Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] PaymentSheet card scanner crashes w/ [Deallocation of non-allocated memory] #1916

Closed
dmrschmidt opened this issue Jan 7, 2022 · 7 comments
Closed

[BUG] PaymentSheet card scanner crashes w/ [Deallocation of non-allocated memory] #1916

dmrschmidt opened this issue Jan 7, 2022 · 7 comments
Labels
kind:bug triaged Issue has been reviewed by Stripe and is being tracked internally

Comments

@dmrschmidt
Copy link

dmrschmidt commented Jan 7, 2022
edited
Loading

Summary

PaymentSheet's built-in "Scan Card" feature crashes in STPCardScanner:271 (try handler?.perform([textRequest].compactMap { $0 })) with Thread 26: Deallocation of non-allocated memory when card is scanned.

[Edit]: correction: it already crashes when the card scanner is merely opened.

Code to reproduce

Normal usage of PaymentSheet, ie along these lines

var configuration = PaymentSheet.Configuration()
configuration.merchantDisplayName = "App Name"
configuration.customer = .init(id: "customerId", ephemeralKeySecret: "customerEphemeralKeySecret")
configuration.applePay = .init(merchantId: "appleMerchantIdentifier", merchantCountryCode: "DE")

self.paymentSheet = PaymentSheet(paymentIntentClientSecret: "paymentIntentClientSecret", configuration: configuration)
self.paymentSheet?.present(from: controller, completion: { paymentSheetResult in }

iOS version

15.2

Installation method

SPM

SDK version

21.11.0

Other information

Stack trace / address sanitizer output from crash:

=================================================================
==2847==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x000142698000 in thread T30
> #0 0x103219f80 in wrap_free+0x98 (/private/var/containers/Bundle/Application/3C250CF2-2A0F-4EBE-A120-AB93BCF36889/SoundCard.app/Frameworks/libclang_rt.asan_ios_dynamic.dylib:arm64e+0x3df80)
> #1 0x19543d5fc in +0x50 (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0x38a5fc)
> #2 0x1950c53c4 in +0x64 (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0x123c4)
> #3 0x19543d5fc in +0x50 (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0x38a5fc)
> #4 0x1950bce94 in +0x2c (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0x9e94)
> #5 0x19938ad24 in +0x70 (/usr/lib/libobjc.A.dylib:arm64e+0x7d24)
> #6 0x199387b70 in objc_destructInstance+0x4c (/usr/lib/libobjc.A.dylib:arm64e+0x4b70)
> #7 0x180c3a2d8 in +0x94 (/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation:arm64e+0x1762d8)
> #8 0x19938a4b8 in +0xc4 (/usr/lib/libobjc.A.dylib:arm64e+0x74b8)
> #9 0x199386884 in objc_autoreleasePoolPop+0xcc (/usr/lib/libobjc.A.dylib:arm64e+0x3884)
> #10 0x19e6030e8 in +0x104 (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x50e8)
> #11 0x19e602fa0 in +0x34 (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x4fa0)
> #12 0x19e60c5c8 in +0x4c (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0xe5c8)
> #13 0x19e674088 in +0x2c (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x76088)
> #14 0x10307a008 in _dispatch_block_sync_invoke+0x94 (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0xa008)
> #15 0x1030763b0 in _dispatch_client_callout+0x10 (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0x63b0)
> #16 0x1030878e0 in dispatch_lane_barrier_sync_invoke_and_complete+0xac (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0x178e0)
> #17 0x10307b910 in dispatch_sync_block_with_privdata+0x1a4 (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0xb910)
> #18 0x19e6087b8 in +0x20c (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0xa7b8)
> #19 0x19e7e2ff8 in +0x238 (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x1e4ff8)
> #20 0x19e600b28 in +0x2dc (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x2b28)
> #21 0x19e60c5c8 in +0x4c (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0xe5c8)
> #22 0x19e607d54 in +0x228 (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x9d54)
> #23 0x19e60610c in +0x1b8 (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x810c)
> #24 0x19e605ee4 in +0xb8 (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x7ee4)
> #25 0x10094e084 in function signature specialization <Arg[0] = Dead, Arg[2] = Dead> of Stripe.STPCardScanner.captureOutput(: __C.AVCaptureOutput, didOutput: __C.CMSampleBufferRef, from: __C.AVCaptureConnection) -> ()+0x514 (/private/var/containers/Bundle/Application/3C250CF2-2A0F-4EBE-A120-AB93BCF36889/SoundCard.app/SoundCard:arm64+0x10049a084)
> #26 0x100947b0c in @objc Stripe.STPCardScanner.captureOutput(: __C.AVCaptureOutput, didOutput: __C.CMSampleBufferRef, from: __C.AVCaptureConnection) -> ()+0x58 (/private/var/containers/Bundle/Application/3C250CF2-2A0F-4EBE-A120-AB93BCF36889/SoundCard.app/SoundCard:arm64+0x100493b0c)
> #27 0x19f52d120 in +0x14c (/System/Library/PrivateFrameworks/AVFCapture.framework/AVFCapture:arm64e+0x19120)
> #28 0x19f517278 in +0x64 (/System/Library/PrivateFrameworks/AVFCapture.framework/AVFCapture:arm64e+0x3278)
> #29 0x19f75d094 in +0x130 (/System/Library/PrivateFrameworks/CMCapture.framework/CMCapture:arm64e+0x14c094)
> #30 0x19f9136b4 in +0x104 (/System/Library/PrivateFrameworks/CMCapture.framework/CMCapture:arm64e+0x3026b4)
> #31 0x10321951c in __wrap_dispatch_source_set_event_handler_block_invoke+0xc0 (/private/var/containers/Bundle/Application/3C250CF2-2A0F-4EBE-A120-AB93BCF36889/SoundCard.app/Frameworks/libclang_rt.asan_ios_dynamic.dylib:arm64e+0x3d51c)
> #32 0x1030763b0 in _dispatch_client_callout+0x10 (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0x63b0)
> #33 0x10307957c in _dispatch_continuation_pop+0x314 (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0x957c)
> #34 0x10308fdc0 in _dispatch_source_invoke+0x590 (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0x1fdc0)
> #35 0x10307e2d8 in _dispatch_lane_serial_drain+0x174 (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0xe2d8)
> #36 0x10307f28c in _dispatch_lane_invoke+0x1a8 (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0xf28c)
> #37 0x10308be1c in _dispatch_workloop_worker_thread+0x390 (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0x1be1c)
> #38 0x1f1e2f0f0 in _pthread_wqthread+0x11c (/usr/lib/system/libsystem_pthread.dylib:arm64e+0x10f0)
> #39 0x1f1e2ee90 in start_wqthread+0x4 (/usr/lib/system/libsystem_pthread.dylib:arm64e+0xe90)

