Fix SDK crash in encodeObject

[philipphofmann]

Description

The SDK sometimes crashes with. See also internal SDK crashes for reference. This is our most frequent SDK crash in our latest stable release 8.36.0.

Exception Type: EXC_CRASH (SIGABRT)

Thread 0 Crashed:
0   libsystem_kernel.dylib          0x1e5e2c558         __pthread_kill
1   libsystem_pthread.dylib         0x206ab2114         pthread_kill
2   libsystem_c.dylib               0x1ae636174         abort
3   libsystem_malloc.dylib          0x1b55740e0         malloc_vreport
4   libsystem_malloc.dylib          0x1b5574388         malloc_zone_error
5   libsystem_malloc.dylib          0x1b5573cec         _tiny_check_and_zero_inline_meta_from_freelist
6   libsystem_malloc.dylib          0x1b55592a8         tiny_malloc_from_free_list
7   libsystem_malloc.dylib          0x1b5559894         tiny_malloc_should_clear
8   libsystem_malloc.dylib          0x1b555ca58         szone_malloc_should_clear
9   libsystem_malloc.dylib          0x1b556c6f8         nanov2_allocate_outlined
10  Foundation                      0x1a141367c         -[NSConcreteMutableData initWithLength:]
11  Foundation                      0x1a14134e4         -[NSString(NSStringOtherEncodings) dataUsingEncoding:allowLossyConversion:]
12  Sentry.framework                0x101d37738         encodeObject (Sentry.framework:326)
13  Sentry.framework                0x101d37c54         encodeObject (Sentry.framework:384)
14  Sentry.framework                0x101d37608         +[SentryCrashJSONCodec encode:options:error:] (Sentry.framework:427)
15  Sentry.framework                0x101d497dc         -[SentryCrashScopeObserver toJSONEncodedCString:] (Sentry.framework:149)
16  Sentry.framework                0x101d49718         -[SentryCrashScopeObserver syncScope:serialize:syncToSentryCrash:] (Sentry.framework:136)
17  Sentry.framework                0x101d49670         -[SentryCrashScopeObserver syncScope:syncToSentryCrash:] (Sentry.framework:110)
18  Sentry.framework                0x101d8686c         -[SentryScope setExtraValue:forKey:] (Sentry.framework:258)
19  Sentry.framework                0x101d63340         -[SentryHub configureScope:] (Sentry.framework:555)
20  Sentry.framework                0x101d8af90         +[SentrySDK configureScope:] (Sentry.framework:406)

The culprit is here

sentry-cocoa/Sources/SentryCrash/Recording/Tools/SentryCrashJSONCodecObjC.m

Lines 318 to 332 in eae2b59

	static int
	encodeObject(
	SentryCrashJSONCodec *codec, id object, NSString *name, SentryCrashJSONEncodeContext *context)
	{
	int result;
	const char *cName = [name UTF8String];
	if ([object isKindOfClass:[NSString class]]) {
	NSData *data = [object dataUsingEncoding:NSUTF8StringEncoding];
	result = sentrycrashjson_addStringElement(context, cName, data.bytes, (int)data.length);
	if (result == SentryCrashJSON_ERROR_INVALID_CHARACTER) {
	codec.error = sentryErrorWithDomain(
	@"SentryCrashJSONCodecObjC", 0, @"Invalid character in %@", object);
	}
	return result;
	}

Looking at the stacktrace, it seems like we can't allocate enough memory to encode the NSString to NSData. As this code is called from the scope observer, this could happen if some of our users try to put a very large string to the scope. We could fix this by truncating long strings in the scope.

I also noticed that we could use dataUsingEncoding with setting allowLossyConversion:YES so the conversation looses some data such as ‘Á’ becomes ‘A’ instead of throwing the whole string away, but that isn't related to the crash.

[philipphofmann]

We now also this in 8.38.0-beta.1 in our internal SDK crashes.

