iOS 16.x - Keyboard and speech crash

Crash - 1:

Fatal Exception: NSRangeException

0 CoreFoundation 0x9e38 __exceptionPreprocess

1 libobjc.A.dylib 0x178d8 objc_exception_throw

2 CoreFoundation 0x1af078 -[__NSCFString characterAtIndex:].cold.1

3 CoreFoundation 0x1a44c -[CFPrefsPlistSource synchronize]

4 UIKitCore 0x1075f68 -[UIPredictionViewController predictionView:didSelectCandidate:]

5 TextInputUI 0x2461c -[TUIPredictionView _didRecognizeTapGesture:]

6 UIKitCore 0xbe180 -[UIGestureRecognizerTarget _sendActionWithGestureRecognizer:]

7 UIKitCore 0x42c050 _UIGestureRecognizerSendTargetActions

8 UIKitCore 0x1a5a18 _UIGestureRecognizerSendActions

9 UIKitCore 0x86274 -[UIGestureRecognizer _updateGestureForActiveEvents]

10 UIKitCore 0x132348 _UIGestureEnvironmentUpdate

11 UIKitCore 0x9ba418 -[UIGestureEnvironment _deliverEvent:toGestureRecognizers:usingBlock:]

12 UIKitCore 0xf6df4 -[UIGestureEnvironment _updateForEvent:window:]

13 UIKitCore 0xfb760 -[UIWindow sendEvent:]

14 UIKitCore 0xfaa20 -[UIApplication sendEvent:]

15 UIKitCore 0xfa0d8 __dispatchPreprocessedEventFromEventQueue

16 UIKitCore 0x141e00 __processEventQueue

17 UIKitCore 0x44a4f0 __eventFetcherSourceCallback

18 CoreFoundation 0xd5f24 CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION

19 CoreFoundation 0xe22fc __CFRunLoopDoSource0

20 CoreFoundation 0x661c0 __CFRunLoopDoSources0

21 CoreFoundation 0x7bb7c __CFRunLoopRun

22 CoreFoundation 0x80eb0 CFRunLoopRunSpecific

23 GraphicsServices 0x1368 GSEventRunModal

24 UIKitCore 0x3a1668 -[UIApplication _run]

25 UIKitCore 0x3a12cc UIApplicationMain

============================================================

Crash - 2:

Crashed: com.apple.root.background-qos

0 libobjc.A.dylib 0x1c20 objc_msgSend + 32

1 UIKitCore 0xb0e0d8 __37-[UIDictationConnection cancelSpeech]_block_invoke + 152

2 libdispatch.dylib 0x24b4 _dispatch_call_block_and_release + 32

3 libdispatch.dylib 0x3fdc _dispatch_client_callout + 20

4 libdispatch.dylib 0x15b8c _dispatch_root_queue_drain + 684

5 libdispatch.dylib 0x16284 _dispatch_worker_thread2 + 164

6 libsystem_pthread.dylib 0xdbc _pthread_wqthread + 228

7 libsystem_pthread.dylib 0xb98 start_wqthread + 8

============================================================

I encountered the two keyboard-related crashes in iOS 16.x, but I cannot reproduce them. Can anyone tell me what is going on and how to fix them? Please let me know.

May I ask if you solved this problem, how to deal with it?

Thanks for sharing, I am having the exact same issue.

In my case, it's coming from [UIKeyboardEmojiCollectionInputView collectionView:cellForItemAtIndexPath:]

Can't reproduce it either, only happens in iOS 16.x.

Reason: This crash was caused by multiple threads accessing the lastHypothesis function of the UIDictationController, causing a wild pointer problem

Solution:

Lock the setLastHypothesis and lastHypothesis functions of UIDictationController,


// hd_hookMethod is hook components similar to aspect

[NSClassFromString(@"UIDictationController") hd_hookMethod:NSSelectorFromString(@"setLastHypothesis:") option:HDHookOptionInstead handle:^(HDInvocation *invocation){
        
        [[invocation.target hdcore_lock] lock];
        [invocation invoke];
        [[invocation.target hdcore_lock] unlock];

    } error:nil];
    
    [NSClassFromString(@"UIDictationController") hd_hookMethod:NSSelectorFromString(@"lastHypothesis") option:HDHookOptionInstead handle:^NSString * (HDInvocation *invocation){
        [[invocation.target hdcore_lock] lock];

        __autoreleasing NSString *orgHypothesis;
        [invocation invokeWithReturnValue:&orgHypothesis];
        orgHypothesis = orgHypothesis.mutableCopy;

        [[invocation.target hdcore_lock] unlock];
        return orgHypothesis;
    } error:nil];

The solution comes from the HuolalaTech team, I just translated it into English

Reference material:

https://juejin.cn/post/7396463744186515465

iOS 16.x - Keyboard and speech crash
 
 
Q