Sdwebimage: Version 4.4.5 crashing

@maurovc What previous version of SDWebImage did you use ? Is that version contains this crash case with the same rate ?

I remember, the 4.4.5 version, fix one of WebP colorspace for ICC Profile via #2584 , I don't know whether that it's related to this crash. But looks like that stack trace, the ColorSync framework is used for color space transform

We received the same crashes in v4.4.5 and v4.4.4. We also use WebP.
The crash of v4.4.4:

The crash of v4.4.5:

Crashed: com.hackemist.SDWebImageCache
0  ColorSync                      0x1a2e489d4 CMMProfile::MakeTag(icTagSignature, CMMTagDataAccess*, CMMTag*) + 1324
1  ColorSync                      0x1a2e43830 CMMProfile::GetTag(icTagSignature) + 188
2  ColorSync                      0x1a2e49c84 CMMProfile::InnerGetMatrixTags(CMMXYZTag* (&) [3], CMMCurveTag* (&) [3]) + 44
3  ColorSync                      0x1a2e4b89c CMMMatrixDisplayProfile::GetMatrixTags(CMMXYZTag* (&) [3], CMMRGBCurves&) + 64
4  ColorSync                      0x1a2e411c8 ConversionManager::MakeConversionSequence(CMMProfileInfoContainer*, CMMColorConversionInfo*) + 748
5  ColorSync                      0x1a2e3dfc0 DoInitializeTransform + 792
6  ColorSync                      0x1a2e3fdf8 AppleCMMInitializeTransform + 168
7  ColorSync                      0x1a2e2fad4 ColorSyncTransformCreate + 668
8  CoreGraphics                   0x1a16e5a88 CGCMSConverterCreate + 536
9  CoreGraphics                   0x1a1940154 CGColorTransformCacheGetConversionType + 220
10 CoreGraphics                   0x1a194ef4c CGColorTransformConvertRequired + 196
11 CoreGraphics                   0x1a193d6b8 CGDataProviderCreateForDestination + 132
12 CoreGraphics                   0x1a172db18 CGDataProviderCreateForDestinationWithImage + 1412
13 CoreGraphics                   0x1a18ac8a0 img_image + 1596
14 CoreGraphics                   0x1a18ac0dc CGSImageDataLock + 824
15 CoreGraphics                   0x1a16b8224 ripc_AcquireRIPImageData + 344
16 CoreGraphics                   0x1a18c8d80 ripc_DrawImage + 612
17 CoreGraphics                   0x1a18b2c70 CGContextDrawImageWithOptions + 476
18 SDWebImage                     0x1030e8da0 -[SDWebImageImageIOCoder sd_decompressedImageWithImage:] (SDWebImageImageIOCoder.m:242)
19 SDWebImage                     0x1030e8c74 -[SDWebImageImageIOCoder decompressedImageWithImage:data:options:] (SDWebImageImageIOCoder.m:189)
20 SDWebImage                     0x1030ed950 -[SDWebImageWebPCoder decompressedImageWithImage:data:options:] (SDWebImageWebPCoder.m:233)
21 SDWebImage                     0x1030e1938 -[SDWebImageCodersManager decompressedImageWithImage:data:options:] (SDWebImageCodersManager.m:125)
22 SDWebImage                     0x1030ddc48 -[SDImageCache diskImageForKey:data:options:] (SDImageCache.m:489)
23 SDWebImage                     0x1030de008 __55-[SDImageCache queryCacheOperationForKey:options:done:]_block_invoke (SDImageCache.m:541)
24 libdispatch.dylib              0x19f55b6c8 _dispatch_call_block_and_release + 24
25 libdispatch.dylib              0x19f55c484 _dispatch_client_callout + 16
26 libdispatch.dylib              0x19f503c18 _dispatch_lane_serial_drain$VARIANT$mp + 592
27 libdispatch.dylib              0x19f504760 _dispatch_lane_invoke$VARIANT$mp + 432
28 libdispatch.dylib              0x19f50cf00 _dispatch_workloop_worker_thread + 600
29 libsystem_pthread.dylib        0x19f73e0f0 _pthread_wqthread + 312
30 libsystem_pthread.dylib        0x19f740d00 start_wqthread + 4

Crashed: com.hackemist.SDWebImageDownloaderOperationCoderQueue
0  ColorSync                      0x1c173b714 CMMProfile::MakeTag(icTagSignature, CMMTagDataAccess*, CMMTag*) + 1332
1  ???                            0x27e81c1736404 (Missing)
2  ???                            0x4d3481c173ca58 (Missing)
3  ???                            0x668e01c173e758 (Missing)
4  ???                            0x1de301c1733c38 (Missing)
5  ???                            0xffe01c1730880 (Missing)
6  ???                            0x423c81c17327c4 (Missing)
7  ???                            0x25681c175a760 (Missing)
8  ???                            0x53981c1722478 (Missing)
9  ???                            0x31f401bff89fd4 (Missing)
10 ???                            0x112d81c01e9020 (Missing)
11 ???                            0x37a81c01f8354 (Missing)
12 ???                            0x189481c01e6510 (Missing)
13 ???                            0x47ef01bffd28dc (Missing)
14 ???                            0xd7881c0155844 (Missing)
15 ???                            0x3a0581c0155078 (Missing)
16 ???                            0x36e281bff5b7ac (Missing)
17 ???                            0x4c4501c01722cc (Missing)
18 ???                            0x201101c00ced80 (Missing)
19 ???                            0x4dee81c015bb8c (Missing)
20 ???                            0x624d8106bd8da0 (Missing)
21 SDWebImage                     0x106bd8c74 -[SDWebImageImageIOCoder decompressedImageWithImage:data:options:] (SDWebImageImageIOCoder.m:189)
22 SDWebImage                     0x106bdd950 -[SDWebImageWebPCoder decompressedImageWithImage:data:options:] (SDWebImageWebPCoder.m:233)
23 SDWebImage                     0x106bd1938 -[SDWebImageCodersManager decompressedImageWithImage:data:options:] (SDWebImageCodersManager.m:125)
24 SDWebImage                     0x106bd6eb4 __70-[SDWebImageDownloaderOperation URLSession:task:didCompleteWithError:]_block_invoke.279 (SDWebImageDownloaderOperation.m:428)
25 libdispatch.dylib              0x1bdd8fb9c _dispatch_call_block_and_release + 32
26 ???                            0x487501bdd91134 (Missing)
27 ???                            0x3c681bdd9864c (Missing)
28 ???                            0x5de281bdd99194 (Missing)
29 ???                            0x3c1601bdda1480 (Missing)
30 ???                            0x1a6901bdf92b20 (Missing)
31 ???                            0x714701bdf98dd4 (Missing)