[brustolin]

I was looking at the errors, and they change between two places:

here

sentry-cocoa/Sources/SentryCrash/Recording/Tools/SentryCrashJSONCodecObjC.m

Line 325 in eae2b59

NSData *data = [object dataUsingEncoding:NSUTF8StringEncoding];

and here

sentry-cocoa/Sources/SentryCrash/Recording/Tools/SentryCrashJSONCodecObjC.m

Line 366 in eae2b59

NSArray *keys = [dict allKeys];

Two places that need to allocate more memory. I don’t think the size of the information is the issue; I believe the device is already running out of memory.

I’ve attempted to send large content, such as a 10MB text as scope tag value, which we don’t even support sending. However, there’s no way to break the encoding as long as there’s available memory.

I tried to stress test scope serialization with all kinds of crazy things and nothing.

I don’t think we should preemptively truncate strings to an arbitrary length when we don’t have any buffer restrictions.

[philipphofmann]

A user reported a similar occurrence in #4612

Thread 32 Crashed:
0   libsystem_kernel.dylib               0x00007ff8141d0196 0x7ff8141c8000 + 33174
1   libsystem_pthread.dylib              0x00007ff814207ee6 0x7ff814202000 + 24294
2   libsystem_c.dylib                    0x00007ff81412eb45 0x7ff8140af000 + 523077
3   libsystem_malloc.dylib               0x00007ff814045752 0x7ff814037000 + 59218
4   libsystem_malloc.dylib               0x00007ff81405aa08 0x7ff814037000 + 145928
5   libsystem_malloc.dylib               0x00007ff81405307c 0x7ff814037000 + 114812
6   libsystem_malloc.dylib               0x00007ff81405237f 0x7ff814037000 + 111487
7   libsystem_malloc.dylib               0x00007ff814038168 0x7ff814037000 + 4456
8   Sentry                               0x0000000105b308d4 -[SentryCrashJSONCodec initWithEncodeOptions:decodeOptions:] (SentryCrashJSONCodecObjC.m:127)
9   Sentry                               0x0000000105b3083e +[SentryCrashJSONCodec codecWithEncodeOptions:decodeOptions:] (SentryCrashJSONCodecObjC.m:118)
10  Sentry                               0x0000000105b31136 +[SentryCrashJSONCodec encode:options:error:] (SentryCrashJSONCodecObjC.m:424)
11  Sentry                               0x0000000105b452e3 -[SentryCrashScopeObserver toJSONEncodedCString:] (SentryCrashScopeObserver.m:149)
12  Sentry                               0x0000000105b450b1 -[SentryCrashScopeObserver addSerializedBreadcrumb:] (SentryCrashScopeObserver.m:90)
13  Sentry                               0x0000000105b879f3 -[SentryScope addBreadcrumb:] (SentryScope.m:138)
14  Sentry                               0x0000000105b5fe57 -[SentryHub addBreadcrumb:] (SentryHub.m:513)
15  Sentry                               0x0000000105b8cae4 +[SentrySDK addBreadcrumb:] (SentrySDK.m:398)
16  Sentry                               0x0000000105b1cc15 -[SentryBreadcrumbTracker connectivityChanged:typeDescription:] (SentryBreadcrumbTracker.m:153)
17  Sentry                               0x0000000105b83882 SentryConnectivityCallback (SentryReachability.m:121)
18  SystemConfiguration                  0x00007ff814e07c28 0x7ff814dff000 + 35880
19  Network                              0x00007ff81afa981d 0x7ff81a7ab000 + 8382493
20  libdispatch.dylib                    0x00007ff814065d91 0x7ff814064000 + 7569
21  libdispatch.dylib                    0x00007ff814067033 0x7ff814064000 + 12339
22  libdispatch.dylib                    0x00007ff81406d200 0x7ff814064000 + 37376
23  libdispatch.dylib                    0x00007ff81406dd39 0x7ff814064000 + 40249
24  libdispatch.dylib                    0x00007ff8140783fc 0x7ff814064000 + 82940
25  libsystem_pthread.dylib              0x00007ff814204c55 0x7ff814202000 + 11349
26  libsystem_pthread.dylib              0x00007ff814203bbf 0x7ff814202000 + 7103