[Crash] OneSignalExtensionBadgeHandler appGroupName - EXC_BAD_ACCESS (SIGSEGV) KERN_PROTECTION_FAILURE

[susslik]

Description:
Hello! We are receiving crash reports at Crashlytics and Xcode organizer, which looks like crashes inside OneSignal iOS SDK.
Please, check the stack traces below for the details.
I've created the issue before #957, however after discussion with @emawby we came to conclusion that most probably there some issue with memory at app side. I was re-work app logic a bit, but the issue still exists. Do you have any ideas what it may be?

Environment
iOS 12.5, 14.3, 14.5, 14.6, 14.7, 15.0, 15.1;
CocoaPods;
OneSignal 3.8.1. However, we were facing with similar crashes using OneSignal 3.5.2 as well.

Steps to Reproduce Issue:
Unable to reproduce by myself, but have a lot of reports at Crashlytics and Xcode organizer

Anything else:
Stack trace from Xcode organizer:

Date/Time: 2021-10-31 15:17:08.1789 -0600
Launch Time: 2021-10-31 02:29:30.7346 -0600
OS Version: iPhone OS 14.6 (18F72)
Release Type: User
Baseband Version: 2.05.01
Report Version: 104

Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_PROTECTION_FAILURE at 0x000000016eec7fe0
VM Region Info: 0x16eec7fe0 is in 0x16eec4000-0x16eec8000; bytes after start: 16352 bytes before end: 31
REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL
mapped file 112608000-112748000 [ 1280K] r--/rw- SM=COW ...t_id=69faf23f
GAP OF 0x5c77c000 BYTES
---> STACK GUARD 16eec4000-16eec8000 [ 16K] ---/rwx SM=NUL ... for thread 0
Stack 16eec8000-16efc4000 [ 1008K] rw-/rwx SM=PRV thread 0

Termination Signal: Segmentation fault: 11
Termination Reason: Namespace SIGNAL, Code 0xb
Terminating Process: exc handler [10099]
Triggered by Thread: 0

Thread 0 name:
Thread 0 Crashed:
0 libsystem_malloc.dylib 0x00000001baea6d64 nanov2_allocate_from_block + 8 (nanov2_malloc.c:2129)
1 libsystem_malloc.dylib 0x00000001baea6024 nanov2_allocate + 128 (nanov2_malloc.c:2583)
2 libsystem_malloc.dylib 0x00000001baea5f40 nanov2_malloc + 64 (nanov2_malloc.c:1013)
3 libsystem_malloc.dylib 0x00000001baeaa9a0 _malloc_zone_malloc + 152 (malloc.c:1572)
4 CoreFoundation 0x00000001ab83b7e4 __CFStrAllocateMutableContents + 100 (CFString.c:503)
5 CoreFoundation 0x00000001ab83b070 __CFStringChangeSizeMultiple + 608 (CFString.c:1089)
6 CoreFoundation 0x00000001ab835874 __CFStringAppendBytes + 708 (CFString.c:1149)
7 CoreFoundation 0x00000001ab825160 __CFStringAppendFormatCore + 7524 (CFString.c:8388)
8 CoreFoundation 0x00000001ab827284 _CFStringCreateWithFormatAndArgumentsReturningMetadata + 164 (CFString.c:1958)
9 Foundation 0x00000001acae66a4 +[NSString stringWithFormat:] + 76 (NSString.m:233)
10 Zap 0x000000010142e224 +[OneSignalExtensionBadgeHandler appGroupName] + 172
11 Zap 0x0000000101429f5c -[OneSignalUserDefaults getSharedUserDefault] + 56
12 Zap 0x0000000101429ed8 +[OneSignalUserDefaults initShared] + 48
13 Zap 0x00000001013f7f10 -[OSRemoteParamController isPrivacyConsentRequired] + 32
14 Zap 0x00000001013de57c +[OneSignal requiresUserPrivacyConsent] + 56
15 Zap 0x00000001013de420 +[OneSignal shouldLogMissingPrivacyConsentErrorWithMethodName:] + 52
16 Zap 0x000000010140d444 -[OneSignalUNUserNotificationCenter onesignalUserNotificationCenter:didReceiveNotificationResponse:withCompletionHandler:] + 104
17 Zap 0x000000010140d58c -[OneSignalUNUserNotificationCenter onesignalUserNotificationCenter:didReceiveNotificationResponse:withCompletionHandler:] + 432