@dirtmelon Is this reproducable ? I see that you set a breakpoint and found the exception. Can you print the exception content or show me the console output ? (You can also using lldb's po $arg1 when exception was thrown even it's a C++ exception).

And, are you using something like Fabric for Crash report ? Is this issue only appied for some specify iOS firmware (For example, iOS 8 only), or some specify iPhone Device Model ?

Because I can not reproduce this issue, but that fix works. So I should know whether it's a SDK bug (need workaround) or the usage issue.

@dreampiggy I can't reproduce in v4.4.5 either, but can reproduce in v4.4.4.
I will show the console output later.
These are statistics of crashes in v4.4.5, iOS 12 only:

Crash 1 - SDWebImageImageIOCoder.m line 189

device: 
49% iPhone XS Max
31% iPhone XR
20% iPhone XS

system:
46% iOS 12.1.2
16% iOS 12.1.4
13% iOS 12.1.3
25% other (4) (also iOS 12)

Crash 2 - SDWebImageImageIOCoder.m line 242

device
35% iPhone X
16% iPhone 7 Plus
12% iPhone 7
37% other (11)

system:
51% iOS 12.1.2
13% iOS 12.0.0
10% iOS 12.1.3
26% other (5) (also iOS 12)

Here is the console output:
[Unknown process name] create_icc: ColorSyncTransformCreate failed!

The crash happened when I loaded a lot of different images.

@dirtmelon Since your env have a high reproducible rate. Could you please try to disable the force decode feature, using SDImageCache.sharedImageCache.shouldDecompressImage = NO; SDWebImageDownloader.sharedDownloader.shouldDecompressImage = NO, does this crash still appear ?

I see the crash happened during the foce decode process, if you disable it, maybe can solve the issue.

But, if this crash still exist (maybe the stacktrace is different from this one because it happens during render step of UIImageView), we can say that the crash it's because of the custom ICC Profile, we have to revert that PR or filter the iOS 12 firmware.

After I set these settings:

SDImageCache.shared().config.shouldDecompressImages = false
SDWebImageDownloader.shared().shouldDecompressImages = false

The app crashed in ASImageNode 😂, ASImageNode.mm, we use the Texture heavily.
Thanks for your reply:)

@dirtmelon Hi. Thanks for your cooperation.

From your test behavior. I have a idea that this crash may be related to some specify WebP images, which contains invalid ICC Profile. At the first time, I assume this is a OOM issue (when memory is limit, anything can happen to cause crash). But after you disable the force decode feture, the crash still exist, so it may not related to OOM (Because, if you disable force decode, the memory usage is really small before rendering on the screen).

So, let we have another try, to see whether this crash is applied for specify WebP URL. Could you please, set a Exception Breakpoint using Xcode. Then run your local environment to trigger this crash.

Note this time, you should enable force decode to make it easy to debug (set shouldDecompressImage = true).

When the crash happend (exception thrown), please reveal the stack trace. If the image is from cache, click the -[SDImageCache diskImageForKey:data:options:] stack call, then using lldb, to print the current cache key:

po key

If the image is from network, click the -[SDWebImageDownloadOperation URLSession:task:didCompleteWithError:] stack call, then using lldb, to print the current request url.

po self.request.URL

Then, show me the WebP url and let me have a check at that and see whether it's reproducible.

I found the picture that will trigger a crash.
The png url: http://carben.b0.upaiyun.com/Images/1510913905.png
The WebP url: http://carben.b0.upaiyun.com/Images/1510913905.png!/format/webp
However, in the case of directly loading this image, it does not trigger a crash.

@dirtmelon I can also reproduce now. Use this WebP in our demo project and use prorgessive loading (go to the detail page), trigger the same exception.

Seems because of the WebP embeded ICC Profile is invalid on iOS ? This cause the ColorSync read failed and throw the exception. I'll have a try to investigate those invalid ICC Profile. Wait a while for my result.

< (kCGColorSpaceICCBased; kCGColorSpaceModelRGB; This profile has a bad description tag)>

@dirtmelon Should be fixed via #2621. It's not the issue cause by ICC Profile itself, but the code we used. It's a use-after-free bug.

If you're in hurry, you can apply a patch to use that commit for your project, or wait for next patch release.

@dreampiggy Thanks a lot.I will test it on my project.

This issue is solved by v4.4.6 release. Close now.