Skip to content

crash in SemanticsObject dealloc and access the children in iOS 9 version #87247

New issue
New issue
Closed
Closed
crash in SemanticsObject dealloc and access the children in iOS 9 version#87247
Labels
P2Important issues not at the top of the work lista: accessibilityAccessibility, e.g. VoiceOver or TalkBack. (aka a11y)a: productionIssues experienced in live production appsc: fatal crashCrashes that terminate the processcustomer: alibabae: OS-version specificAffects only some versions of the relevant operating systemengineflutter/engine related. See also e: labels.platform-iosiOS applications specificallyr: fixedIssue is closed as already fixed in a newer version
@xiaoxiaowesley

Description

@xiaoxiaowesley
xiaoxiaowesley
opened on Jul 29, 2021

I received user crash log in my app but can't find reproduce step.

Problem is very obvious: _children has released in [SemanticsObject dealloc] but when SemanticsObject call [super dealloc] it access the _children again in [SemanticsObject hasChildren].

I only happened in iOS 9 and flutter version is 1.22.6

Incident Identifier: B9E52E4C-0886-4994-A3A7-2F3E9DBDE12D
CrashReporter Key:   TODO
Hardware Model:      iPhone8,2
Process:             Runner [1705]
Path:                /var/mobile/Containers/Bundle/Application/B9C65EE1-B792-4C83-8020-CB81009C6AD6/Runner.app/Runner
Identifier:          Unknown|com.taobao.fleamarket
Version:             7.1.30+ (7.1.30)
Code Type:           ARM-64
Parent Process:      ??? [1]
Date/Time:           2021-07-29 02:50:51 +0000
OS Version:          iPhone OS 9.2.1 (13D15)
Report Version:      104
Exception Type:  SIGSEGV
Exception Codes: SEGV_ACCERR at 0x10
Triggered by Thread:  0
Thread 0 Crashed:
0   libobjc.A.dylib                 0x00000001810d5bd0 _objc_msgSend :16 (in libobjc.A.dylib)
1   Flutter                         0x0000000107ffa508 -[SemanticsObject hasChildren] SemanticsObject.mm:206 (in Flutter)
2   Flutter                         0x0000000107ffbbe0 -[SemanticsObject accessibilityContainer] SemanticsObject.mm:387 (in Flutter)
3   UIAccessibility                 0x000000018bc284fc -[UIAccessibilityElementSuperCategory dealloc] :32 (in UIAccessibility)
4   Flutter                         0x0000000107ff9f1c -[SemanticsObject dealloc] SemanticsObject.mm:155 (in Flutter)
5   CoreFoundation                  0x00000001819ba838 -[NSMutableDictionary removeObjectsForKeys:] :212 (in CoreFoundation)
6   Flutter                         0x0000000108006988 flutter::PlatformViewIOS::UpdateSemantics(std::__1::unordered_map<int, flutter::SemanticsNode, std::__1::hash<int>, std::__1::equal_to<int>, std::__1::allocator<std::__1::pair<int const, flutter::SemanticsNode> > >, std::__1::unordered_map<int, flutter::CustomAccessibilityAction, std::__1::hash<int>, std::__1::equal_to<int>, std::__1::allocator<std::__1::pair<int const, flutter::CustomAccessibilityAction> > >) accessibility_bridge.mm:195 (in Flutter)
7   Flutter                         0x00000001082c2744 std::__1::__function::__func<flutter::Shell::OnEngineUpdateSemantics(std::__1::unordered_map<int, flutter::SemanticsNode, std::__1::hash<int>, std::__1::equal_to<int>, std::__1::allocator<std::__1::pair<int const, flutter::SemanticsNode> > >, std::__1::unordered_map<int, flutter::CustomAccessibilityAction, std::__1::hash<int>, std::__1::equal_to<int>, std::__1::allocator<std::__1::pair<int const, flutter::CustomAccessibilityAction> > >)::$_32, std::__1::allocator<flutter::Shell::OnEngineUpdateSemantics(std::__1::unordered_map<int, flutter::SemanticsNode, std::__1::hash<int>, std::__1::equal_to<int>, std::__1::allocator<std::__1::pair<int const, flutter::SemanticsNode> > >, std::__1::unordered_map<int, flutter::CustomAccessibilityAction, std::__1::hash<int>, std::__1::equal_to<int>, std::__1::allocator<std::__1::pair<int const, flutter::CustomAccessibilityAction> > >)::$_32>, void ()()>::operator()() shell.cc:1069 (in Flutter)
8   Flutter                         0x000000010800e25c fml::MessageLoopImpl::FlushTasks(fml::FlushType) functional:1799 (in Flutter)
9   Flutter                         0x00000001080101d0 fml::MessageLoopDarwin::OnTimerFire(__CFRunLoopTimer*, fml::MessageLoopDarwin*) message_loop_impl.cc:143 (in Flutter)
10  CoreFoundation                  0x0000000181a0d5f4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ :28 (in CoreFoundation)
11  CoreFoundation                  0x0000000181a0d298 __CFRunLoopDoTimer :884 (in CoreFoundation)
12  CoreFoundation                  0x0000000181a0a9ac __CFRunLoopRun :1520 (in CoreFoundation)
13  CoreFoundation                  0x0000000181939680 _CFRunLoopRunSpecific :384 (in CoreFoundation)
14  GraphicsServices                0x0000000182e48088 _GSEventRunModal :180 (in GraphicsServices)
15  UIKit                           0x00000001867b0d90 _UIApplicationMain :204 (in UIKit)
16  Runner                          0x00000001034bb1e8 main main.m:55 (in Runner)
17  libdyld.dylib                   0x00000001814da8b8 _start :4 (in libdyld.dylib)

Metadata

Metadata

Assignees

No one assigned

    Labels

    P2Important issues not at the top of the work lista: accessibilityAccessibility, e.g. VoiceOver or TalkBack. (aka a11y)a: productionIssues experienced in live production appsc: fatal crashCrashes that terminate the processcustomer: alibabae: OS-version specificAffects only some versions of the relevant operating systemengineflutter/engine related. See also e: labels.platform-iosiOS applications specificallyr: fixedIssue is closed as already fixed in a newer version

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions