I am getting a weird crash when I access my RLMResults count,
this crash occurs sometimes and sometimes don't mostly I have seen when there is 0 result in RLMResult it crashes.
I have also seen the similar issue on GitHub but somehow it is closed without resolving
https://github.com/realm/realm-cocoa/issues/4960
MY CODE
-(BOOL)checkIfSyncRequired{
NSPredicate *predicate=[NSPredicate predicateWithFormat:#"self.appLocalEditTimeStamp > self.lastSyncServerTimestamp"];
RLMResults *results = [HKCrashObject objectsWithPredicate:predicate];
if (results.count) {//crash occurs on calls.count
//do something with results but it crashes before only
return true;
}else{
return false;
}
}
HKCrashObject CLASS
#interface HKCrashObject : RLMObject
#property (nonatomic, strong) NSString * customId;
#property (nonatomic, assign) long lastSyncServerTimestamp;
#property (nonatomic, assign) long appLocalEditTimeStamp;
#property (nonatomic, strong) NSString * otherProperties;
#end
STACK TRACE
(lldb) bt
Realm was compiled with optimization - stepping may behave oddly; variables may not be available.
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
frame #0: 0x000000010ec69f9c Realm`bool realm::Array::compare_leafs_4<realm::Greater, (realm::Action)0, 32ul, bool (*)(long long), 32ul>(realm::Array const*, unsigned long, unsigned long, unsigned long, realm::QueryState<long long>*, bool (*)(long long)) const + 172
frame #1: 0x000000010ec688c8 Realm`bool realm::Array::compare_leafs<realm::Greater, (realm::Action)0, 32ul, bool (*)(long long)>(realm::Array const*, unsigned long, unsigned long, unsigned long, realm::QueryState<long long>*, bool (*)(long long)) const + 504
frame #2: 0x000000010ec68210 Realm`bool realm::Array::compare_leafs<realm::Greater, (realm::Action)0, bool (*)(long long)>(realm::Array const*, unsigned long, unsigned long, unsigned long, realm::QueryState<long long>*, bool (*)(long long)) const + 736
frame #3: 0x000000010ec67b90 Realm`realm::TwoColumnsNode<realm::Column<long long>, realm::Greater>::find_first_local(unsigned long, unsigned long) + 384
frame #4: 0x000000010ecbff93 Realm`realm::ParentNode::aggregate_local(realm::QueryStateBase*, unsigned long, unsigned long, unsigned long, realm::SequentialGetterBase*) + 83
frame #5: 0x000000010ec48a2a Realm`realm::Query::aggregate_internal(realm::Action, realm::DataType, bool, realm::ParentNode*, realm::QueryStateBase*, unsigned long, unsigned long, realm::SequentialGetterBase*) const + 314
frame #6: 0x000000010ec4eb00 Realm`realm::Query::count(unsigned long, unsigned long, unsigned long) const + 480
frame #7: 0x000000010e9c5b2f Realm`realm::Results::size(this=<unavailable>) at results.cpp:136 [opt]
* frame #8: 0x000000010ea5b3b0 Realm`::-[RLMResults count]() [inlined] -[RLMResults count]::$_1::operator()() const at RLMResults.mm:137 [opt]
frame #9: 0x000000010ea5b3a2 Realm`::-[RLMResults count]() [inlined] auto translateRLMResultsErrors<-[RLMResults count]::$_1>(aggregateMethod=<unavailable>) at RLMResults_Private.hpp:57 [opt]
frame #10: 0x000000010ea5b3a2 Realm`::-[RLMResults count](self=<unavailable>, _cmd=<unavailable>) at RLMResults.mm:137 [opt]
frame #11: 0x000000010c31842f Jobi`-[myCallsViewController checkIfSyncRequired](self=0x00007fd2b174b990, _cmd="checkIfSyncRequired") at myCallsViewController.m:415
frame #12: 0x000000010c313939 Jobi`-[myCallsViewController viewWillAppear:](self=0x00007fd2b174b990, _cmd="viewWillAppear:", animated=YES) at myCallsViewController.m:85
frame #13: 0x000000010f61cdc0 UIKit`-[UIViewController _setViewAppearState:isAnimating:] + 442
frame #14: 0x000000010f61d62f UIKit`-[UIViewController __viewWillAppear:] + 131
frame #15: 0x000000010f67b9c0 UIKit`-[UITabBarController viewWillAppear:] + 291
frame #16: 0x000000010f61cdc0 UIKit`-[UIViewController _setViewAppearState:isAnimating:] + 442
frame #17: 0x000000010f61d62f UIKit`-[UIViewController __viewWillAppear:] + 131
frame #18: 0x000000010f648d5c UIKit`-[UINavigationController _startCustomTransition:] + 1183
frame #19: 0x000000010f65f5e2 UIKit`-[UINavigationController _startDeferredTransitionIfNeeded:] + 714
frame #20: 0x000000010f6608cc UIKit`-[UINavigationController __viewWillLayoutSubviews] + 150
frame #21: 0x000000010f8b8bd7 UIKit`-[UILayoutContainerView layoutSubviews] + 231
frame #22: 0x000000012c9d761c UIKit`-[UILayoutContainerViewAccessibility layoutSubviews] + 42
frame #23: 0x000000010f542808 UIKit`-[UIView(CALayerDelegate) layoutSublayersOfLayer:] + 1515
frame #24: 0x000000010e7ec61a QuartzCore`-[CALayer layoutSublayers] + 177
frame #25: 0x000000010e7f082b QuartzCore`CA::Layer::layout_if_needed(CA::Transaction*) + 395
frame #26: 0x000000010e77729f QuartzCore`CA::Context::commit_transaction(CA::Transaction*) + 343
frame #27: 0x000000010e7a4940 QuartzCore`CA::Transaction::commit() + 568
frame #28: 0x000000010e7a56be QuartzCore`CA::Transaction::observer_callback(__CFRunLoopObserver*, unsigned long, void*) + 76
frame #29: 0x00000001126fa607 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 23
frame #30: 0x00000001126fa55e CoreFoundation`__CFRunLoopDoObservers + 430
frame #31: 0x00000001126deb81 CoreFoundation`__CFRunLoopRun + 1537
frame #32: 0x00000001126de30b CoreFoundation`CFRunLoopRunSpecific + 635
frame #33: 0x00000001154fda73 GraphicsServices`GSEventRunModal + 62
frame #34: 0x000000010f4730b7 UIKit`UIApplicationMain + 159
frame #35: 0x000000010c2df85f Jobi`main(argc=1, argv=0x00007ffee3a450d8) at main.m:14
frame #36: 0x000000011399f955 libdyld.dylib`start + 1
frame #37: 0x000000011399f955 libdyld.dylib`start + 1
Related
When I use WebTRTC Video, I got the delegate method, And I got the RTCICEGatheringState == RTCICEGatheringComplete, then Crashed. Please help me.
