I am not exactly sure where this is coming from. I have a breakpoint on exceptions set but it does not show me what is really happening:
libobjc.A.dylib`objc_exception_throw:
0x40308b9: pushl %ebp
0x40308ba: movl %esp, %ebp
0x40308bc: pushl %ebx
0x40308bd: pushl %edi
0x40308be: pushl %esi
0x40308bf: subl $0x7ec, %esp
0x40308c5: calll 0x40308ca ; objc_exception_throw + 17
0x40308ca: popl %ebx
0x40308cb: movl $0x10, (%esp)
0x40308d2: calll 0x4043698 ; symbol stub for: __cxa_allocate_exception
0x40308d7: movl %eax, %esi
0x40308d9: movl 0x8(%ebp), %eax
0x40308dc: movl %eax, (%esp)
0x40308df: calll *0x1a478a(%ebx)
0x40308e5: movl %eax, %edi
0x40308e7: movl 0x1a4622(%ebx), %eax
0x40308ed: movl %eax, 0x4(%esp)
0x40308f1: movl %edi, (%esp)
0x40308f4: calll 0x40400a4 ; objc_msgSend
0x40308f9: movl %edi, (%esi)
0x40308fb: leal 0x1a475e(%ebx), %eax
0x4030901: movl %eax, 0x4(%esi)
0x4030904: movl %edi, (%esp)
0x4030907: calll 0x402ee20 ; object_getClassName
0x403090c: movl %eax, 0x8(%esi)
0x403090f: xorl %eax, %eax
0x4030911: testl %edi, %edi
0x4030913: je 0x4030917 ; objc_exception_throw + 94
0x4030915: movl (%edi), %eax
0x4030917: movl %eax, 0xc(%esi)
0x403091a: movl 0x1a37ae(%ebx), %eax
0x4030920: movl %eax, -0x7e0(%ebp)
0x4030926: cmpb $0x0, (%eax)
0x4030929: je 0x403094d ; objc_exception_throw + 148
0x403092b: movl %edi, (%esp)
0x403092e: calll 0x402ee20 ; object_getClassName
0x4030933: movl %eax, 0xc(%esp)
0x4030937: movl %edi, 0x8(%esp)
0x403093b: movl %esi, 0x4(%esp)
0x403093f: leal 0x141c2(%ebx), %eax
0x4030945: movl %eax, (%esp)
0x4030948: calll 0x40304ad ; _objc_inform
0x403094d: movl 0x1a37aa(%ebx), %eax
0x4030953: cmpb $0x0, (%eax)
0x4030956: je 0x40309cd ; objc_exception_throw + 276
0x4030958: movl -0x7e0(%ebp), %eax
0x403095e: cmpb $0x0, (%eax)
0x4030961: jne 0x4030985 ; objc_exception_throw + 204
0x4030963: movl %edi, (%esp)
0x4030966: calll 0x402ee20 ; object_getClassName
0x403096b: movl %eax, 0xc(%esp)
0x403096f: movl %edi, 0x8(%esp)
0x4030973: movl %esi, 0x4(%esp)
0x4030977: leal 0x141c2(%ebx), %eax
0x403097d: movl %eax, (%esp)
0x4030980: calll 0x40304ad ; _objc_inform
0x4030985: leal -0x7dc(%ebp), %eax
0x403098b: movl %eax, (%esp)
0x403098e: movl $0x1f4, 0x4(%esp)
0x4030996: calll 0x404375e ; symbol stub for: backtrace
0x403099b: movl %eax, -0x7e0(%ebp)
0x40309a1: movl 0x1a37b6(%ebx), %eax
0x40309a7: movl (%eax), %eax
0x40309a9: movl %eax, (%esp)
0x40309ac: calll 0x40437a0 ; symbol stub for: fileno
0x40309b1: movl %eax, 0x8(%esp)
0x40309b5: movl -0x7e0(%ebp), %eax
0x40309bb: movl %eax, 0x4(%esp)
0x40309bf: leal -0x7dc(%ebp), %eax
0x40309c5: movl %eax, (%esp)
0x40309c8: calll 0x404376a ; symbol stub for: backtrace_symbols_fd
0x40309cd: movl %ebx, -0x7e0(%ebp)
0x40309d3: movl %esi, %ebx
0x40309d5: addl $0x4, %esi
0x40309d8: movl %edi, (%esp)
0x40309db: nop
0x40309dc: nopl (%eax)
0x40309e0: movl -0x7e0(%ebp), %eax
0x40309e6: leal 0x132(%eax), %eax
0x40309ec: movl %eax, 0x8(%esp)
0x40309f0: movl %esi, 0x4(%esp)
0x40309f4: movl %ebx, (%esp)
0x40309f7: calll 0x40436bc ; symbol stub for: __cxa_throw
I have also tried:
po 0x43fe068 - which shows me <null>
And
po [(id)(0x43fe068) class] -which shows me NSNull
This makes sense but does not tell me where this really happens.
It is hard, according to what you posted, say what exactly is wrong except the obvious facts. The good start point might be adding a category on NSNull implementing length method and set there a break point and see when it gets called (probably you will need to import that category in a .pch file)