0x000142698000 is located 10240 bytes to the right of 921600-byte region [0x0001425b4800,0x000142695800)
freed by thread T30 here:
> #0 0x103227ab0 in wrap__ZdaPv+0x74 (/private/var/containers/Bundle/Application/3C250CF2-2A0F-4EBE-A120-AB93BCF36889/SoundCard.app/Frameworks/libclang_rt.asan_ios_dynamic.dylib:arm64e+0x4bab0)
> #1 0x1950bf160 in +0x31c (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0xc160)
> #2 0x1950c5424 in +0x28 (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0x12424)
> #3 0x1030763b0 in _dispatch_client_callout+0x10 (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0x63b0)
> #4 0x1030878e0 in _dispatch_lane_barrier_sync_invoke_and_complete+0xac (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0x178e0)
> #5 0x1950c503c in +0x174 (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0x1203c)
> #6 0x1950c7634 in +0x7c (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0x14634)
> #7 0x1030763b0 in _dispatch_client_callout+0x10 (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0x63b0)
> #8 0x1030878e0 in _dispatch_lane_barrier_sync_invoke_and_complete+0xac (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0x178e0)
> #9 0x1950c02ec in +0x1b0 (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0xd2ec)
> #10 0x1aeaa1430 in +0x24 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x19430)
> #11 0x1aeaa13c8 in +0x54 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x193c8)
> #12 0x1aeaa1588 in +0x54 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x19588)
> #13 0x1aea98e2c in +0xdc (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x10e2c)
> #14 0x1aeb7cbfc in +0xd8 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0xf4bfc)
> #15 0x1aea981a4 in +0x6dc (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x101a4)
> #16 0x1aeb7cbfc in +0xd8 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0xf4bfc)
> #17 0x1aea975a0 in +0x398 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0xf5a0)
> #18 0x1aeb23578 in +0x54 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x9b578)
> #19 0x1aeb23a14 in +0x114 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x9ba14)
> #20 0x1aeaab1e4 in +0x3b0 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x231e4)
> #21 0x1aeaa83d4 in +0x1b4 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x203d4)
> #22 0x1aeaa819c in +0xa4 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x2019c)
> #23 0x1aeaa80d4 in +0x18 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x200d4)
> #24 0x1aeaa8098 in +0x24 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x20098)
> #25 0x19e663aac in +0xf0 (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x65aac)
> #26 0x19e68382c in +0x88 (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x8582c)
> #27 0x19e66373c in +0x3fc (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x6573c)
> #28 0x19e6030c8 in +0xe4 (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x50c8)
> #29 0x19e602fa0 in +0x34 (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x4fa0)