Stack trace from Crashlytics:
0 libsystem_malloc.dylib 0x16098 nanov2_allocate_from_block + 8
1 libsystem_malloc.dylib 0x15288 nanov2_malloc + 64
2 libsystem_malloc.dylib 0x5594 malloc_zone_malloc + 156
3 CoreFoundation 0x3f8cc __CFStrAllocateMutableContents + 100
4 CoreFoundation 0x2f5e0 __CFStringChangeSizeMultiple + 452
5 CoreFoundation 0x23fc8 __CFStringAppendBytes + 620
6 CoreFoundation 0x9750 __CFStringAppendFormatCore + 7628
7 CoreFoundation 0x29040 CFStringCreateWithFormatAndArgumentsReturningMetadata + 172
8 Foundation 0x19820 +[NSString stringWithFormat:] + 76
9 Zap 0x72e5d8 +[OneSignalExtensionBadgeHandler appGroupName] + 4343440856
10 Zap 0x72a310 -[OneSignalUserDefaults getSharedUserDefault] + 4343423760
11 Zap 0x72a28c +[OneSignalUserDefaults initShared] + 4343423628
12 Zap 0x6f82c4 -[OSRemoteParamController isPrivacyConsentRequired] + 4343218884
13 Zap 0x6de930 +[OneSignal requiresUserPrivacyConsent] + 4343114032
14 Zap 0x6de7d4 +[OneSignal shouldLogMissingPrivacyConsentErrorWithMethodName:] + 4343113684
15 Zap 0x70d7f8 -[OneSignalUNUserNotificationCenter onesignalUserNotificationCenter:didReceiveNotificationResponse:withCompletionHandler:] + 4343306232
16 Zap 0x70d940 -[OneSignalUNUserNotificationCenter onesignalUserNotificationCenter:didReceiveNotificationResponse:withCompletionHandler:] + 4343306560
17 Zap 0x70d940 -[OneSignalUNUserNotificationCenter onesignalUserNotificationCenter:didReceiveNotificationResponse:withCompletionHandler:] + 4343306560
18 Zap 0x70d940 -[OneSignalUNUserNotificationCenter onesignalUserNotificationCenter:didReceiveNotificationResponse:withCompletionHandler:] + 4343306560
19 Zap 0x70d940 -[OneSignalUNUserNotificationCenter onesignalUserNotificationCenter:didReceiveNotificationResponse:withCompletionHandler:] + 4343306560
20 Zap 0x70d940 -[OneSignalUNUserNotificationCenter onesignalUserNotificationCenter:didReceiveNotificationResponse:withCompletionHandler:] + 4343306560
21 Zap 0x70d940 -[OneSignalUNUserNotificationCenter onesignalUserNotificationCenter:didReceiveNotificationResponse:withCompletionHandler:] + 4343306560
22 Zap 0x70d940 -[OneSignalUNUserNotificationCenter onesignalUserNotificationCenter:didReceiveNotificationResponse:withCompletionHandler:] + 4343306560
23 Zap 0x70d940 -[OneSignalUNUserNotificationCenter onesignalUserNotificationCenter:didReceiveNotificationResponse:withCompletionHandler:] + 4343306560
24 Zap 0x70d940 -[OneSignalUNUserNotificationCenter onesignalUserNotificationCenter:didReceiveNotificationResponse:withCompletionHandler:] + 4343306560
25 Zap 0x70d940 -[OneSignalUNUserNotificationCenter onesignalUserNotificationCenter:didReceiveNotificationResponse:withCompletionHandler:] + 4343306560
26 Zap 0xe8d40 partial apply + 4336864576 (:4336864576)
27 Zap 0xe85b8 thunk for @escaping @callee_guaranteed (@unowned UNUserNotificationCenter, @unowned UNNotificationResponse, @unowned @escaping @callee_unowned @convention(block) () -> ()) -> () + 4336862648 (:4336862648)
28 Zap 0xe8350 NotificationService.process(response:from:with:) + 89 (NotificationService+Push.swift:89)
29 Zap 0xe80c8 NotificationService.userNotificationCenter(:didReceive:withCompletionHandler:) + 76 (NotificationService+Push.swift:76)
30 Zap 0xe8460 @objc NotificationService.userNotificationCenter(:didReceive:withCompletionHandler:) + 4336862304 (:4336862304)
31 UIKitCore 0x23f658 -[UIApplication _handleNonLaunchSpecificActions:forScene:withTransitionContext:completion:] + 4500
32 UIKitCore 0x1e0e4c -[UIScene _emitSceneSettingsUpdateResponseForCompletion:afterSceneUpdateWork:] + 496
33 UIKitCore 0x224494 -[UIScene scene:didUpdateWithDiff:transitionContext:completion:] + 288
34 UIKitCore 0x1adf84 -[UIApplicationSceneClientAgent scene:handleEvent:withCompletion:] + 492
35 FrontBoardServices 0xd110 -[FBSScene updater:didUpdateSettings:withDiff:transitionContext:completion:] + 528
36 FrontBoardServices 0x25d5c __94-[FBSWorkspaceScenesClient _queue_updateScene:withSettings:diff:transitionContext:completion:]_block_invoke_2 + 152
37 FrontBoardServices 0xa6c4 -[FBSWorkspace _calloutQueue_executeCalloutFromSource:withBlock:] + 240
38 FrontBoardServices 0x10b20 __94-[FBSWorkspaceScenesClient _queue_updateScene:withSettings:diff:transitionContext:completion:]_block_invoke + 396
39 libdispatch.dylib 0x3950 _dispatch_client_callout + 20
40 libdispatch.dylib 0x73e8 _dispatch_block_invoke_direct + 264
41 FrontBoardServices 0xbfa4 FBSSERIALQUEUE_IS_CALLING_OUT_TO_A_BLOCK + 48
42 FrontBoardServices 0xb3e4 -[FBSSerialQueue _targetQueue_performNextIfPossible] + 220
43 FrontBoardServices 0xf9f4 -[FBSSerialQueue _performNextFromRunLoopSource] + 28
44 CoreFoundation 0xbb030 CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION + 28
45 CoreFoundation 0xcbcf0 __CFRunLoopDoSource0 + 208
46 CoreFoundation 0x5ff8 __CFRunLoopDoSources0 + 268
47 CoreFoundation 0xb804 __CFRunLoopRun + 820
48 CoreFoundation 0x1f3c8 CFRunLoopRunSpecific + 600
49 GraphicsServices 0x138c GSEventRunModal + 164
50 UIKitCore 0x51b060 -[UIApplication _run] + 1100
51 UIKitCore 0x298b8c UIApplicationMain + 2124
52 Zap 0x91f0 main + 22 (AppDelegate.swift:22)
53 ??? 0x105b01a24 (Missing)

