevice-1.0.6.dylib 0x000000011ccdd6e6 service_client_new + 70 (service.c:68)
7 libimobiledevice-1.0.6.dylib 0x000000011ccddae3 property_list_service_client_new + 67 (property_list_service.c:67)
8 libimobiledevice-1.0.6.dylib 0x000000011ccdf2f5 lockdownd_client_new_with_handshake + 101 (lockdown.c:634)

When I try to start the service "com.apple.springboardservices" on the Mac, I occasionally crash.
I use this service to get screen wallpaper.
I try to search for solutions, mostly stack overflow.
It takes about dozens of times to have a crash.
@AiXanadu AiXanadu mentioned this issue Nov 23, 2021
Closed
@AiXanadu
Copy link
Author

With the same code, I haven't found this problem on the USB device yet. at present, only WiFi devices will appear.

@mexmer
Copy link
Contributor

mexmer commented Nov 23, 2021

if it's happens only on wifi, issue might be, that device when to sleep just in time of query ... and socket you trying connect to was released just before you called connect on it .... question is, if anything can be done in connect function to prevent this, or it's just unhandled condition inside apple implementation.

@AiXanadu
Copy link
Author

AiXanadu commented Nov 23, 2021
edited
Loading 

bool device_desktop_wallpaper(idevice_t _Device, const std::function<void(const XByteArray& _Picture)>& _Lambda) noexcept
{
	auto		vSync = false;
	auto		vPictureBytes = XByteArray();
	auto		vLockdownd = static_cast<lockdownd_client_t>(nullptr);
	auto		vService = static_cast<lockdownd_service_descriptor_t>(nullptr);
	auto		vSpringBoard = static_cast<sbservices_client_t>(nullptr);
	auto		vErrorL = lockdownd_client_new_with_handshake(_Device, &vLockdownd, "device_desktop_wallpaper");
	if(vErrorL != LOCKDOWN_E_SUCCESS)
	{
		return false;
	}

	do
	{
	
		if(lockdownd_start_service(vLockdownd, "com.apple.springboardservices", &vService) == LOCKDOWN_E_SUCCESS)
		{
			if(sbservices_client_new(_Device, vService, &vSpringBoard) != SBSERVICES_E_SUCCESS)
			{
				vSpringBoard = nullptr;
			}
			lockdownd_service_descriptor_free(vService);
		}
		if(vSpringBoard == nullptr)
		{
			break;
		}

		auto		vPictureData = static_cast<char*>(nullptr);
		auto		vPictureLength = static_cast<std::uint64_t>(0);
		if(sbservices_get_home_screen_wallpaper_pngdata(vSpringBoard, &vPictureData, &vPictureLength) != SBSERVICES_E_SUCCESS)
		{
			break;
		}
		if(vPictureData == nullptr && vPictureLength == 0)
		{
			break;
		}
		vPictureBytes = XByteArray(vPictureData, (std::size_t)vPictureLength);
		sbservices_get_home_screen_wallpaper_free(vPictureData);
		vSync = true;
	}while(false);

	if(vSync)
	{
		_Lambda(vPictureBytes);
		vSync = true;
	}
	
	if(vSpringBoard)
	{
		sbservices_client_free(vSpringBoard);
	}
	if(vLockdownd)
	{
		lockdownd_client_free(vLockdownd);
	}
	return vSync;
}

I just call it in separate threads and functions, and there is no multithreading.

It may also be in windows, but I use SEH to handle it.

template <class Fun, class ... T>
afc_error_t FunctionCallAfc(Fun _Call, T... vT)
{
	auto		vReturn = AFC_E_INVALID_ARG;
	if(_Call)
	{
#if defined(_XANADU_SYSTEM_WINDOWS)
		__try
		{
			vReturn = _Call(vT...);
		}
		__except(EXCEPTION_EXECUTE_HANDLER)
		{
			//ExceptionNormal(vFile, vFunc, vLine);
		}
#else
		try
		{
			vReturn = _Call(vT...);
		}
		catch(...)
		{
		}
#endif
	}
	return vReturn;
}

This can help me deal with most exceptions.

@nikias
Copy link
Member

nikias commented Feb 4, 2022

Looks like stack corruption. I wonder how that would happen...

@AiXanadu
Copy link
Author

Looks like stack corruption. I wonder how that would happen...

It is described above.
Specifically, when connecting to a WIFI device and running the above code, there is a chance that this problem will occur.

@N4RUTOP
Copy link

N4RUTOP commented Oct 16, 2024

I encountered the same issue, and after debugging, I found that the crash was caused by releasing a dangling pointer. Specifically, it happened at socket.c: 606 free(ifa->ifa_dstaddr);. The problem was solved by calling memset after allocating memory for the struct ifaddrs.

nikias added a commit that referenced this issue Oct 21, 2024
@nikias
socket/win32: Use calloc where applicable in getifaddrs implementation
1085e46 
This should prevent crashes like the one mentioned in #12 which are caused
by releasing an invalid pointer (due to uninitialized memory).
@nikias
Copy link
Member

nikias commented Oct 21, 2024

Should be fixed with 1085e46.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nikias @mexmer @AiXanadu @N4RUTOP