previously allocated by thread T30 here:
> #0 0x1032276b0 in wrap__Znam+0x74 (/private/var/containers/Bundle/Application/3C250CF2-2A0F-4EBE-A120-AB93BCF36889/SoundCard.app/Frameworks/libclang_rt.asan_ios_dynamic.dylib:arm64e+0x4b6b0)
> #1 0x1954860ac in +0x280 (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0x3d30ac)
> #2 0x195484800 in +0x2d8 (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0x3d1800)
> #3 0x1950beee4 in +0xa0 (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0xbee4)
> #4 0x1950c5424 in +0x28 (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0x12424)
> #5 0x1030763b0 in _dispatch_client_callout+0x10 (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0x63b0)
> #6 0x1030878e0 in _dispatch_lane_barrier_sync_invoke_and_complete+0xac (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0x178e0)
> #7 0x1950c503c in +0x174 (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0x1203c)
> #8 0x1950c7634 in +0x7c (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0x14634)
> #9 0x1030763b0 in _dispatch_client_callout+0x10 (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0x63b0)
> #10 0x1030878e0 in _dispatch_lane_barrier_sync_invoke_and_complete+0xac (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0x178e0)
> #11 0x1950c02ec in +0x1b0 (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0xd2ec)
> #12 0x1aeaa1430 in +0x24 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x19430)
> #13 0x1aeaa13c8 in +0x54 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x193c8)
> #14 0x1aeaa1588 in +0x54 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x19588)
> #15 0x1aea98e2c in +0xdc (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x10e2c)
> #16 0x1aeb7cbfc in +0xd8 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0xf4bfc)
> #17 0x1aea981a4 in +0x6dc (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x101a4)
> #18 0x1aeb7cbfc in +0xd8 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0xf4bfc)
> #19 0x1aea975a0 in +0x398 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0xf5a0)
> #20 0x1aeb23578 in +0x54 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x9b578)
> #21 0x1aeb23a14 in +0x114 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x9ba14)
> #22 0x1aeaab1e4 in +0x3b0 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x231e4)
> #23 0x1aeaa83d4 in +0x1b4 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x203d4)
> #24 0x1aeaa819c in +0xa4 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x2019c)
> #25 0x1aeaa80d4 in +0x18 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x200d4)
> #26 0x1aeaa8098 in +0x24 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x20098)
> #27 0x19e663aac in +0xf0 (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x65aac)
> #28 0x19e68382c in +0x88 (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x8582c)
> #29 0x19e66373c in +0x3fc (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x6573c)