Sources of functions at 30->27:

typealias EmptyCallback = (() -> Void)

func userNotificationCenter(_ center: UNUserNotificationCenter, didReceive response: UNNotificationResponse,
withCompletionHandler completionHandler: @escaping EmptyCallback) {
process(response: response, from: center, with: completionHandler)
}

private func process(response: UNNotificationResponse, from center: UNUserNotificationCenter,
with completion: @escaping EmptyCallback) {
// Checking notification type/payload, etc.
completion()
}

[emawby]

@susslik I am sorry to hear that you are still experiencing this. Are you able to reproduce the crash if you launch the app (cold start) from tapping a notification?

[susslik]

Hi @emawby, just tried all scenarios I can imagine:
Debug mode (launched app from Xcode) - tapping notification while app foreground, background, locked screen (unlock by request after notification tapped) - works fine;
Closed the app (but phone connected via cable to laptop) - cold start, cold start with locked screen (unlock by request after notification tapped) - works fine;
Disconnected phone from the laptop - cold start, cold start with locked screen (unlock by request after notification tapped) - works fine;
Restart iPhone -> unlock -> cold start from push - works fine;
Restart iPhone -> Push (cold start) -> Unlock - works fine.

I was using iPhone 6s (iOS 15.1.0), but unable to reproduce the crash. However I see crashes on similar devices at Crashlytics

[susslik]

Hey @emawby - after a recent update the crash is gone. Closing the issue.