peerConnection:(RTCPeerConnection *)peerConnection iceGatheringChanged:(RTCICEGatheringState)newState
* thread #28, name = 'Thread 0x0x10a706e70', stop reason = breakpoint 2.1
frame #0: 0x00000001864085a4 libsystem_malloc.dylib`malloc_error_break
frame #1: 0x00000001864081bc libsystem_malloc.dylib`nano_common_error + 240
* frame #2: 0x00000001863fc890 libsystem_malloc.dylib`nanov2_allocate_from_block$VARIANT$mp + 548
frame #3: 0x00000001863fbc1c libsystem_malloc.dylib`nanov2_allocate$VARIANT$mp + 176
frame #4: 0x00000001863fbb1c libsystem_malloc.dylib`nanov2_malloc$VARIANT$mp + 60
frame #5: 0x00000001863f7828 libsystem_malloc.dylib`malloc_zone_malloc + 156
frame #6: 0x00000001863f8c0c libsystem_malloc.dylib`malloc + 32
frame #7: 0x0000000103366954 qim_appstore`bn_wexpand + 84
frame #8: 0x000000010336f0d4 qim_appstore`BN_lshift + 84
frame #9: 0x0000000103367ee4 qim_appstore`BN_div + 384
frame #10: 0x0000000103368320 qim_appstore`BN_nnmod + 52
frame #11: 0x00000001033684ac qim_appstore`BN_mod_mul + 132
frame #12: 0x00000001033857e8 qim_appstore`ec_GFp_simple_is_on_curve + 260
frame #13: 0x000000010337ad8c qim_appstore`EC_POINT_set_affine_coordinates_GFp + 112
frame #14: 0x000000010337a778 qim_appstore`EC_GROUP_new_by_curve_name + 664
frame #15: 0x000000010337bd44 qim_appstore`EC_KEY_new_by_curve_name + 40
frame #16: 0x000000010338b240 qim_appstore`eckey_type2param + 92
frame #17: 0x000000010338aa70 qim_appstore`eckey_pub_decode + 92
frame #18: 0x00000001033a6d1c qim_appstore`X509_PUBKEY_get + 148
frame #19: 0x00000001033b5ff4 qim_appstore`ssl3_get_server_certificate + 468
frame #20: 0x00000001033b2114 qim_appstore`dtls1_connect + 1160
frame #21: 0x000000010351d8f0 qim_appstore`rtc::OpenSSLStreamAdapter::ContinueSSL() + 164
frame #22: 0x000000010351d59c qim_appstore`rtc::OpenSSLStreamAdapter::OnEvent(rtc::StreamInterface*, int, int) + 572
frame #23: 0x0000000103526860 qim_appstore`sigslot::signal3<rtc::StreamInterface*, int, int, sigslot::single_threaded>::operator()(rtc::StreamInterface*, int, int) + 96
frame #24: 0x000000010353a928 qim_appstore`cricket::StreamInterfaceChannel::OnPacketReceived(char const*, unsigned long) + 60
frame #25: 0x000000010353d108 qim_appstore`cricket::DtlsTransportChannelWrapper::HandleDtlsPacket(char const*, unsigned long) + 84
frame #26: 0x000000010353af3c qim_appstore`cricket::DtlsTransportChannelWrapper::OnReadPacket(cricket::TransportChannel*, char const*, unsigned long, rtc::PacketTime const&, int) + 88
frame #27: 0x000000010353d084 qim_appstore`sigslot::signal5<cricket::TransportChannel*, char const*, unsigned long, rtc::PacketTime const&, int, sigslot::single_threaded>::operator()(cricket::TransportChannel*, char const*, unsigned long, rtc::PacketTime const&, int) + 116
frame #28: 0x0000000103541264 qim_appstore`cricket::P2PTransportChannel::OnReadPacket(cricket::Connection*, char const*, unsigned long, rtc::PacketTime const&) + 84
frame #29: 0x000000010354ce90 qim_appstore`sigslot::signal4<cricket::Connection*, char const*, unsigned long, rtc::PacketTime const&, sigslot::single_threaded>::operator()(cricket::Connection*, char const*, unsigned long, rtc::PacketTime const&) + 108
frame #30: 0x000000010354ca54 qim_appstore`cricket::Connection::OnReadPacket(char const*, unsigned long, rtc::PacketTime const&) + 216
frame #31: 0x00000001035784a4 qim_appstore`cricket::UDPPort::HandleIncomingPacket(rtc::AsyncPacketSocket*, char const*, unsigned long, rtc::SocketAddress const&, rtc::PacketTime const&) + 12
frame #32: 0x000000010350b0dc qim_appstore`sigslot::signal5<rtc::AsyncPacketSocket*, char const*, unsigned long, rtc::SocketAddress const&, rtc::PacketTime const&, sigslot::single_threaded>::operator()(rtc::AsyncPacketSocket*, char const*, unsigned long, rtc::SocketAddress const&, rtc::PacketTime const&) + 116
frame #33: 0x000000010350b608 qim_appstore`rtc::AsyncUDPSocket::OnReadEvent(rtc::AsyncSocket*) + 112
frame #34: 0x0000000103523090 qim_appstore`sigslot::signal1<rtc::AsyncSocket*, sigslot::multi_threaded_local>::ope
rator()(rtc::AsyncSocket*) + 76
frame #35: 0x00000001035202b0 qim_appstore`rtc::SocketDispatcher:
:OnEvent(unsigned int, int) + 120
frame #36: 0x0000000103520a9c qim_appstore`rtc::PhysicalSocketServer::Wait(int, bool) + 852
frame #37: 0x0000000103513804 qim_appstore`rtc::MessageQueue::Get(rtc::Message*, int, bool) + 816
frame #38: 0x0000000103527d70 qim_appstore`rtc::Thread::ProcessMessages(int) + 108
frame #39: 0x0000000103527bfc qim_appstore`rtc::Thread::PreRun(void*) + 112
frame #40: 0x000000018643b1e4 libsystem_pthread.dylib`_pthread_body + 128
frame #41: 0x000000018643b164 libsystem_pthread.dylib`_pthread_start + 40
frame #42: 0x000000018643a070 libsystem_pthread.dylib`thread_start + 4
I am getting a rather peculiar issue of EXC_BAD_ACCESS. In an inventory based app, when creating a receipt..the app works fine if the vehicle already exists in the database and crashes when a receipt with new vehicle is being viewed.
