site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com On Dec 1, 2005, at 4:57 PM, Julian Mayer wrote: 0 com.apple.CoreFoundation 0x901c0a14 CFRelease + 0x24 1 com.apple.framework.IOKit 0x939c0e24 IOIteratorNext + 0x14 more specifically the line that is crashing is: which seems very strange to me...i can see no obvious defect here... does anybody have any ideas when/why this crash could occur? _IOIteratorNext: +00 mfspr r0,lr +04 stw r0,0x8(r1) +08 stwu r1,0xffa0(r1) +0C addi r4,r1,0x40 +10 bl 0x905cd014 ; symbol stub for: _io_iterator_next +14 cmpwi cr7,r3,0x0 - its prebound, incorrectly. - its been stomped by a memory smasher. My bet, from having witnessed this happen before, is the first. -Ed _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... hello all i've received a very weird crash report that i'm unable to track down cause the code in question works everwhere else and similar code is also in apple's sample code. the crash is happening in: "for(object = IOIteratorNext(iter); object != 0; object = IOIteratorNext(iter)) // iterate through all "IOATABlockStorageDriver"s" If you look at the disassembled code for IOIteratorNext in IOKit.framework, you'll see there is no way this call sequence should happen. IOIteratorNext does not call CFRelease at + 0x10, it calls _io_iterator_next by way of a dyld_stub, which loads a function pointer and jumps to it. There are only two reasonable ways that dyld's function pointer could be wrong. This email sent to site_archiver@lists.apple.com