iOS 14.5 crashed

[cfxiao]

0	perform_rebinding_with_section(fishhook.c:137)
1	perform_rebinding_with_section(fishhook.c:131)
2	rebind_symbols_for_image(fishhook.c:208)
3	rebind_symbols(fishhook.c:252)

iOS 14.5 crashed when hook GCD.

[cfxiao]

[cfxiao]

Hook fsync also crashes.

[feikang]

have the same problem. I can reproduce the crash with iPhone Xs and OS version 14.5(18E5140j) beta. but iPhone 7 can't reproduce it.

[leirenbaobao]

@cfxiao can you supply detail codes? which func been hooked?

[biosli]

@leirenbaobao it seems that he hook the dispatch_sync.
And I try to hook malloc / realloc get same crash report.

I'm pretty sure the iOS 14.5 beta at newer phones such as iPhoneXs, has change the memory offset of core library.

[leirenbaobao]

@biosli I tested some funcs. some crashes. what puzzle me is that even offset changed normal dynamic binding still work without hook.maybe it's nothing to do with offset.

[leirenbaobao]

I suppose write to a read-only address. https://stackoverflow.com/questions/19741409/whats-the-difference-between-code-1-and-code-2-in-exc-bad-access

[maniackk]

I found some case that vm_protect return KERN_SUCCESS , but memory don't set VM_PROT_WRITE success. like mprotect method

oldProtection = get_protection(rebindings); is wrong, It save struct rebindings_entry *rebindings memory protection. We should save section protection.

I commit code that oldProtection = get_protection((void *)trunc_address);.

and I found a problem when program set same section protection in multithread(iOS 14.5).

https://github.com/facebook/fishhook/pull/84/files

[maniackk]

@leirenbaobao it seems that he hook the dispatch_sync.
And I try to hook malloc / realloc get same crash report.

I'm pretty sure the iOS 14.5 beta at newer phones such as iPhoneXs, has change the memory offset of core library.

#84 fix bug

[daybreak1024]

When will the crash be fixed？

I used #84 code and it worked.But it's not merged into the main branch，so can I use it？

[maniackk]

When will the crash be fixed？

I used #84 code and it worked.But it's not merged into the main branch，so can I use it？

you can use it !

crash reason:

1. int mprotect(void *address, size_t size, int protect); function Require address alignment at all iOS version(Not only iOS 14.5). apple doc
2. The memory mapped to the __DATA_CONST section is readable and writable before iOS 14.5； but in iOS 14.5 maybe readwrite，maybe readonly。

[d6638219]

iOS15 crash

[kaspesla]

Thanks for the fix!! In case anyone else is using fishhook on the Mac, you will need this fix for macOS 12.