我用Objective C编写的iPad应用程序崩溃于框架内编写的NSDictionary类别的方法上(我在框架中只有头文件)。我没有在任何地方调用该类别方法,但是以某种方式调用了它,并且由于无法识别的选择器发送到实例而崩溃。我想找到导致此的 call 的来源。有什么办法可以做到吗?
它仅在iOS14上崩溃,并且在以下版本的iOS上正常运行。任何帮助深表感谢。
更新了崩溃日志-NSDictionary(NSDictionary_SA_Additions)是我前面提到的框架内的类别。
2020-08-27 11:00:03.017073+0100 MyApp[5881:81328] *** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '-[NSConstantIntegerNumber characterAtIndex:]: unrecognized selector sent to instance 0x7fff86cc4850'
*** First throw call stack:
(
0 CoreFoundation 0x00007fff20439dee __exceptionPreprocess + 242
1 libobjc.A.dylib 0x00007fff20177f78 objc_exception_throw + 48
2 CoreFoundation 0x00007fff2044893f +[NSObject(NSObject) instanceMethodSignatureForSelector:] + 0
3 CoreFoundation 0x00007fff2043e32e ___forwarding___ + 1489
4 CoreFoundation 0x00007fff20440368 _CF_forwarding_prep_0 + 120
5 Foundation 0x00007fff207c2b1f -[NSDictionary(NSKeyValueCoding) valueForKey:] + 79
6 MyApp 0x0000000101b645fd -[NSDictionary(NSDictionary_SA_Additions) SA_md5Hash] + 397
7 MyApp 0x0000000101b64646 -[NSDictionary(NSDictionary_SA_Additions) SA_md5Hash] + 470
8 MyApp 0x0000000101b6445b -[NSDictionary(NSDictionary_SA_Additions) hash] + 43
9 libcache.dylib 0x00007fff53be7bc7 _entry_get_optionally_checking_collisions + 42
10 libcache.dylib 0x00007fff53be6097 cache_get + 128
11 CoreFoundation 0x00007fff20465132 -[NSCache objectForKey:] + 152
12 CoreText 0x00007fff21000ed2 _ZN15TPurgeableCache19RetainedValueForKeyEPKv + 54
13 CoreText 0x00007fff210b192e _ZN12TCGFontCache21CopyFontWithVariationEP6CGFontPK14__CFDictionary + 1694
14 CoreText 0x00007fff210813e4 _ZNK29TTenuousComponentInstanceFont16CopyGraphicsFontEv + 150
15 CoreText 0x00007fff20fdf98b _ZNK9TBaseFont26GetInitializedGraphicsFontEv + 63
16 CoreText 0x00007fff2106ca11 _ZNK9TBaseFont13GetParserFontEv + 9
17 CoreText 0x00007fff21054284 _ZNK10TcmapTable8MapRangeE7CFRangePt + 42
18 CoreText 0x00007fff21072c20 _ZNK9TBaseFont26GetGlyphsForCharacterRangeE7CFRangePt + 94
19 CoreText 0x00007fff2107eab8 _ZNK14TComponentFont26GetGlyphsForCharacterRangeE7CFRangePt + 278
20 CoreText 0x00007fff20fc884a _ZN15TASCIIDataCacheC2EPK5TFont + 78
21 CoreText 0x00007fff20fdd430 _ZNK5TFont18InitASCIIDataCacheEv + 34
22 CoreText 0x00007fff20fcf9d0 CTFontGetLatin1GlyphsAndAdvanceWidths + 51
23 UIFoundation 0x00007fff239e0268 -[NSCoreTypesetter _NSFastDrawString:length:attributes:paragraphStyle:typesetterBehavior:lineBreakMode:rect:padding:graphicsContext:baselineRendering:usesFontLeading:usesScreenFont:scrollable:syncAlignment:mirrored:boundingRectPointer:baselineOffsetPointer:drawingContext:] + 1821
24 UIFoundation 0x00007fff239e1b0b -[NSCoreTypesetter _stringDrawingCoreTextEngineWithOriginalString:rect:padding:graphicsContext:forceClipping:attributes:stringDrawingOptions:drawingContext:stringDrawingInterface:] + 1278
25 UIFoundation 0x00007fff239db738 __NSStringDrawingEngine + 2887
26 UIFoundation 0x00007fff239dabc7 -[NSString(NSExtendedStringDrawing) boundingRectWithSize:options:attributes:context:] + 187
