Re: What is overwriting 'isa' with 0xbaddc0dedeadbead ?
Re: What is overwriting 'isa' with 0xbaddc0dedeadbead ?
- Subject: Re: What is overwriting 'isa' with 0xbaddc0dedeadbead ?
- From: Jens Alfke <email@hidden>
- Date: Sat, 23 May 2015 10:54:30 -0700
> On May 23, 2015, at 9:20 AM, Greg Parker <email@hidden> wrote:
>
> free() does that sometimes. If zombies doesn't find anything then try guard malloc.
Good suggestion! I’d forgotten about guard malloc. This changes the crash; now the parameter to objc_release points to unmapped memory, implying that the object has been dealloced:
(lldb) p/x $rdi
(unsigned long) $2 = 0x000061000d5a3fd0
(lldb) x $rdi
error: memory read failed for 0x61000d5a3e00
Still no clue what object this is/was, though. And it seems weird that it got freed instead of turned into a zombie, since I still have zombies enabled too.
I’m not at all good at reading IA64 assembly, but so far my suspicion is that this object is a temporary NSString being created from a Swift String in order to pass to -[NSObject addObserver:…] as the keyPath parameter. But since this NSString never appears in the source code at all, I don’t see how I could be messing up its refcount.
The method and its disassembly can be found here in case anyone feels like reading them:
https://gist.github.com/snej/f6c0e1ba9230b3591a9f <https://gist.github.com/snej/f6c0e1ba9230b3591a9f>
(I tried to get a backtrace, but Xcode crashed when I entered the “bt” command…)
—Jens
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden