react-native: [iOS] Crash in Value.cpp line 34 - facebook::react::Value::toJSONString(unsigned int) const

Is this a bug report?

Yes

Have you read the Contributing Guidelines?

Yes

Environment

Environment: OS: macOS Sierra 10.12.6 Node: 8.5.0 Yarn: 1.0.1 npm: 5.3.0 Watchman: 4.6.0 Xcode: Xcode 9.0 Build version 9A235 Android Studio: 2.3 AI-162.4069837

Packages: (wanted => installed) react: 16.0.0-alpha.12 => 16.0.0-alpha.12 react-native: 0.48.3 => 0.48.3

Target Platform: iOS

Crash

Hi, we’re getting a crash on iOS in the internals of React Native. I haven’t been able to reproduce, but you can find the Crashlytics stack trace here : http://crashes.to/s/d52d9bce313


Crashed: com.facebook.react.JavaScript
EXC_BREAKPOINT 0x0000000186892ae8
--

12 Truckfly                       0x10072d4fc facebook::react::Value::toJSONString(unsigned int) const (Value.cpp:34)
13 Truckfly                       0x100753fa0 facebook::react::JSCExecutor::flushQueueImmediate(facebook::react::Value&&) (memory:4050)
14 Truckfly                       0x1007544a0 facebook::react::JSCExecutor::nativeFlushQueueImmediate(unsigned long, OpaqueJSValue const* const*) (JSCExecutor.cpp:588)
15 Truckfly                       0x100754c78 OpaqueJSValue const* (*facebook::react::(anonymous namespace)::exceptionWrapMethod<&(facebook::react::JSCExecutor::nativeFlushQueueImmediate(unsigned long, OpaqueJSValue const* const*))>())(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**)::funcWrapper::call(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**) (JSCExecutor.cpp:64)