I tried to run the app with NSZombieEnabled but nothing gets logged onto the console when the app crashes except lldb.
So the question is that if NSZombieEnabled does not work, how do I determine what is causing the crash in an app.
I am running Xcode 5 (latest version) for development.
Edit On running bt in command prompt..here's the backtrace I get
(lldb) bt
* thread #1: tid = 0x16915d, 0x006e427f OpenGLES`+[EAGLContext setCurrentContext:] + 80, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xc)
frame #0: 0x006e427f OpenGLES`+[EAGLContext setCurrentContext:] + 80
frame #1: 0x0c725f2a CoreImage`CIEAGLContextTexImageIOSurface + 389
frame #2: 0x0c70b6a8 CoreImage`CI::GLESTextureManager::attach_IOSurface(__IOSurface*, bool, int, unsigned int, int, int, int, bool) + 950
frame #3: 0x0c70f6ab CoreImage`CI::GLESContext::bind_surface(__IOSurface*, int, bool, bool, bool) + 261
frame #4: 0x0c70ec6a CoreImage`CI::GLESContext::bind_textures(CI::SerialObjectPtrArray*, CI::Kernel*) + 336
frame #5: 0x0c70e7a7 CoreImage`CI::GLESContext::render_apply_node(CI::Node const*, bool) + 151
frame #6: 0x0c70e5bb CoreImage`CI::GLESContext::recursive_render(CI::Node const*, bool) + 697
frame #7: 0x0c70e498 CoreImage`CI::GLESContext::recursive_render(CI::Node const*, bool) + 406
frame #8: 0x0c70e36b CoreImage`CI::GLESContext::recursive_render(CI::Node const*, bool) + 105
frame #9: 0x0c70e498 CoreImage`CI::GLESContext::recursive_render(CI::Node const*, bool) + 406
frame #10: 0x0c70e36b CoreImage`CI::GLESContext::recursive_render(CI::Node const*, bool) + 105
frame #11: 0x0c70f068 CoreImage`CI::GLESContext::render(CI::Node*) + 176
frame #12: 0x0c71bfa9 CoreImage`CI::image_get_cgimage(CI::Context*, CI::Image*, CGRect, CGColorSpace*, CI::PixelFormat) + 2069
frame #13: 0x0c6f41c3 CoreImage`-[CIContext createCGImage:fromRect:format:colorSpace:] + 671
frame #14: 0x0c6f3eb6 CoreImage`-[CIContext createCGImage:fromRect:] + 99
frame #15: 0x0c55a82f CoreUI`-[CUITextEffectStack drawProcessedMask:atBounds:inContext:withScale:] + 909
frame #16: 0x0c55b8dd CoreUI`-[CUITextEffectStack drawGlyphs:inContext:usingFont:atPositions:count:lineHeight:inBounds:atScale:] + 540
frame #17: 0x0c565460 CoreUI`-[CUICatalog drawGlyphs:atPositions:inContext:withFont:count:stylePresetName:styleConfiguration:foregroundColor:] + 1770
frame #18: 0x0c3e0c05 UIFoundation`-[NSLineFragmentRenderingContext drawAtPoint:inContext:] + 3657
frame #19: 0x0c41721a UIFoundation`__NSStringDrawingEngine + 18606
frame #20: 0x0c41a10b UIFoundation`-[NSAttributedString(NSExtendedStringDrawing) drawWithRect:options:context:] + 622
frame #21: 0x01bd6891 UIKit`-[UILabel _drawTextInRect:baselineCalculationOnly:] + 6626
frame #22: 0x01bd4574 UIKit`-[UILabel drawTextInRect:] + 581
frame #23: 0x01bd6996 UIKit`-[UILabel drawRect:] + 98
frame #24: 0x01a4b95c UIKit`-[UIView(CALayerDelegate) drawLayer:inContext:] + 519
frame #25: 0x00a7fd61 QuartzCore`-[CALayer drawInContext:] + 118
frame #26: 0x00a7fc97 QuartzCore`backing_callback(CGContext*, void*) + 96
frame #27: 0x009644fe QuartzCore`CABackingStoreUpdate_ + 2788
frame #28: 0x00a7fc2f QuartzCore`___ZN2CA5Layer8display_Ev_block_invoke + 93
frame #29: 0x00ab5416 QuartzCore`x_blame_allocations + 15
frame #30: 0x00a7fa95 QuartzCore`CA::Layer::display_() + 1591
frame #31: 0x00a7fce6 QuartzCore`-[CALayer _display] + 33
frame #32: 0x00a7f456 QuartzCore`CA::Layer::display() + 142
frame #33: 0x00a7fcc0 QuartzCore`-[CALayer display] + 33
frame #34: 0x00a73ef6 QuartzCore`CA::Layer::display_if_needed(CA::Transaction*) + 322
frame #35: 0x00a73f7c QuartzCore`CA::Layer::layout_and_display_if_needed(CA::Transaction*) + 38
frame #36: 0x009d23c6 QuartzCore`CA::Context::commit_transaction(CA::Transaction*) + 284
frame #37: 0x009d378c QuartzCore`CA::Transaction::commit() + 392
frame #38: 0x009d3e58 QuartzCore`CA::Transaction::observer_callback(__CFRunLoopObserver*, unsigned long, void*) + 92
frame #39: 0x032df9de CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 30
frame #40: 0x032df920 CoreFoundation`__CFRunLoopDoObservers + 400
frame #41: 0x032d535a CoreFoundation`__CFRunLoopRun + 1226
frame #42: 0x032d4bcb CoreFoundation`CFRunLoopRunSpecific + 443
frame #43: 0x032d49fb CoreFoundation`CFRunLoopRunInMode + 123
frame #44: 0x0622124f GraphicsServices`GSEventRunModal + 192
frame #45: 0x0622108c GraphicsServices`GSEventRun + 104
frame #46: 0x019c08b6 UIKit`UIApplicationMain + 1526
* frame #47: 0x0028951d Racks`main(argc=1, argv=0xbff245a8) + 141 at main.m:16
frame #48: 0x03dbdac9 libdyld.dylib`start + 1
I am writing ios app which receives frames from ip camera and show them with UIImage and timer. But from time to time I encounter a incomprehensible exception.