Thread T30 created by T28 here:
>

Thread T28 created by T0 here:
>

SUMMARY: AddressSanitizer: bad-free (/private/var/containers/Bundle/Application/3C250CF2-2A0F-4EBE-A120-AB93BCF36889/SoundCard.app/Frameworks/libclang_rt.asan_ios_dynamic.dylib:arm64e+0x3df80) in wrap_free+0x98
2022-01-07 07:35:35.232486+0100 SoundCard[2847:407760] =================================================================
2022-01-07 07:35:35.232545+0100 SoundCard[2847:407760] ==2847==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x000142698000 in thread T30
2022-01-07 07:35:35.232578+0100 SoundCard[2847:407760] #0 0x103219f80 in wrap_free+0x98 (/private/var/containers/Bundle/Application/3C250CF2-2A0F-4EBE-A120-AB93BCF36889/SoundCard.app/Frameworks/libclang_rt.asan_ios_dynamic.dylib:arm64e+0x3df80)
2022-01-07 07:35:35.232610+0100 SoundCard[2847:407760] #1 0x19543d5fc in +0x50 (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0x38a5fc)
2022-01-07 07:35:35.232640+0100 SoundCard[2847:407760] #2 0x1950c53c4 in +0x64 (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0x123c4)
2022-01-07 07:35:35.232667+0100 SoundCard[2847:407760] #3 0x19543d5fc in +0x50 (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0x38a5fc)
2022-01-07 07:35:35.232693+0100 SoundCard[2847:407760] #4 0x1950bce94 in +0x2c (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0x9e94)
2022-01-07 07:35:35.232719+0100 SoundCard[2847:407760] #5 0x19938ad24 in +0x70 (/usr/lib/libobjc.A.dylib:arm64e+0x7d24)
2022-01-07 07:35:35.232746+0100 SoundCard[2847:407760] #6 0x199387b70 in objc_destructInstance+0x4c (/usr/lib/libobjc.A.dylib:arm64e+0x4b70)
2022-01-07 07:35:35.232773+0100 SoundCard[2847:407760] #7 0x180c3a2d8 in +0x94 (/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation:arm64e+0x1762d8)
2022-01-07 07:35:35.232798+0100 SoundCard[2847:407760] #8 0x19938a4b8 in +0xc4 (/usr/lib/libobjc.A.dylib:arm64e+0x74b8)
2022-01-07 07:35:35.232825+0100 SoundCard[2847:407760] #9 0x199386884 in objc_autoreleasePoolPop+0xcc (/usr/lib/libobjc.A.dylib:arm64e+0x3884)
2022-01-07 07:35:35.232853+0100 SoundCard[2847:407760] #10 0x19e6030e8 in +0x104 (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x50e8)
2022-01-07 07:35:35.232881+0100 SoundCard[2847:407760] #11 0x19e602fa0 in +0x34 (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x4fa0)
2022-01-07 07:35:35.232917+0100 SoundCard[2847:407760] #12 0x19e60c5c8 in +0x4c (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0xe5c8)
2022-01-07 07:35:35.232942+0100 SoundCard[2847:407760] #13 0x19e674088 in +0x2c (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x76088)
2022-01-07 07:35:35.232968+0100 SoundCard[2847:407760] #14 0x10307a008 in _dispatch_block_sync_invoke+0x94 (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0xa008)
2022-01-07 07:35:35.232996+0100 SoundCard[2847:407760] #15 0x1030763b0 in _dispatch_client_callout+0x10 (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0x63b0)
2022-01-07 07:35:35.233023+0100 SoundCard[2847:407760] #16 0x1030878e0 in dispatch_lane_barrier_sync_invoke_and_complete+0xac (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0x178e0)
2022-01-07 07:35:35.233050+0100 SoundCard[2847:407760] #17 0x10307b910 in dispatch_sync_block_with_privdata+0x1a4 (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0xb910)
2022-01-07 07:35:35.233080+0100 SoundCard[2847:407760] #18 0x19e6087b8 in +0x20c (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0xa7b8)
2022-01-07 07:35:35.233109+0100 SoundCard[2847:407760] #19 0x19e7e2ff8 in +0x238 (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x1e4ff8)
2022-01-07 07:35:35.233136+0100 SoundCard[2847:407760] #20 0x19e600b28 in +0x2dc (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x2b28)
2022-01-07 07:35:35.233165+0100 SoundCard[2847:407760] #21 0x19e60c5c8 in +0x4c (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0xe5c8)
2022-01-07 07:35:35.233190+0100 SoundCard[2847:407760] #22 0x19e607d54 in +0x228 (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x9d54)
2022-01-07 07:35:35.233213+0100 SoundCard[2847:407760] #23 0x19e60610c in +0x1b8 (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x810c)
2022-01-07 07:35:35.233236+0100 SoundCard[2847:407760] #24 0x19e605ee4 in +0xb8 (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x7ee4)
