SSLRecordWriteInternal crash when writing in HTTPS socket (NSOutputStream)

App & System Services Networking
nPerf OP
Created Nov ’21
Replies 1
Boosts 0
Views 683
Participants 2

Hello,

In our app, we used NSStream for several years but most of them were used to open HTTP sockets. Since we started using it for HTTPS sockets we have regularly a few (but not insignificant) crashes linked apparently to SSL writing: It happens when the NSStreamDelegate receive a "NSStreamEventHasSpaceAvailable" event in the method "(void)stream:(NSStream *)stream handleEvent:(NSStreamEvent)streamEvent". When this event is received, we do a "[outputStream write:data maxLength:size];" then it crashes

Here are the information found in one of the crash logs:

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x000000015488bd98
Exception Codes: 0x0000000000000001, 0x000000015488bd98
VM Region Info: 0x15488bd98 is not in any region.  Bytes after previous region: 1621401  Bytes before following region: 6767208
      REGION TYPE                 START - END      [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      MALLOC_TINY              154600000-154700000 [ 1024K] rw-/rwx SM=PRV  
--->  GAP OF 0x800000 BYTES
      MALLOC_LARGE             154f00000-154f84000 [  528K] rw-/rwx SM=PRV  
Exception Note:  EXC_CORPSE_NOTIFY
Terminating Process: exc handler [430]
Triggered by Thread:  17

Thread 17 Crashed:
0   libsystem_platform.dylib      	0x00000001f12d5ae0 _platform_memmove + 144
1   libcoretls.dylib              	0x00000001f020841c tls_record_encrypt + 580 (tls_record.c:320)
2   Security                      	0x00000001894d1e98 SSLRecordWriteInternal + 112 (SSLRecordInternal.c:230)
3   Security                      	0x00000001894d2d68 SSLWrite + 236 (sslRecord.c:87)
4   CFNetwork                     	0x00000001810345c0 SocketStream::write(__CFWriteStream*, unsigned char const*, long, CFStreamError*) + 804 (SocketStream.cpp:7824)
5   CoreFoundation                	0x00000001806cc254 CFWriteStreamWrite + 452 (CFStream.c:1242)

Thread 17 crashed with ARM Thread State (64-bit):
    x0: 0x0000000150849225   x1: 0x000000015488bd98   x2: 0x0000000000001000   x3: 0x0000000150849240
    x4: 0x0000000004042b73   x5: 0x00000000000000e0   x6: 0x00000000000000eb   x7: 0x00000002807a6a40
    x8: 0x000000000000000d   x9: 0x000000016c7fd4d7  x10: 0x0000000000000000  x11: 0x0000000000000000
   x12: 0x0000000000000000  x13: 0x00000000ffff8015  x14: 0x0000000000000211  x15: 0x000000000000a81e
   x16: 0x00000001f12d5a50  x17: 0x00000002063d9398  x18: 0x0000000000000000  x19: 0x0000000000001018
   x20: 0x0000000150849225  x21: 0x0000000000000002  x22: 0x0000000000001000  x23: 0x0000000152111d90
   x24: 0x0000000000000001  x25: 0x000000000000101d  x26: 0x0000000000001000  x27: 0x000000000000101d
   x28: 0x0000000000000010   fp: 0x000000016c7fd540   lr: 0x00000001f020841c
    sp: 0x000000016c7fd480   pc: 0x00000001f12d5ae0 cpsr: 0x80001000
   esr: 0x92000007 (Data Abort) byte read Translation fault

Any idea of what should be the problem and how we can avoid these crashes ?

Many thanks in advance.

Replies  1
Boosts  0
Views  683
Participants  2
Systems Engineer OP
Apple
Nov ’21

Yeah, that is not good because it looks like memory was attempting to be accessed at a bad location (EXC_BAD_ACCESS ala _platform_memmove) which can be symptomatic of memory corruption.

Regarding:

Any idea of what should be the problem and how we can avoid these crashes ?

Since the Secure Transport APIs are deprecated, then my first recommendation would be to use Network Framework with the Security Option APIs for TCP with TLS.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
SSLRecordWriteInternal crash when writing in HTTPS socket (NSOutputStream)
First post date Last post date
 
 
Q