Crashed: com.facebook.react.JavaScript
0  JavaScriptCore                 0x186892ae8 bmalloc::Heap::allocateLarge(std::__1::lock_guard<bmalloc::StaticMutex>&, unsigned long, unsigned long) + 24
1  JavaScriptCore                 0x186892adc bmalloc::Heap::allocateLarge(std::__1::lock_guard<bmalloc::StaticMutex>&, unsigned long, unsigned long) + 12
2  JavaScriptCore                 0x186890a1c bmalloc::Allocator::allocateLarge(unsigned long) + 92
3  JavaScriptCore                 0x185eeab88 WTF::StringImpl::createUninitialized(unsigned int, unsigned short*&) + 64
4  JavaScriptCore                 0x185eeaa40 WTF::StringBuilder::allocateBufferUpConvert(unsigned char const*, unsigned int) + 48
5  JavaScriptCore                 0x18687d58c WTF::StringBuilder::appendQuotedJSONString(WTF::String const&) + 160
6  JavaScriptCore                 0x18660f0c0 JSC::Stringifier::appendStringifiedValue(WTF::StringBuilder&, JSC::JSValue, JSC::Stringifier::Holder const&, JSC::PropertyNameForFunctionCall const&) + 1624
7  JavaScriptCore                 0x186610914 JSC::Stringifier::Holder::appendNextProperty(JSC::Stringifier&, WTF::StringBuilder&) + 3048
8  JavaScriptCore                 0x18660f594 JSC::Stringifier::appendStringifiedValue(WTF::StringBuilder&, JSC::JSValue, JSC::Stringifier::Holder const&, JSC::PropertyNameForFunctionCall const&) + 2860
9  JavaScriptCore                 0x18660e884 JSC::Stringifier::stringify(JSC::Handle<JSC::Unknown>) + 268
10 JavaScriptCore                 0x186613168 JSC::JSONStringify(JSC::ExecState*, JSC::JSValue, unsigned int) + 272
11 JavaScriptCore                 0x186657704 JSValueCreateJSONString + 180
12 Truckfly                       0x10072d4fc facebook::react::Value::toJSONString(unsigned int) const (Value.cpp:34)
13 Truckfly                       0x100753fa0 facebook::react::JSCExecutor::flushQueueImmediate(facebook::react::Value&&) (memory:4050)
14 Truckfly                       0x1007544a0 facebook::react::JSCExecutor::nativeFlushQueueImmediate(unsigned long, OpaqueJSValue const* const*) (JSCExecutor.cpp:588)
15 Truckfly                       0x100754c78 OpaqueJSValue const* (*facebook::react::(anonymous namespace)::exceptionWrapMethod<&(facebook::react::JSCExecutor::nativeFlushQueueImmediate(unsigned long, OpaqueJSValue const* const*))>())(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**)::funcWrapper::call(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**) (JSCExecutor.cpp:64)
16 JavaScriptCore                 0x1865becac long long JSC::APICallbackFunction::call<JSC::JSCallbackFunction>(JSC::ExecState*) + 456
17 JavaScriptCore                 0x185f12270 JSC::LLInt::setUpCall(JSC::ExecState*, JSC::Instruction*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*) + 456
18 JavaScriptCore                 0x1866a65c0 llint_entry + 26416
19 JavaScriptCore                 0x1866a656c llint_entry + 26332
20 JavaScriptCore                 0x1866a656c llint_entry + 26332
21 JavaScriptCore                 0x1866a65d0 llint_entry + 26432
22 JavaScriptCore                 0x1866a656c llint_entry + 26332
23 JavaScriptCore                 0x1866a656c llint_entry + 26332
24 JavaScriptCore                 0x1866a6904 llint_entry + 27252
25 JavaScriptCore                 0x1866a656c llint_entry + 26332
26 JavaScriptCore                 0x1866a65d0 llint_entry + 26432
27 JavaScriptCore                 0x1866a656c llint_entry + 26332
28 JavaScriptCore                 0x1866a65d0 llint_entry + 26432
29 JavaScriptCore                 0x1866a656c llint_entry + 26332
30 JavaScriptCore                 0x1866a65d0 llint_entry + 26432
31 JavaScriptCore                 0x1866a65d0 llint_entry + 26432
32 JavaScriptCore                 0x1866a656c llint_entry + 26332
33 JavaScriptCore                 0x1866a656c llint_entry + 26332
34 JavaScriptCore                 0x1866a6904 llint_entry + 27252
35 JavaScriptCore                 0x1866a65d0 llint_entry + 26432
36 JavaScriptCore                 0x1866a656c llint_entry + 26332
37 JavaScriptCore                 0x1866a656c llint_entry + 26332
38 JavaScriptCore                 0x1866a656c llint_entry + 26332
39 JavaScriptCore                 0x1866a656c llint_entry + 26332
40 JavaScriptCore                 0x1866a656c llint_entry + 26332
41 JavaScriptCore                 0x1866a656c llint_entry + 26332
42 JavaScriptCore                 0x1866a656c llint_entry + 26332
43 JavaScriptCore                 0x1866a6a10 llint_entry + 27520
44 JavaScriptCore                 0x1866a65d0 llint_entry + 26432
45 JavaScriptCore                 0x1866a656c llint_entry + 26332
46 JavaScriptCore                 0x1866a6a10 llint_entry + 27520
47 JavaScriptCore                 0x1866a656c llint_entry + 26332
48 JavaScriptCore                 0x1866a65d0 llint_entry + 26432
49 JavaScriptCore                 0x1866a656c llint_entry + 26332
50 JavaScriptCore                 0x18669fcc8 vmEntryToJavaScript + 264
51 JavaScriptCore                 0x186589710 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 164
52 JavaScriptCore                 0x185f16610 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 416
53 JavaScriptCore                 0x18622273c JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 164
54 JavaScriptCore                 0x185f16384 JSObjectCallAsFunction + 636
55 Truckfly                       0x10072e364 facebook::react::Object::callAsFunction(OpaqueJSValue*, int, OpaqueJSValue const* const*) const (Value.cpp:189)
56 Truckfly                       0x100753860 facebook::react::JSCExecutor::callFunction(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, folly::dynamic const&) (Value.h:46)
57 Truckfly                       0x100752d90 std::__1::function<void (facebook::react::JSExecutor*)>::operator()(facebook::react::JSExecutor*) const (functional:1817)
58 Truckfly                       0x1006e1294 facebook::react::tryAndReturnError(std::__1::function<void ()> const&) (RCTCxxUtils.mm:97)
59 Truckfly                       0x1006da8c0 facebook::react::RCTMessageThread::tryFunc(std::__1::function<void ()> const&) (RCTMessageThread.mm:62)
60 CoreFoundation                 0x181fb130c __CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__ + 20
61 CoreFoundation                 0x181fb0b28 __CFRunLoopDoBlocks + 288
62 CoreFoundation                 0x181faee1c __CFRunLoopRun + 1884
63 CoreFoundation                 0x181ededa4 CFRunLoopRunSpecific + 424
64 Truckfly                       0x1006b9f78 -[RCTCxxBridge runJSRunLoop] (RCTCxxBridge.mm:220)
65 Foundation                     0x182af7318 __NSThread__start__ + 996
66 libsystem_pthread.dylib        0x1810c568c _pthread_body + 240
67 libsystem_pthread.dylib        0x1810c559c _pthread_body + 282
68 libsystem_pthread.dylib        0x1810c2cb4 thread_start + 4

