2

这个电话:

[UIKeyboardImpl(ShortcutConversionSupport) _shortcutConversionCandidateForInput:]

正在使我的应用程序崩溃。谷歌搜索和查看 Apple 的 API 文档没有任何结果。我从来没有在我的应用程序的任何地方看到过这个电话。我还在我认为它被调用的位置放置了一个断点。这是崩溃报告:

(仅供参考,即使使用正确的 dSYM 文件,崩溃日志也无法完全符号化。不知道为什么)

Last Exception Backtrace:
0   CoreFoundation                  0x327e188f __exceptionPreprocess + 163
1   libobjc.A.dylib                 0x34837259 objc_exception_throw + 33
2   CoreFoundation                  0x327e1789 +[NSException raise:format:] + 1
3   CoreFoundation                  0x327e17ab +[NSException raise:format:] + 35
4   CoreFoundation                  0x3273bf5b -[__NSCFString substringWithRange:] + 103
5   Buffer                          0x000fa061 0xd6000 + 147553
6   UIKit                           0x32348137 -[UIKeyboardImpl(ShortcutConversionSupport) _shortcutConversionCandidateForInput:] + 615
7   UIKit                           0x32322c07 -[UIKeyboardImpl addInputString:fromVariantKey:] + 287
8   UIKit                           0x32322ae1 -[UIKeyboardImpl handleStringInput:fromVariantKey:] + 165
9   UIKit                           0x32321829 -[UIKeyboardImpl handleKeyEvent:] + 1501
10  UIKit                           0x02b10261 0x2af4000 + 115297
11  UIKit                           0x324bb8a3 -[UIKeyboardLayoutStar sendStringAction:forKey:isPopupVariant:] + 487
12  UIKit                           0x3231fdcd -[UIKeyboardLayoutStar touchUp:] + 3197
13  UIKit                           0x02b2ab47 0x2af4000 + 224071
14  UIKit                           0x3231f0fd -[UIKeyboardLayout touchesEnded:withEvent:] + 381
15  UIKit                           0x3222292b -[UIWindow _sendTouchesForEvent:] + 319
16  UIKit                           0x32222319 -[UIWindow sendEvent:] + 381
17  UIKit                           0x32208695 -[UIApplication sendEvent:] + 357
18  UIKit                           0x32207f3b _UIApplicationHandleEvent + 5827
19  GraphicsServices                0x3188f22b PurpleEventCallback + 883
20  CoreFoundation                  0x327b5523 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE1_PERFORM_FUNCTION__ + 39
21  CoreFoundation                  0x327b54c5 __CFRunLoopDoSource1 + 141
22  CoreFoundation                  0x327b4313 __CFRunLoopRun + 1371
23  CoreFoundation                  0x327374a5 CFRunLoopRunSpecific + 301
24  CoreFoundation                  0x3273736d CFRunLoopRunInMode + 105
25  GraphicsServices                0x3188e439 GSEventRunModal + 137
26  UIKit                           0x32236cd5 UIApplicationMain + 1081
27  Buffer                          0x000d8327 0xd6000 + 8999
28  Buffer                          0x000d7dcc 0xd6000 + 7628

我知道这在 substringWithRange 处崩溃:但是什么时候调用这个特定的 ShortcutConversionSupport 方法?我相信这将帮助我隔离问题。

4

1 回答 1

0

这是问题:

- (UITextRange *)textRangeFromPosition:(UITextPosition *)fromPosition toPosition:(UITextPosition *)toPosition
{    
// Generate IndexedPosition instances that wrap the to and from ranges
    IndexedPosition *from = (IndexedPosition *)fromPosition;
    IndexedPosition *to = (IndexedPosition *)toPosition;  

    NSRange range = NSMakeRange(MIN(from.index, to.index), ABS(to.index - from.index));
    return [IndexedRange rangeWithNSRange:range];    

}

更具体地说:ABS(to.index - from.index)

问题是编译器认为这个否定的乘积是 NSUInteger 因为 to.index 和 from.index 都是 NSUInteger 变量(所以值永远不会是负数)。因此,如果 from.index > to.index 该值将溢出,产生一个 32 位 uint 的最大大小而不是负值。另请注意,ABS 使用typeof来确定产品的返回值。这是修复:

- (UITextRange *)textRangeFromPosition:(UITextPosition *)fromPosition toPosition:(UITextPosition *)toPosition
{    
    IndexedPosition *from = (IndexedPosition *)fromPosition;
    IndexedPosition *to = (IndexedPosition *)toPosition;  

    NSInteger index = to.index - from.index;    
    NSRange range = NSMakeRange(MIN(from.index, to.index), ABS(index));

    return [IndexedRange rangeWithNSRange:range];

}

顺便说一句,这只发生在用户删除了设置>通用>键盘>快捷方式中的所有快捷方式时。

于 2012-06-11T18:20:06.420 回答