2022-01-07 07:35:35.233259+0100 SoundCard[2847:407760] #25 0x10094e084 in function signature specialization <Arg[0] = Dead, Arg[2] = Dead> of Stripe.STPCardScanner.captureOutput(: __C.AVCaptureOutput, didOutput: __C.CMSampleBufferRef, from: __C.AVCaptureConnection) -> ()+0x514 (/private/var/containers/Bundle/Application/3C250CF2-2A0F-4EBE-A120-AB93BCF36889/SoundCard.app/SoundCard:arm64+0x10049a084)
2022-01-07 07:35:35.233290+0100 SoundCard[2847:407760] #26 0x100947b0c in @objc Stripe.STPCardScanner.captureOutput(: __C.AVCaptureOutput, didOutput: __C.CMSampleBufferRef, from: __C.AVCaptureConnection) -> ()+0x58 (/private/var/containers/Bundle/Application/3C250CF2-2A0F-4EBE-A120-AB93BCF36889/SoundCard.app/SoundCard:arm64+0x100493b0c)
2022-01-07 07:35:35.233316+0100 SoundCard[2847:407760] #27 0x19f52d120 in +0x14c (/System/Library/PrivateFrameworks/AVFCapture.framework/AVFCapture:arm64e+0x19120)
2022-01-07 07:35:35.233342+0100 SoundCard[2847:407760] #28 0x19f517278 in +0x64 (/System/Library/PrivateFrameworks/AVFCapture.framework/AVFCapture:arm64e+0x3278)
2022-01-07 07:35:35.233373+0100 SoundCard[2847:407760] #29 0x19f75d094 in +0x130 (/System/Library/PrivateFrameworks/CMCapture.framework/CMCapture:arm64e+0x14c094)
2022-01-07 07:35:35.233400+0100 SoundCard[2847:407760] #30 0x19f9136b4 in +0x104 (/System/Library/PrivateFrameworks/CMCapture.framework/CMCapture:arm64e+0x3026b4)
2022-01-07 07:35:35.233422+0100 SoundCard[2847:407760] #31 0x10321951c in __wrap_dispatch_source_set_event_handler_block_invoke+0xc0 (/private/var/containers/Bundle/Application/3C250CF2-2A0F-4EBE-A120-AB93BCF36889/SoundCard.app/Frameworks/libclang_rt.asan_ios_dynamic.dylib:arm64e+0x3d51c)
2022-01-07 07:35:35.233447+0100 SoundCard[2847:407760] #32 0x1030763b0 in _dispatch_client_callout+0x10 (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0x63b0)
2022-01-07 07:35:35.233477+0100 SoundCard[2847:407760] #33 0x10307957c in _dispatch_continuation_pop+0x314 (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0x957c)
2022-01-07 07:35:35.233503+0100 SoundCard[2847:407760] #34 0x10308fdc0 in _dispatch_source_invoke+0x590 (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0x1fdc0)
2022-01-07 07:35:35.233531+0100 SoundCard[2847:407760] #35 0x10307e2d8 in _dispatch_lane_serial_drain+0x174 (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0xe2d8)
2022-01-07 07:35:35.233555+0100 SoundCard[2847:407760] #36 0x10307f28c in _dispatch_lane_invoke+0x1a8 (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0xf28c)
2022-01-07 07:35:35.233580+0100 SoundCard[2847:407760] #37 0x10308be1c in _dispatch_workloop_worker_thread+0x390 (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0x1be1c)
2022-01-07 07:35:35.233603+0100 SoundCard[2847:407760] #38 0x1f1e2f0f0 in _pthread_wqthread+0x11c (/usr/lib/system/libsystem_pthread.dylib:arm64e+0x10f0)
2022-01-07 07:35:35.233627+0100 SoundCard[2847:407760] #39 0x1f1e2ee90 in start_wqthread+0x4 (/usr/lib/system/libsystem_pthread.dylib:arm64e+0xe90)
2022-01-07 07:35:35.233649+0100 SoundCard[2847:407760]
2022-01-07 07:35:35.233673+0100 SoundCard[2847:407760] 0x000142698000 is located 10240 bytes to the right of 921600-byte region [0x0001425b4800,0x000142695800)
2022-01-07 07:35:35.233697+0100 SoundCard[2847:407760] freed by thread T30 here:
2022-01-07 07:35:35.233719+0100 SoundCard[2847:407760] #0 0x103227ab0 in wrap__ZdaPv+0x74 (/private/var/containers/Bundle/Application/3C250CF2-2A0F-4EBE-A120-AB93BCF36889/SoundCard.app/Frameworks/libclang_rt.asan_ios_dynamic.dylib:arm64e+0x4bab0)
2022-01-07 07:35:35.233763+0100 SoundCard[2847:407760] #1 0x1950bf160 in +0x31c (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0xc160)
2022-01-07 07:35:35.233787+0100 SoundCard[2847:407760] #2 0x1950c5424 in +0x28 (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0x12424)
2022-01-07 07:35:35.233847+0100 SoundCard[2847:407760] #3 0x1030763b0 in _dispatch_client_callout+0x10 (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0x63b0)
2022-01-07 07:35:35.233892+0100 SoundCard[2847:407760] #4 0x1030878e0 in _dispatch_lane_barrier_sync_invoke_and_complete+0xac (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0x178e0)
2022-01-07 07:35:35.233974+0100 SoundCard[2847:407760] #5 0x1950c503c in +0x174 (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0x1203c)
2022-01-07 07:35:35.234018+0100 SoundCard[2847:407760] #6 0x1950c7634 in +0x7c (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0x14634)
