Crash when trying to release NULL

Question

Crash when trying to release NULL

CraigSiemens opened this issue 4 years ago · 1 comments

We've got another crash coming from TrustKit

It looks like it's related to these lines.
https://github.com/datatheorem/TrustKit/blob/master/TrustKit/Pinning/ssl_pin_verifier.m#L66-L68

SecCertificateCopySubjectSummary can return NULL but nothing is checking for it before calling release.

Exception Type: EXC_BREAKPOINT (SIGTRAP)
Crashed Thread: 5

Application Specific Information:
*** CFRelease() called with NULL *** > boolValue > containsObject: > hashSubjectPublicKeyInfoFromCertificate: > objectForKeyedSubscript: > timeIntervalSinceReferenceDate

Thread 5 Crashed:
0   CoreFoundation                  0x315fb022c         CFRelease.cold.1
1   CoreFoundation                  0x315e2c534         CFRelease
2   TrustKit                        0x1045c79e0         verifyPublicKeyPin (ssl_pin_verifier.m:68)
3   TrustKit                        0x1045ced10         -[TSKPinningValidator evaluateTrust:forHostname:] (TSKPinningValidator.m:126)
4   TrustKit                        0x1045cf0e0         -[TSKPinningValidator handleChallenge:completionHandler:] (TSKPinningValidator.m:202)

Answer 1 · 2021-04-21T15:25:57.000Z

One interesting thing to note, we've seen this occur for 21 users so far, and all are on iOS >= 14.4. Seeing as how we didn't start seeing this crash until recently, it appears something has changed with iOS 14.4 to make this crash start happening.