Here is a stack
thread #1: tid = 0x72198, 0x0553a240 vImage`vConvert_RGB888toBGRA8888 + 1760, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xe429000)
frame #0: 0x0553a240 vImage`vConvert_RGB888toBGRA8888 + 1760
frame #1: 0x05523280 vImage`vImageConvert_RGB888toBGRA8888 + 96
frame #2: 0x01f2f1aa CoreGraphics`CGSConvertBGR888toRGBA8888 + 165
frame #3: 0x01f5a83e CoreGraphics`argb32_image + 4830
frame #4: 0x0ae007ad libRIP.A.dylib`ripl_Mark + 38
frame #5: 0x0ae101e1 libRIP.A.dylib`RIPLayerBltImage + 1187
frame #6: 0x0adfcc59 libRIP.A.dylib`ripc_RenderImage + 258
frame #7: 0x0adfb0cb libRIP.A.dylib`ripc_DrawImage + 1051
frame #8: 0x01fe4865 CoreGraphics`CGContextDrawImage + 435
frame #9: 0x01657498 QuartzCore`CA::Render::(anonymous namespace)::create_image_by_rendering(CGImage*, CGColorSpace*, unsigned int) + 708
frame #10: 0x01656f31 QuartzCore`CA::Render::create_image(CGImage*, CGColorSpace*, unsigned int) + 2261
frame #11: 0x0165784d QuartzCore`CA::Render::copy_image(CGImage*, CGColorSpace*, unsigned int, double) + 430
frame #12: 0x01738d10 QuartzCore`-[CALayer(CALayerPrivate) _copyRenderLayer:layerFlags:commitFlags:] + 557
frame #13: 0x0173a031 QuartzCore`CA::Layer::copy_render_layer(CA::Transaction*, unsigned int, unsigned int*) + 57
frame #14: 0x0168fc9d QuartzCore`CA::Context::commit_layer(CA::Layer*, unsigned int, unsigned int, void*) + 119
frame #15: 0x0172a727 QuartzCore`CA::Layer::commit_if_needed(CA::Transaction*, void (*)(CA::Layer*, unsigned int, unsigned int, void*), void*) + 317
frame #16: 0x0172a6a7 QuartzCore`CA::Layer::commit_if_needed(CA::Transaction*, void (*)(CA::Layer*, unsigned int, unsigned int, void*), void*) + 189
frame #17: 0x0172a6a7 QuartzCore`CA::Layer::commit_if_needed(CA::Transaction*, void (*)(CA::Layer*, unsigned int, unsigned int, void*), void*) + 189
frame #18: 0x01690dd6 QuartzCore`CA::Context::commit_transaction(CA::Transaction*) + 1794
frame #19: 0x01691b85 QuartzCore`CA::Transaction::commit() + 393
frame #20: 0x0174f5b0 QuartzCore`+[CATransaction flush] + 52
frame #21: 0x021909b6 UIKit`_UIWindowUpdateVisibleContextOrder + 232
frame #22: 0x02190825 UIKit`+[UIWindow _prepareWindowsPassingTestForAppResume:] + 28
frame #23: 0x02190a0f UIKit`+[UIWindow _prepareWindowsForAppResume] + 41
frame #24: 0x02164972 UIKit`-[UIApplication _handleApplicationResumeEvent:] + 80
frame #25: 0x0216593f UIKit`-[UIApplication handleEvent:withNewEvent:] + 1898
frame #26: 0x02166555 UIKit`-[UIApplication sendEvent:] + 85
frame #27: 0x02153250 UIKit`_UIApplicationHandleEvent + 683
frame #28: 0x04c6bf02 GraphicsServices`_PurpleEventCallback + 776
frame #29: 0x04c6ba0d GraphicsServices`PurpleEventCallback + 46
frame #30: 0x0368eca5 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE1_PERFORM_FUNCTION__ + 53
frame #31: 0x0368e9db CoreFoundation`__CFRunLoopDoSource1 + 523
frame #32: 0x036b968c CoreFoundation`__CFRunLoopRun + 2156
frame #33: 0x036b89d3 CoreFoundation`CFRunLoopRunSpecific + 467
frame #34: 0x036b87eb CoreFoundation`CFRunLoopRunInMode + 123
frame #35: 0x04c6a5ee GraphicsServices`GSEventRunModal + 192
frame #36: 0x04c6a42b GraphicsServices`GSEventRun + 104
frame #37: 0x02152f9b UIKit`UIApplicationMain + 1225
frame #38: 0x00009344 thin_client_v2`main(argc=1, argv=0xbfffee4c) + 164 at main.m:17
But I think It is not really helpful so how can I understand which line of my code raises exception?
I added All Exceptions breakpoint and this tricks but it did not help me.
Thanks
PS
So I added zombie objects to my project. As I understand it will help me to get more correct stack trace.