2022-01-07 07:35:35.234062+0100 SoundCard[2847:407760] #7 0x1030763b0 in _dispatch_client_callout+0x10 (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0x63b0)
2022-01-07 07:35:35.234102+0100 SoundCard[2847:407760] #8 0x1030878e0 in _dispatch_lane_barrier_sync_invoke_and_complete+0xac (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0x178e0)
2022-01-07 07:35:35.234257+0100 SoundCard[2847:407760] #9 0x1950c02ec in +0x1b0 (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0xd2ec)
2022-01-07 07:35:35.234322+0100 SoundCard[2847:407760] #10 0x1aeaa1430 in +0x24 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x19430)
2022-01-07 07:35:35.234448+0100 SoundCard[2847:407760] #11 0x1aeaa13c8 in +0x54 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x193c8)
2022-01-07 07:35:35.234494+0100 SoundCard[2847:407760] #12 0x1aeaa1588 in +0x54 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x19588)
2022-01-07 07:35:35.234543+0100 SoundCard[2847:407760] #13 0x1aea98e2c in +0xdc (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x10e2c)
2022-01-07 07:35:35.234577+0100 SoundCard[2847:407760] #14 0x1aeb7cbfc in +0xd8 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0xf4bfc)
2022-01-07 07:35:35.234622+0100 SoundCard[2847:407760] #15 0x1aea981a4 in +0x6dc (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x101a4)
2022-01-07 07:35:35.234691+0100 SoundCard[2847:407760] #16 0x1aeb7cbfc in +0xd8 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0xf4bfc)
2022-01-07 07:35:35.234747+0100 SoundCard[2847:407760] #17 0x1aea975a0 in +0x398 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0xf5a0)
2022-01-07 07:35:35.234787+0100 SoundCard[2847:407760] #18 0x1aeb23578 in +0x54 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x9b578)
2022-01-07 07:35:35.234819+0100 SoundCard[2847:407760] #19 0x1aeb23a14 in +0x114 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x9ba14)
2022-01-07 07:35:35.234863+0100 SoundCard[2847:407760] #20 0x1aeaab1e4 in +0x3b0 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x231e4)
2022-01-07 07:35:35.234916+0100 SoundCard[2847:407760] #21 0x1aeaa83d4 in +0x1b4 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x203d4)
2022-01-07 07:35:35.234973+0100 SoundCard[2847:407760] #22 0x1aeaa819c in +0xa4 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x2019c)
2022-01-07 07:35:35.235058+0100 SoundCard[2847:407760] #23 0x1aeaa80d4 in +0x18 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x200d4)
2022-01-07 07:35:35.235109+0100 SoundCard[2847:407760] #24 0x1aeaa8098 in +0x24 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x20098)
2022-01-07 07:35:35.235134+0100 SoundCard[2847:407760] #25 0x19e663aac in +0xf0 (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x65aac)
2022-01-07 07:35:35.235181+0100 SoundCard[2847:407760] #26 0x19e68382c in +0x88 (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x8582c)
2022-01-07 07:35:35.235277+0100 SoundCard[2847:407760] #27 0x19e66373c in +0x3fc (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x6573c)
2022-01-07 07:35:35.235321+0100 SoundCard[2847:407760] #28 0x19e6030c8 in +0xe4 (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x50c8)
2022-01-07 07:35:35.235363+0100 SoundCard[2847:407760] #29 0x19e602fa0 in +0x34 (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x4fa0)
2022-01-07 07:35:35.235410+0100 SoundCard[2847:407760]
2022-01-07 07:35:35.235442+0100 SoundCard[2847:407760] previously allocated by thread T30 here:
2022-01-07 07:35:35.235519+0100 SoundCard[2847:407760] #0 0x1032276b0 in wrap__Znam+0x74 (/private/var/containers/Bundle/Application/3C250CF2-2A0F-4EBE-A120-AB93BCF36889/SoundCard.app/Frameworks/libclang_rt.asan_ios_dynamic.dylib:arm64e+0x4b6b0)
2022-01-07 07:35:35.235569+0100 SoundCard[2847:407760] #1 0x1954860ac in +0x280 (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0x3d30ac)
2022-01-07 07:35:35.235594+0100 SoundCard[2847:407760] #2 0x195484800 in +0x2d8 (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0x3d1800)
2022-01-07 07:35:35.235619+0100 SoundCard[2847:407760] #3 0x1950beee4 in +0xa0 (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0xbee4)
2022-01-07 07:35:35.235643+0100 SoundCard[2847:407760] #4 0x1950c5424 in +0x28 (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0x12424)
2022-01-07 07:35:35.235666+0100 SoundCard[2847:407760] #5 0x1030763b0 in _dispatch_client_callout+0x10 (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0x63b0)
