背景
多次app退到后台,然后调用获取系统相册,会出现crash情况。在一台iOS 16.6.1设备上大概率可以复现,其它设备并无发生此类情况.
崩溃日志
- 崩溃日志信息:
Thread 97 Queue: com.apple.privacyaccounting.PAAccessLogger (serial)
0 _dispatch_source_set_runloop_timer_4CF
1 - [PACoalescingIntervalTracker coalesce:]
2 _22-[PAAccessLogger log:]_block_invoke
3 _dispatch_block_async_invoke2
4 _dispatch_client_callout
5 _dispatch_lane_serial_drain
6 _dispatch_lane_invoke
7 _dispatch_workloop_worker_thread
8 _pthread_wgthread
Enqueued from com.apple.main-thread (Thread 1)
0 dispatch_async
1 -[PAAccessLogger log:]
2 -LPLPrivacy logPhotosAccessWithSelfAuditToken]
3 - [PHQuery executeQuery]
4_67+[PHAssetCollection fetchAssetCollectionsWithType:subtype:options:]_block.
5 +[PHObject authorizationAwareFetchResultWithOptions:fetchBlock:]
6 +[PHAssetCollection fetchAssetCollectionsWithType:subtype:options:]
7 -[TZImageManager getCameraRollAlbumWithFetchAssets:completion:]
8 - [TZImagePickerController pushPhotoPickerVc]
9 -[TZImagePickerController initWithMax|magesCount: columnNumber:delegate:pus...
10 -[CRMUpload|mageManager openPickerVCWithMaxCount:]
11 -[CRMUploadImageManager upload|mageWithSource:maxCount:quality: complete:]
12 __49-[AHBaseWebViewController (Bridge) registerBridge]_block_invoke_4.143
13_dispatch_call_block_and_release
14_dispatch_client_callout
15_dispatch_main_queue_drain
16_dispatch_main_queue_callback_4CF
原因
由于为了字典安全,自定义NSDictionary分类,hook了系统的setObject:forKeyedSubscript
方法,判断了obj为nil时直接return,去掉 !obj
这个判断即可
问题代码
// hook 方法
{
[class sr_swizzleMethod:@selector(setObject:forKeyedSubscript:)
withMethod:@selector(sr_setObject:forKeyedSubscript:)];
}
- (void)sr_setObject:(id)obj forKeyedSubscript:(id<NSCopying>)key {
// 问题代码
if (!key || !obj) {
return;
}
[self sr_setObject:obj forKeyedSubscript:key];
}
解决后代码
- (void)sr_setObject:(id)obj forKeyedSubscript:(id<NSCopying>)key {
// 移除此处 !obj 为空判断
if (!key) {
return;
}
[self sr_setObject:obj forKeyedSubscript:key];
}
问题总结
由于系统方法我们并不清楚其全部的原理实现,Hook之后可能会造成iOS系统API调用时出现未知错误,安全防crash固然重要,但也要经过大量实践,并清楚原理才不容易出现意想不到的问题。