Search code examples
ios5crash-reportsmemsetplcrashreporterllvm-3.0

memset 'CortexA8' issue under iOS5


Since iOS5 hit the streets I have begun I have been receiving many (so many) crash reports like:

...
Exception Type:  SIGSEGV
Exception Codes: SEGV_ACCERR at 0x0
Crashed Thread:  0

Thread 0 Crashed:
0   libsystem_c.dylib  0x35ec4b3c memset$VARIANT$CortexA8 + 116
1   FooApp             0x0005ba25 -[FooViewController prepareShapes] (FooViewController.m:808)
...

Relevant details:

  • XCode 4.2
  • LLVM 3.0
  • 'armv6 armv7' architectures
  • iOS 5 base SDK
  • targeting iOS 4.0
  • crashes under iOS5 only (all iOS5 iPhone models. No iPad crashes but app isn't universal)
  • Can't reproduce the crash on any of my devices (of course)

Now [FooViewController prepareShapes] doesn't call memset directly, instead passes a struct (representing a shape) to a class method that attempts to realloc it. The fact that the stack trace skips over the class method is a bit weird but no doubt it's yet more compiler magic I don't understand. Within the class method, the block that invokes memset is as follows:

// class method invoked by [FooViewController prepareShapes]:808 (shape is coloured2DShape instance) 
shape->maxVertexCount = maxVertexes;
if (shape->maxVertexBytes != 0)
{
    free(shape->vertices);
}
shape->maxVertexBytes = sizeof(vertex_2D_4byteColour) * shape->maxVertexCount;
shape->vertices = (vertex_2D_4byteColour *)malloc(shape->maxVertexBytes);
memset(shape->vertices, 0, shape->maxVertexBytes);

And here's the struct being manipulated

// coloured2DShape struct
typedef struct coloured2DShape
{
    vertex_2D_4byteColour* vertices;
    GLushort* indices;
    uint maxVertexBytes;
    uint maxIndexBytes;
    int vertexCount;
    int indexCount;
    int maxVertexCount;
    int maxIndexCount;
} coloured2DShape;

I recognise that this isn't anywhere close to the recommended way to do OpenGL, however the thing that really bamboozles me (and I am well and truly bamboozled here) is that memset is only blowing up under iOS5 (I'm using QuincyKit to collect crash reports and HockeyApp to aggregate them). This exact code had been cruising along under iOS4 (compiled with GCC) for months.

I hope this isn't interpreted as a 'do my homework' thing. I have spent months researching, tweaking (I've released several updates addressing this issue) and hair-pulling with no progress. I'm all out of ideas.


Solution

  • I'd think that memset is working fine, but the call to malloc failed for some reason, returning 0.