About creating image. Here is my code
- (UIImage *)imageFromAVPicture:(AVPicture)pict width:(int)width height:(int)height
{
CGBitmapInfo bitmapInfo = kCGBitmapByteOrderDefault;
CFDataRef data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, pict.data[0], pict.linesize[0]*height,kCFAllocatorNull);
CGDataProviderRef provider = CGDataProviderCreateWithCFData(data);
CGColorSpaceRef colorSpace = CGColorSpaceCreateDeviceRGB();
CGImageRef cgImage = CGImageCreate(width,
height,
8,
24,
pict.linesize[0],
colorSpace,
bitmapInfo,
provider,
NULL,
NO,
kCGRenderingIntentDefault);
CGColorSpaceRelease(colorSpace);
UIImage *image = [UIImage imageWithCGImage:cgImage];
CGImageRelease(cgImage);
CGDataProviderRelease(provider);
CFRelease(data);
return image;
}
But I think that if the problem was in this method it would have crashed all the time, right? But exception happens really rare.
It means your app is crashing because it touched unmapped memory.
This commonly can happen if you create a CGImageRef using a CGDataProviderRef which was initialized with no copy, and then release the pixels before the CGImageRef dies. This leaves a CGImageRef pointing to garbage, which will crash if you try to draw it. If you are pretty sure that you aren't doing that and you can come up with a reproducible sample case, then I recommend filing a bug with Apple: http://bugreporter.apple.com
I have an application with several UIWebViews inside UITableViewCells that are rendering some locally loaded HTML, with some additional Javascript libraries applied (such as Prettify.js).
There is, at most, one UIWebView inside of a UITableViewCell. Things work well overall, except that, when I have many UIWebViews loading, and I rotate the device back and forth, I am getting repeatable crashes from WebCore::RenderBlock.
Some wacky ideas I have tried (and failed):
Disable rotation while the UIWebViews are loading
Use dispatch_semaphor_t to prevent the rotation from happening.
This ends up blocking the main thread, a strategy which fails
because UITableView updates have to occur on the
main thread, resulting in a deadlock.
Use an NSOperationQueue to delay the tableView updates a bit if a rotation occur.
I am beginning to run out of ideas, and am looking for new approaches on how to attack this issue. Has anyone encountered this sort of issue before?
My current conclusion is that this occurs because of some thread synchronization problem between UIWebView -> WebCore and the UIKit rotation/rendering thread.
thread #1: tid = 0x2355ad, 0x0077c976 libgmalloc.dylib`breakIfDebugging + 158, queue = 'com.apple.main-thread, stop reason = EXC_BREAKPOINT (code=EXC_I386_BPT, subcode=0x0)
frame #0: 0x0077c976 libgmalloc.dylib`breakIfDebugging + 158
frame #1: 0x0077cbcf libgmalloc.dylib`GMmalloc_zone_malloc_internal + 182
frame #2: 0x0077bcfe libgmalloc.dylib`GMmalloc_zone_malloc + 161
frame #3: 0x0077bb7f libgmalloc.dylib`GMmalloc_zone_calloc + 180
frame #4: 0x0077b7a4 libgmalloc.dylib`GMcalloc + 58
frame #5: 0x0d82f3cd libCGFreetype.A.dylib`(anonymous namespace)::allocate(FT_MemoryRec_*, long) + 25
frame #6: 0x0d8311f5 libCGFreetype.A.dylib`ft_mem_alloc + 29
frame #7: 0x0d841991 libCGFreetype.A.dylib`T1_Face_Init + 611
frame #8: 0x0d832565 libCGFreetype.A.dylib`open_face + 155
frame #9: 0x0d831fbe libCGFreetype.A.dylib`FT_Open_Face + 390
frame #10: 0x0d826ccc libCGFreetype.A.dylib`(anonymous namespace)::open_face(FT::stream*, long, __CFString const*) + 79
frame #11: 0x0d826e26 libCGFreetype.A.dylib`FT::font::create_fonts_with_path(__CFString const*) + 86
frame #12: 0x0d82f536 libCGFreetype.A.dylib`(anonymous namespace)::create_private_data_with_path(__CFString const*) + 34
frame #13: 0x009dffa8 CoreGraphics`CGFontCreateFontsWithPath + 44
frame #14: 0x0090132e CoreGraphics`add_fonts_at_path_locked + 42
frame #15: 0x0090229f CoreGraphics`fault_all_locked + 212
frame #16: 0x00901e3f CoreGraphics`apply_function_locked + 42
frame #17: 0x00901de3 CoreGraphics`CGFontDBApplyFunction + 77
frame #18: 0x009e00a0 CoreGraphics`CGFontApplyFunction + 88
frame #19: 0x00b8f87b CoreText`TDescriptorSource::CreateAllDescriptorsCache(void*) + 73
frame #20: 0x032d84b0 libdispatch.dylib`_dispatch_client_callout + 14
frame #21: 0x032c7e17 libdispatch.dylib`dispatch_once_f + 182
frame #22: 0x00b8fb59 CoreText`TDescriptorSource::CopyCachedAllDescriptors() + 171
frame #23: 0x00b8fb78 CoreText`TDescriptorSource::CopyAllDescriptorsInternal(bool, CFComparisonResult (*)(void const*, void const*, void*)) const + 26
frame #24: 0x00b8fcdf CoreText`TDescriptorSource::CopyAllDescriptors() const + 79
frame #25: 0x00b9153e CoreText`TDescriptorSource::CopyDescriptorsForRequest(__CFDictionary const*, __CFSet const*, CFComparisonResult (*)(void const*, void const*, void*), void*, unsigned long) const + 3040
frame #26: 0x00b9070f CoreText`TDescriptorSource::CopySystemWideFallbackDescriptor(CGFont*, unsigned short const*, long, UIFontFlag) const + 797
frame #27: 0x00b91f16 CoreText`TDescriptorSource::CopySystemWideFallbackDescriptor(CGFont*, __CFString const*, CFRange, UIFontFlag) const + 210
frame #28: 0x00b7e8b6 CoreText`TFontCascade::CreateSystemWideFallback(__CTFont const*, __CFString const*, CFRange) const + 132
frame #29: 0x00b7e35c CoreText`TFontCascade::CreateFallback(__CTFont const*, __CFString const*, CTEmojiPolicy) const + 1446