27 UIKitCore 0x00007fff24ae3d10 -[UILabel _drawTextInRect:baselineCalculationOnly:] + 4020
28 UIKitCore 0x00007fff24ae0ff7 -[UILabel drawTextInRect:] + 1061
29 UIKitCore 0x00007fff24ae3e42 -[UILabel drawRect:] + 71
30 UIKitCore 0x00007fff24ba1c85 -[UIView(CALayerDelegate) drawLayer:inContext:] + 625
31 QuartzCore 0x00007fff27a7830d -[CALayer drawInContext:] + 288
32 QuartzCore 0x00007fff27935321 CABackingStoreUpdate_ + 190
33 QuartzCore 0x00007fff27a819b9 ___ZN2CA5Layer8display_Ev_block_invoke + 53
34 QuartzCore 0x00007fff27a77b4a -[CALayer _display] + 2111
35 QuartzCore 0x00007fff27a8b327 _ZN2CA5Layer28layout_and_display_if_neededEPNS_11TransactionE + 463
36 QuartzCore 0x00007fff279cb3d4 _ZN2CA7Context18commit_transactionEPNS_11TransactionEdPd + 496
37 QuartzCore 0x00007fff27a02163 _ZN2CA11Transaction6commitEv + 783
38 UIKitCore 0x00007fff246656a0 __34-[UIApplication _firstCommitBlock]_block_invoke_2 + 81
39 CoreFoundation 0x00007fff203a834b __CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__ + 12
40 CoreFoundation 0x00007fff203a775f __CFRunLoopDoBlocks + 434
41 CoreFoundation 0x00007fff203a217c __CFRunLoopRun + 899
42 CoreFoundation 0x00007fff203a190e CFRunLoopRunSpecific + 567
43 GraphicsServices 0x00007fff2ba85db3 GSEventRunModal + 139
44 UIKitCore 0x00007fff24647ffd -[UIApplication _run] + 912
45 UIKitCore 0x00007fff2464cf0e UIApplicationMain + 101
46 MyApp 0x000000010177f16e main + 78
47 libdyld.dylib 0x00007fff20257415 start + 1
)
libc++abi.dylib: terminating with uncaught exception of type NSException
*** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '-[NSConstantIntegerNumber characterAtIndex:]: unrecognized selector sent to instance 0x7fff86cc4850'
CoreSimulator 732.13 - Device: iPad Air (3rd generation) (C762993D-AFF7-412A-89AF-92DB600B2153) - Runtime: iOS 14.0 (18A5351d) - DeviceType: iPad Air (3rd generation)
terminating with uncaught exception of type NSException
最佳答案
有趣。基于此answer,看来CFDictionary / NSDictionary的真正哈希函数是最基本的(计算出的哈希值是字典中元素的数量)。如果有人想要使用NSDictionary作为键的字典,那将导致很多冲突。似乎合理的原因是使用NSDictionary_SA_Additions实现通过SA_md5Hash类别覆盖了股票哈希函数。
我认为下一步是研究NSDictionary(内部具有不同值)与以前的iOS版本的iOS14哈希函数。
我认为,如果检测到运行iOS14,只要麻烦的框架能够正常运行,可能的修复方法就是恢复NSDictionary的哈希函数。
更新:
您无法还原类别。但是您可以通过打扰来覆盖它。
#include <objc/message.h>
__attribute__((constructor))
static void premain() {
SEL hashSelector = @selector(hash);
Method method = class_getClassMethod([NSDictionary class], hashSelector);
const char * encoding = method_getTypeEncoding(method);
IMP newHashImplementation = imp_implementationWithBlock(^NSUInteger (NSDictionary* self, SEL __cmd){
return CFDictionaryGetCount((CFDictionaryRef)self);
});
class_replaceMethod([NSDictionary class], hashSelector, newHashImplementation, encoding);
}
"hash")冲突,我们无法在类别覆盖后获得正版原版。 __attribute__((constructor))保证在您的应用完成初始化类别之后,将其作为第一件事执行。另外,要从字面上还原类别,需要对框架进行二进制修改。特别是
__TEXT,__objc_methname 
您需要将
hash更改为其他名称,例如hasg。但这几乎肯定违反了框架的许可。
关于ios - 如何找到导致 objective-c 崩溃的函数调用的来源?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/63613233/