macOS 11 beta, Code Signature Invalid crash

Question

Created Aug ’20

Replies 4

Boosts 0

Views 1.1k

Participants 2

Hello all,

My app invokes a bash script via NSTask, which creates an invisible folder in the user's Home folder, and then creates a file in that invisible folder (i.e. ~/.dirname/filename).

Subsequently, I am attempting to read this file via POSIX functions, and the read() call provokes the following crash on the latest macOS 11 beta:

Code Block OS Version:            Mac OS X 10.16 (20A5354i)
Report Version:        12
System Integrity Protection: enabled
Crashed Thread:        0  Dispatch queue: com.apple.main-thread
Exception Type:        EXC_BAD_ACCESS (Code Signature Invalid)
Exception Codes:       0x0000000000000032, 0x00007fff6a0e098e
Exception Note:        EXC_CORPSE_NOTIFY
Termination Reason:    Namespace CODESIGNING, Code 0x2
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib        	0x00007fff6a0e098e read + 10

I have seen this on a few different Macs, but on others (with the same OS) it seems to work just fine without crashing. No problems under macOS 10.13-10.15. My app is hardened, codesigned and notarized.

I've checked the entitlements options and none seems appropriate to this. I should be able to read files within the non-protected areas of the user folder (i.e. not Documents, Downloads, Trash etc.), shouldn't I? Is this a macOS bug?

Any help that anyone can provide would be much appreciated!

Many thanks,
Ben

Boost

Answer 1

DTS Engineer OP

Apple

Aug ’20

Presumably that’s not the full crash report. Can you post the whole thing? If you use a text attachment, it won’t clog up the thread as a whole.

I should be able to read files within the non-protected areas of the
user folder … shouldn't I?

Yes.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 2

benbbb OP

Aug ’20

Many thanks for your quick reply Quinn!

Attached are two full crash reports from two different machines.

Thanks again,
Ben

Crash Log 1

Crash Log 2

0

Answer 3

DTS Engineer OP

Apple

Aug ’20

That’s an interesting crash you’ve got going on there. My interpretation of these crash reports is that something has invalidated the code signature of the page within the System framework (technically its libsystem_kernel component) that contains the read system call. When the CPU goes to read that, the system checks the page, discovers its invalid code signature, and crashes your app.

It’s hard to see how you could be triggering this. The page is within the dyld shared image, so you shouldn’t be able to modify it. Weird.

Anyway, this is definitely bugworthy. Make sure to include a sysdiagnose log taken shortly after encountering the problem.

Please post your bug number, just for the record.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 4

benbbb OP

Aug ’20

Well this is embarrassing, it turns out that this is my bug.

In putting everything together for the feedback report, I checked over this code again and I found an error. I'm reading an 8-byte value from the file which is an epoch time. Instead of doing:

Code Block int64_t val=0;
read(fd,&val,8);

I was doing:

Code Block int64_t val=0;
read(fd,&time,8);

I'm surprised this code didn't crash before, considering its stupidity!

Many thanks Quinn, you have been extremely helpful.

0