frame #30: 0x00b53d0b CoreText`TGlyphEncoder::AppendUnmappedCharRun(TCFRef<CTRun*>&, __CTFont const*, CFRange, CFRange, TGlyphList<TDeletedGlyphIndex>&, TGlyphList<TDeletedGlyphIndex>&, TFontCascade const&, TGlyphEncoder::ClusterMatching) + 453
frame #31: 0x00b538b7 CoreText`TGlyphEncoder::RunUnicodeEncoderRecursively(TCFRef<CTRun*>&&, __CTFont const*, CFRange, TGlyphList<TDeletedGlyphIndex>&, TGlyphList<TDeletedGlyphIndex>&, TFontCascade const*, TGlyphEncoder::ClusterMatching, bool) + 1443
frame #32: 0x00b5326e CoreText`TGlyphEncoder::RunUnicodeEncoder(TCFRef<CTRun*>&&, __CTFont const*, CFRange, TGlyphList<TDeletedGlyphIndex>&, TFontCascade const*) + 166
frame #33: 0x00b52c89 CoreText`TGlyphEncoder::EncodeChars(CFRange, TAttributes const&, TGlyphList<TDeletedGlyphIndex>&, TGlyphEncoder::Fallbacks) + 1257
frame #34: 0x00b67a65 CoreText`TTypesetterUniChar::Initialize() + 355
frame #35: 0x00b678c6 CoreText`TTypesetterUniChar::TTypesetterUniChar(unsigned short const* (*)(long, long*, __CFDictionary const**, void*), void (*)(unsigned short const*, void*), void*) + 178
frame #36: 0x00b576ac CoreText`CTLineCreateWithUniCharProvider + 80
frame #37: 0x07f79c4a WebCore`WebCore::ComplexTextController::collectComplexTextRunsForCharacters(unsigned short const*, unsigned int, unsigned int, WebCore::SimpleFontData const*) + 1674
frame #38: 0x07f7503c WebCore`WebCore::ComplexTextController::collectComplexTextRuns() + 620
frame #39: 0x07f749f8 WebCore`WebCore::ComplexTextController::ComplexTextController(WebCore::Font const*, WebCore::TextRun const&, bool, WTF::HashSet<WebCore::SimpleFontData const*, WTF::PtrHash<WebCore::SimpleFontData const*>, WTF::HashTraits<WebCore::SimpleFontData const*> >*, bool) + 696
frame #40: 0x07f78ab8 WebCore`WebCore::TextLayout::TextLayout(WebCore::RenderText*, WebCore::Font const&, float) + 152
frame #41: 0x07f7457a WebCore`WebCore::Font::createLayout(WebCore::RenderText*, float, bool) const + 170
frame #42: 0x089baaa7 WebCore`WebCore::RenderBlock::LineBreaker::nextSegmentBreak(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, WebCore::RenderBlock::RenderTextInfo&, WebCore::RenderBlock::FloatingObject*, unsigned int, WTF::Vector<WebCore::WordMeasurement, 64ul, WTF::CrashOnOverflow>&) + 6855
frame #43: 0x089b42f7 WebCore`WebCore::RenderBlock::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int) + 583
frame #44: 0x089b3438 WebCore`WebCore::RenderBlock::layoutRunsAndFloats(WebCore::LineLayoutState&, bool) + 1336
frame #45: 0x089b6dbf WebCore`WebCore::RenderBlock::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 2543
frame #46: 0x089901de WebCore`WebCore::RenderBlock::layoutBlock(bool, WebCore::LayoutUnit) + 1614
frame #47: 0x0898f541 WebCore`WebCore::RenderBlock::layout() + 81
frame #48: 0x08997837 WebCore`WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 711
frame #49: 0x08991b7b WebCore`WebCore::RenderBlock::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 587
frame #50: 0x089901f9 WebCore`WebCore::RenderBlock::layoutBlock(bool, WebCore::LayoutUnit) + 1641
frame #51: 0x0898f541 WebCore`WebCore::RenderBlock::layout() + 81
frame #52: 0x08997837 WebCore`WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 711
frame #53: 0x08991b7b WebCore`WebCore::RenderBlock::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 587
frame #54: 0x089901f9 WebCore`WebCore::RenderBlock::layoutBlock(bool, WebCore::LayoutUnit) + 1641
frame #55: 0x0898f541 WebCore`WebCore::RenderBlock::layout() + 81
frame #56: 0x08997837 WebCore`WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 711
frame #57: 0x08991b7b WebCore`WebCore::RenderBlock::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 587
frame #58: 0x089901f9 WebCore`WebCore::RenderBlock::layoutBlock(bool, WebCore::LayoutUnit) + 1641
frame #59: 0x0898f541 WebCore`WebCore::RenderBlock::layout() + 81
frame #60: 0x08af387e WebCore`WebCore::RenderView::layout() + 1374
frame #61: 0x08253531 WebCore`WebCore::FrameView::layout(bool) + 1713
frame #62: 0x080b0a64 WebCore`WebCore::Document::updateLayout() + 228
frame #63: 0x080b40fa WebCore`WebCore::Document::updateLayoutIgnorePendingStylesheets() + 298
frame #64: 0x0819a310 WebCore`WebCore::Element::offsetHeight() + 32
frame #65: 0x085a9534 WebCore`WebCore::jsElementOffsetHeight(JSC::ExecState*, JSC::JSValue, JSC::PropertyName) + 20
frame #66: 0x0a6ccb47 JavaScriptCore`JSC::JSValue::get(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) const + 727
frame #67: 0x0a8eb309 JavaScriptCore`llint_slow_path_get_by_id + 233
I have some code to animate a UIView: zoom it down while animating it along a path.
It crashes with the error below (reproducible: always):
CoreGraphics`CG::Path::apply(void*, void (*)(void*, CGPathElementType, CGPoint const*)) const:
0x1055c06: pushl %ebp
0x1055c07: movl %esp, %ebp
0x1055c09: subl $24, %esp
0x1055c0c: movl 8(%ebp), %eax
0x1055c0f: movl (%eax), %ecx
0x1055c11: movl (%ecx), %eax
0x1055c13: movl 16(%ebp), %edx
0x1055c16: movl %edx, 8(%esp)
0x1055c1a: movl 12(%ebp), %edx
0x1055c1d: movl %edx, 4(%esp)
0x1055c21: movl %ecx, (%esp)
0x1055c24: calll *64(%eax)
0x1055c27: addl $24, %esp
0x1055c2a: popl %ebp
0x1055c2b: ret
I think it comes from the method below (pathAnimationWithStartPoint:), as if I don't add the CAKeyframeAnimation returned by it, i.e., just:
[group setAnimations:#[ zoomAnimation ]];
instead of
[group setAnimations:#[ zoomAnimation, pathAnimation ]];
it runs without crashing.