2022-01-07 07:35:35.235689+0100 SoundCard[2847:407760] #6 0x1030878e0 in _dispatch_lane_barrier_sync_invoke_and_complete+0xac (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0x178e0)
2022-01-07 07:35:35.235715+0100 SoundCard[2847:407760] #7 0x1950c503c in +0x174 (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0x1203c)
2022-01-07 07:35:35.235739+0100 SoundCard[2847:407760] #8 0x1950c7634 in +0x7c (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0x14634)
2022-01-07 07:35:35.235766+0100 SoundCard[2847:407760] #9 0x1030763b0 in _dispatch_client_callout+0x10 (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0x63b0)
2022-01-07 07:35:35.235794+0100 SoundCard[2847:407760] #10 0x1030878e0 in _dispatch_lane_barrier_sync_invoke_and_complete+0xac (/usr/lib/system/introspection/libdispatch.dylib:arm64e+0x178e0)
2022-01-07 07:35:35.235820+0100 SoundCard[2847:407760] #11 0x1950c02ec in +0x1b0 (/System/Library/Frameworks/CoreML.framework/CoreML:arm64e+0xd2ec)
2022-01-07 07:35:35.235847+0100 SoundCard[2847:407760] #12 0x1aeaa1430 in +0x24 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x19430)
2022-01-07 07:35:35.235873+0100 SoundCard[2847:407760] #13 0x1aeaa13c8 in +0x54 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x193c8)
2022-01-07 07:35:35.235897+0100 SoundCard[2847:407760] #14 0x1aeaa1588 in +0x54 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x19588)
2022-01-07 07:35:35.235923+0100 SoundCard[2847:407760] #15 0x1aea98e2c in +0xdc (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x10e2c)
2022-01-07 07:35:35.235948+0100 SoundCard[2847:407760] #16 0x1aeb7cbfc in +0xd8 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0xf4bfc)
2022-01-07 07:35:35.236263+0100 SoundCard[2847:407760] #17 0x1aea981a4 in +0x6dc (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x101a4)
2022-01-07 07:35:35.236287+0100 SoundCard[2847:407760] #18 0x1aeb7cbfc in +0xd8 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0xf4bfc)
2022-01-07 07:35:35.236309+0100 SoundCard[2847:407760] #19 0x1aea975a0 in +0x398 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0xf5a0)
2022-01-07 07:35:35.236331+0100 SoundCard[2847:407760] #20 0x1aeb23578 in +0x54 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x9b578)
2022-01-07 07:35:35.236402+0100 SoundCard[2847:407760] #21 0x1aeb23a14 in +0x114 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x9ba14)
2022-01-07 07:35:35.236424+0100 SoundCard[2847:407760] #22 0x1aeaab1e4 in +0x3b0 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x231e4)
2022-01-07 07:35:35.237025+0100 SoundCard[2847:407760] #23 0x1aeaa83d4 in +0x1b4 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x203d4)
2022-01-07 07:35:35.237051+0100 SoundCard[2847:407760] #24 0x1aeaa819c in +0xa4 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x2019c)
2022-01-07 07:35:35.237075+0100 SoundCard[2847:407760] #25 0x1aeaa80d4 in +0x18 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x200d4)
2022-01-07 07:35:35.237100+0100 SoundCard[2847:407760] #26 0x1aeaa8098 in +0x24 (/System/Library/PrivateFrameworks/TextRecognition.framework/TextRecognition:arm64e+0x20098)
2022-01-07 07:35:35.237124+0100 SoundCard[2847:407760] #27 0x19e663aac in +0xf0 (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x65aac)
2022-01-07 07:35:35.237855+0100 SoundCard[2847:407760] #28 0x19e68382c in +0x88 (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x8582c)
2022-01-07 07:35:35.239196+0100 SoundCard[2847:407760] #29 0x19e66373c in +0x3fc (/System/Library/Frameworks/Vision.framework/Vision:arm64e+0x6573c)
2022-01-07 07:35:35.239224+0100 SoundCard[2847:407760]
2022-01-07 07:35:35.239251+0100 SoundCard[2847:407760] Thread T30 created by T28 here:
2022-01-07 07:35:35.239275+0100 SoundCard[2847:407760]
2022-01-07 07:35:35.239299+0100 SoundCard[2847:407760]
2022-01-07 07:35:35.239323+0100 SoundCard[2847:407760] Thread T28 created by T0 here:
2022-01-07 07:35:35.239346+0100 SoundCard[2847:407760]
2022-01-07 07:35:35.239370+0100 SoundCard[2847:407760]
2022-01-07 07:35:35.239393+0100 SoundCard[2847:407760] SUMMARY: AddressSanitizer: bad-free (/private/var/containers/Bundle/Application/3C250CF2-2A0F-4EBE-A120-AB93BCF36889/SoundCard.app/Frameworks/libclang_rt.asan_ios_dynamic.dylib:arm64e+0x3df80) in wrap_free+0x98
==2847==ABORTING
@davidme-stripe
Copy link
Contributor

