I saw a disturbing thing today. I was running a new app in the debugger, and I suddenly began to see messages like this in the console:
crasher(8502,0xa07a6500) malloc: *** error for object 0x2017000: pointer being freed was not allocated
*** set a breakpoint in malloc_error_break to debugI eventually traced these down to my Shiny Red Button code, and through that to what I believe to be a Core Graphics bug. It seems that the underlying problem is not too serious, but I wanted to document what I’d found.
Environment
I’m running:
- Snow Leopard (10.6.1 10B504)
- Xcode 3.2.1 (IDE: 1613.0 / Core: 1614.0 / ToolSupport 1591.0)
- iPhone Simulator 3.1 (139.1)
- iPhone 3G w/ OS 3.1.2 (7D11)
I mention all this because I believe that the problem I’m seeing occurs in only a few configurations. I’ll have a bit more to say on that point later on.
Reproduction
To reproduce the problem in a simple test case, follow these steps:
- Begin a New Project in Xcode. Select a “Navigation-based Application” template (without core data) from the “New Project” dialog.
- In the automatically generated
RootViewController.mfile, uncomment the theviewDidLoadmethod, and add these 4 lines of code:UIGraphicsBeginImageContext(CGSizeMake(300,44)); UIGraphicsGetImageFromCurrentImageContext(); UIGraphicsEndImageContext(); return;The final function should look like this:
- (void)viewDidLoad { [super viewDidLoad]; UIGraphicsBeginImageContext(CGSizeMake(300,44)); UIGraphicsGetImageFromCurrentImageContext(); UIGraphicsEndImageContext(); return; // Uncomment the following line to display an Edit button in the navigation bar for this view controller. // self.navigationItem.rightBarButtonItem = self.editButtonItem; } - Change the “Base SDK for All Configurations” setting to “iPhone Device 3.0”. (You can find this setting in the Project -> Edit Project Settings -> General dialog.)
- Change the target in the upper-left-hand dropdown to “Simulator – 3.0 | Debug”
- Build and run the program with Command-Enter
- Open the GDB console
- You should see an error message like this:
crasher(8502,0xa07a6500) malloc: *** error for object 0x2017000: pointer being freed was not allocated *** set a breakpoint in malloc_error_break to debug
Where It Doesn’t Happen
Now, as far as I can tell, those four lines of code are perfectly legal, and should not cause the framework to cough up errors during free()s. In fact, they don’t seem to, in many cases.
- The problem seems to be sensitive to the size argument passed to
UIGraphicsBeginImageContext. 10×10 doesn’t seem to trigger it, while 320×44 does. I dunno. - If I target “Simulator – 3.1 | Debug” or “Simulator – 3.1.2 | Debug”, no errors are generated.
- If I target my device with “Device – 3.0 | Debug”, no errors are generated. (Please note, however, that the device itself is running the 3.1.2 iPhone OS.)
- I do not believe that this problem occurred when I was running Xcode 3.1.3 on OS X 10.5 against iPhone Simulator v3.0 (138).
- I do not believe that this problem occurred when I was running Xcode 3.1.2 on OS X 10.5 against iPhone OS 2.2.1, either on the device or on the simulator.
Impact
This is a pretty worrying bug. Although it doesn’t routinely and immediately crash the program, memory (de)allocation problems are never really “ok”. Furthermore, it seems that this problem is within a service (the UIGraphicsGetImageFromCurrentImageContext function) for which there is no immediately apparent workaround.
Fortunately, this problem appears to be confined to the iPhone OS 3.0 software, and it may, in fact, be even more limited in scope than that; it’s possible that this is an artifact of the simulator, or a particular build of the toolchain. Nevertheless, if you’re using UIGraphicsGetImageFromCurrentImageContext, as I do in my Shiny Red Button code, you seem to be well advised to be cautious around the 3.0 OS.
You Can Help
If you’re a developer with a device running iPhone OS 3.0 near to hand, I’d love to know if this problem occurs on the actual hardware.
Update: Jeffrey Scofield reports that this problem does not occur on his iPhone 2G w/ OS 3.0.1!
Pingback: Things that were not immediately obvious to me » Blog Archive » Core Graphics Problems (Update)
Pingback: Things that were not immediately obvious to me » Blog Archive » Minesweeper (Part 9)