- (CAKeyframeAnimation *) pathAnimationWithStartPoint:(CGPoint) startPoint {
CGPoint endPoint = self.showApplicationTourButton.center;
CGFloat xDistanceBetweenStartAndEndPoints = abs(startPoint.x - endPoint.x);
CGFloat yOfHighestPointOfCurvePath = endPoint.y - 250;
CGPoint controlPoint1 = CGPointMake(startPoint.x + 1.0f / 3.0f * xDistanceBetweenStartAndEndPoints, yOfHighestPointOfCurvePath);
CGPoint controlPoint2 = CGPointMake(startPoint.x + 2.0f / 3.0f * xDistanceBetweenStartAndEndPoints, yOfHighestPointOfCurvePath);
CGMutablePathRef curvedPath = CGPathCreateMutable();
CGPathMoveToPoint(curvedPath, NULL, startPoint.x, startPoint.y);
CGPathAddCurveToPoint(curvedPath, NULL, controlPoint1.x, controlPoint1.y, controlPoint2.x, controlPoint2.y, endPoint.x, endPoint.y);
CAKeyframeAnimation *pathAnimation = [CAKeyframeAnimation animationWithKeyPath:#"position"];
pathAnimation.path = curvedPath;
CGPathRelease(curvedPath);
pathAnimation.calculationMode = kCAAnimationPaced;
pathAnimation.fillMode = kCAFillModeForwards;
pathAnimation.removedOnCompletion = NO;
return pathAnimation;
}
Backtrace:
* thread #1: tid = 0x1a03, 0x01055c11 CoreGraphics`CG::Path::apply(void*, void (*)(void*, CGPathElementType, CGPoint const*)) const + 11, stop reason = EXC_BAD_ACCESS (code=2, address=0x0)
frame #0: 0x01055c11 CoreGraphics`CG::Path::apply(void*, void (*)(void*, CGPathElementType, CGPoint const*)) const + 11
frame #1: 0x00f5d090 CoreGraphics`CGPathApply + 64
frame #2: 0x01838c68 QuartzCore`CA::Render::Path::new_path(CGPath const*, bool) + 158
frame #3: 0x018c3493 QuartzCore`-[CAKeyframeAnimation _setCARenderAnimation:layer:] + 176
frame #4: 0x018c3b2c QuartzCore`-[CAKeyframeAnimation _copyRenderAnimationForLayer:] + 68
frame #5: 0x018c6f12 QuartzCore`-[CAAnimationGroup _copyRenderAnimationForLayer:] + 241
frame #6: 0x018df547 QuartzCore`CA::Layer::commit_animations(CA::Transaction*, double (*)(CA::Layer*, double, void*), void (*)(CA::Layer*, CA::Render::Animation*, void*), void (*)(CA::Layer*, void**, void*), void*) + 641
frame #7: 0x01855520 QuartzCore`CA::Context::commit_layer(CA::Layer*, unsigned int, unsigned int, void*) + 94
frame #8: 0x018d87fa QuartzCore`CA::Layer::commit_if_needed(CA::Transaction*, void (*)(CA::Layer*, unsigned int, unsigned int, void*), void*) + 330
frame #9: 0x018d877e QuartzCore`CA::Layer::commit_if_needed(CA::Transaction*, void (*)(CA::Layer*, unsigned int, unsigned int, void*), void*) + 206
frame #10: 0x01856667 QuartzCore`CA::Context::commit_transaction(CA::Transaction*) + 1775
frame #11: 0x01857227 QuartzCore`CA::Transaction::commit() + 395
frame #12: 0x018f9b17 QuartzCore`+[CATransaction commit] + 52
frame #13: 0x000399bf MyApp`-[HomeViewController catchTourScrollViewScreenshotViewAndAnimateItToButton](self=0x0b4e5210, _cmd=0x006f381a) + 1903 at HomeViewController.m:197
frame #14: 0x0391f663 libobjc.A.dylib`-[NSObject performSelector:] + 62
frame #15: 0x0003c383 MyApp`-[NSObject(self=0x0b4e5210, _cmd=0x006ef5ad, selector=0x006f381a) performSelectorIfRespondsToIt:] + 243 at NSObject+PerformSelectorIfRespondsToIt.m:22
frame #16: 0x00042506 MyApp`__44-[TourViewController closeTourWithAnimation]_block_invoke268(.block_descriptor=0x0b6985a0, finished='\x01') + 86 at TourViewController.m:419
frame #17: 0x01af0df6 UIKit`-[UIViewAnimationBlockDelegate _didEndBlockAnimation:finished:context:] + 223
frame #18: 0x01ae3d66 UIKit`-[UIViewAnimationState sendDelegateAnimationDidStop:finished:] + 237
frame #19: 0x01ae3f04 UIKit`-[UIViewAnimationState animationDidStop:finished:] + 68
frame #20: 0x12b6ff28 UIKit`-[UIViewAnimationStateAccessibility(SafeCategory) animationDidStop:finished:] + 66
frame #21: 0x018df7d8 QuartzCore`CA::Layer::run_animation_callbacks(void*) + 284
frame #22: 0x03a90014 libdispatch.dylib`_dispatch_client_callout + 14
frame #23: 0x03a807d5 libdispatch.dylib`_dispatch_main_queue_callback_4CF + 296
frame #24: 0x03f3eaf5 CoreFoundation`__CFRunLoopRun + 1925
frame #25: 0x03f3df44 CoreFoundation`CFRunLoopRunSpecific + 276
frame #26: 0x03f3de1b CoreFoundation`CFRunLoopRunInMode + 123
frame #27: 0x044c67e3 GraphicsServices`GSEventRunModal + 88
frame #28: 0x044c6668 GraphicsServices`GSEventRun + 104
frame #29: 0x01aa5ffc UIKit`UIApplicationMain + 1211
frame #30: 0x0000285d MyApp`main(argc=1, argv=0xbffff3f4) + 141 at main.m:16
frame #31: 0x00002785 MyApp`start + 53
* thread #1: tid = 0x1a03, 0x01055c11 CoreGraphics`CG::Path::apply(void*, void (*)(void*, CGPathElementType, CGPoint const*)) const + 11, stop reason = EXC_BAD_ACCESS (code=2, address=0x0)
frame #0: 0x01055c11 CoreGraphics`CG::Path::apply(void*, void (*)(void*, CGPathElementType, CGPoint const*)) const + 11
frame #1: 0x00f5d090 CoreGraphics`CGPathApply + 64