Hello, thanks for filing, and I'm sorry that you're experiencing this crash! I'm having trouble reproducing this locally, and I'm not seeing similar crashes in the Stripe app's crash reports. Could you share a little more information about your build environment?

  • Which version of Xcode are you using?
  • Which model of iPhone are you testing on?
  • Which (if any) Address Sanitizer flags do you have enabled?
  • Are you always experiencing this crash, or does it only occur sometimes?

The stack trace looks to be within CoreML/Vision, so we may need to file an issue with Apple.

@davidme-stripe davidme-stripe added the triaged Issue has been reviewed by Stripe and is being tracked internally label Jan 10, 2022
@dmrschmidt
Copy link
Author

  • I'm "still" on Xcode 13.2 (13C90) as there were unrelated issues for me on 13.2.1 with a different project.
  • It's a 512GB iPhone 13 Mini.
  • Address sanitizer is active, with "Detect use of stack after return" and "Undefined Behavior Sanitizer" turned on but "Thread Sanitizer" remaining off.
  • I can reproduce the crash reliably every single time with my Release configuration. It appears to be fine in the Test Flight build of the same code. I uploaded the Archive to App Store connect via Xcode's Organizer w/ bitcode enabled.

Should I just turn address sanitizer generally off? Now that I'm looking at it it seems like sth I may not actually want in my release config anyway? Or maybe this gets compiled out anyway via the bitcode recompilation?

@davidme-stripe
Copy link
Contributor

Thanks for the info! I'll try to enable those settings and check it again — I wasn't testing on a Release build, so that may have been the issue.

There's a pretty large performance impact to enabling the Address Sanitizer, and I don't think it would do anything useful for a customer, so I wouldn't recommend leaving it on when submitting to the App Store. (I'm surprised App Store Connect doesn't catch this!)

@dmrschmidt
Copy link
Author

I suppose since it doesn't crash in the Test Flight build the bitcode re-compilation disables it again? Seems like it's not that much of a pressing issue anymore if it's not affecting builds without it on. I'd still assume that there might be a legit bug-ish thing hidden here if address crashes the app.

@davidme-stripe
Copy link
Contributor

davidme-stripe commented Jan 12, 2022
edited
Loading

Running in Release mode was the trick. I also managed to reproduce the same issue in Apple's BreakfastFinder example app, so I think this is a bug in Vision. I'll file a report with Apple.

I'd still assume that there might be a legit bug-ish thing hidden here if address crashes the app.

Agreed, that is concerning! We haven't received any reports of scanning-related crashes outside of this ASan-enabled-in-Release-mode configuration, but I'll keep an eye out. Thanks again for filing this!

@dmrschmidt
Copy link
Author

Good to hear. And thanks so much for looking into it this quickly! Appreciated.

@csabol-stripe
Copy link
Contributor

Closing this one since it's a bug with Apple. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind:bug triaged Issue has been reviewed by Stripe and is being tracked internally
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dmrschmidt @csabol-stripe @davidme-stripe