Does anyone see the same crash?

About this issue

Original URL
State: closed
Created 7 years ago
Reactions: 16
Comments: 31 (11 by maintainers)

Most upvoted comments

Thanks for posting this! It looks like you may not be using the latest version of React Native, v0.53.0, released on January 2018. Can you make sure this issue can still be reproduced in the latest version?

I am going to close this, but please feel free to open a new issue if you are able to confirm that this is still a problem in v0.53.0 or newer.

_{How to Contribute • What to Expect from Maintainers}

react-native-bot on Feb 24, 2018

@cosmith my finding were that the error happened when trying to store large json data to AsyncStorage on iOS. My example was a json string 52000000 characters long.

I ended up getting around this issue by using realm as a storage engine for redux-persist, and also by splitting the reducer for that data into 16 separate reducers that are combined by a selector so I can easily use the data.

I put the details in this answer in stack overflow - https://stackoverflow.com/a/48582319/3672622

robwalkerco on Feb 6, 2018

+1 seeing the same behavior

jamiesanerd on Nov 13, 2017

@cosmith If you don’t mind me asking, how did you achieve this? I’m serialising a 9MB object structure to JSON and writing it to disk with rn-fetch-blob, but it seems to crash quite often.

wbercx on Nov 7, 2018

This issue was introduced for us when upgrading from BatchedBridge to CxxBridge (react native’s C++ bridge), which was made the default in react-native v0.45.0. We see thousands of crashes a day for about 6-7% of our users.

I was able to replicate the crash by sending a large string (~100,000,000 characters long) to a custom NativeModule function that does nothing. The CxxBridge just isn’t able to handle passing a string that large from JS to Native. It could be memory related, but doesn’t happen when using BatchedBridge instead of CxxBridge.

This definitely isn’t limited to AsyncStorage, and could happen with any package or code that sends a large string across the bridge. If you’re using redux-persist, persisting less data or blacklisting large reducers would fix the issue for now. Ideally the bridge would be able to handle larger strings…

willdawsonme on Feb 14, 2018

@pjktk2 when I managed to replicate the crash (more by chance than anything) it was only happening when storing a large json string, and was happening consistently with that json (at least on my phone)

I’ve not looked at memory availability, but will check our error reporting for any clues there.

Sounds like you are well ahead of me in terms to tracking this bug down, so I will be interested to hear your findings!

robwalkerco on Feb 7, 2018

@princenaman perhaps there is somewhere else in your code that’s transferring a large bit of data across the JavaScript bridge? That’s where I guess the crash is happening.

Or perhaps some other package you are using that’s using AsyncStorage behind the scenes?

robwalkerco on Feb 6, 2018

Did any of ya’ll come up with a workaround for this? We’re seeing this error log pretty consistently in production, and users confirm it results in a crash, but we’re not able to recreate it on our own.

Anu2g on Nov 13, 2017