frame #2: 0x01838c68 QuartzCore`CA::Render::Path::new_path(CGPath const*, bool) + 158
frame #3: 0x018c3493 QuartzCore`-[CAKeyframeAnimation _setCARenderAnimation:layer:] + 176
frame #4: 0x018c3b2c QuartzCore`-[CAKeyframeAnimation _copyRenderAnimationForLayer:] + 68
frame #5: 0x018c6f12 QuartzCore`-[CAAnimationGroup _copyRenderAnimationForLayer:] + 241
frame #6: 0x018df547 QuartzCore`CA::Layer::commit_animations(CA::Transaction*, double (*)(CA::Layer*, double, void*), void (*)(CA::Layer*, CA::Render::Animation*, void*), void (*)(CA::Layer*, void**, void*), void*) + 641
frame #7: 0x01855520 QuartzCore`CA::Context::commit_layer(CA::Layer*, unsigned int, unsigned int, void*) + 94
frame #8: 0x018d87fa QuartzCore`CA::Layer::commit_if_needed(CA::Transaction*, void (*)(CA::Layer*, unsigned int, unsigned int, void*), void*) + 330
frame #9: 0x018d877e QuartzCore`CA::Layer::commit_if_needed(CA::Transaction*, void (*)(CA::Layer*, unsigned int, unsigned int, void*), void*) + 206
frame #10: 0x01856667 QuartzCore`CA::Context::commit_transaction(CA::Transaction*) + 1775
frame #11: 0x01857227 QuartzCore`CA::Transaction::commit() + 395
frame #12: 0x018f9b17 QuartzCore`+[CATransaction commit] + 52
frame #13: 0x000399bf MyApp`-[HomeViewController catchTourScrollViewScreenshotViewAndAnimateItToButton](self=0x0b4e5210, _cmd=0x006f381a) + 1903 at HomeViewController.m:197
frame #14: 0x0391f663 libobjc.A.dylib`-[NSObject performSelector:] + 62
frame #15: 0x0003c383 MyApp`-[NSObject(self=0x0b4e5210, _cmd=0x006ef5ad, selector=0x006f381a) performSelectorIfRespondsToIt:] + 243 at NSObject+PerformSelectorIfRespondsToIt.m:22
frame #16: 0x00042506 MyApp`__44-[TourViewController closeTourWithAnimation]_block_invoke268(.block_descriptor=0x0b6985a0, finished='\x01') + 86 at TourViewController.m:419
frame #17: 0x01af0df6 UIKit`-[UIViewAnimationBlockDelegate _didEndBlockAnimation:finished:context:] + 223
frame #18: 0x01ae3d66 UIKit`-[UIViewAnimationState sendDelegateAnimationDidStop:finished:] + 237
frame #19: 0x01ae3f04 UIKit`-[UIViewAnimationState animationDidStop:finished:] + 68
frame #20: 0x12b6ff28 UIKit`-[UIViewAnimationStateAccessibility(SafeCategory) animationDidStop:finished:] + 66
frame #21: 0x018df7d8 QuartzCore`CA::Layer::run_animation_callbacks(void*) + 284
frame #22: 0x03a90014 libdispatch.dylib`_dispatch_client_callout + 14
frame #23: 0x03a807d5 libdispatch.dylib`_dispatch_main_queue_callback_4CF + 296
frame #24: 0x03f3eaf5 CoreFoundation`__CFRunLoopRun + 1925
frame #25: 0x03f3df44 CoreFoundation`CFRunLoopRunSpecific + 276
frame #26: 0x03f3de1b CoreFoundation`CFRunLoopRunInMode + 123
frame #27: 0x044c67e3 GraphicsServices`GSEventRunModal + 88
frame #28: 0x044c6668 GraphicsServices`GSEventRun + 104
frame #29: 0x01aa5ffc UIKit`UIApplicationMain + 1211
frame #30: 0x0000285d MyApp`main(argc=1, argv=0xbffff3f4) + 141 at main.m:16
frame #31: 0x00002785 MyApp`start + 53
Turning on NSZombie does not give any more useful debug information.
The same code used to work before upgrading to Xcode 4.6.3 (4H1503). To be noted: in the simulator, the animation sometimes was paused and clicking on it would resume it. This weird artifact was a sign that something was wrong but I didn't know it yet.
Did I miss something?
If this is a known bug, is there any workaround?
Some research notes:
A similar question has been asked on SO, but the accepted answer just "fix" the problem by changing the path animation to a linear translation.
My problem seems also very similar to the blog post here: http://www.blogosfera.co.uk/2013/08/exc_bad_access-while-using-coreanimation/
This really isn't much of answer, but more of an attempt to give you a tool to find more clues. Hopefully, someone with more clue than I will chime in.
Turn on malloc stack logging.
Reproduce the crash.
Check the registers; if $r0 or $r1 look like heap allocations, then get the malloc history of said address(s).
If the last event on either is a FREE, then the data buffer (or object) is being freed prematurely. (see http://lldb.llvm.org/lldb-gdb.html for information on grabbing the malloc history).
Now, that may not actually help you that much even if it confirms that it is a premature deallocation. What it will tell you, if so, is that it is a race condition. Unfortunately, fixing it isn't really possible, but a workaround might be. If you can figure out what object you control that might have allocated the prematurely free()d buffer, then you ought to be able to hold a strong reference to said object until the animation is fully completed.
And file a bug, attaching your crashing binary, please.
Also, turn on malloc scribble. That'll ensure that deallocated memory is trashed immediately upon deallocation, which should make the crash happen as soon as it possibly can.