Crashes on iOS - il2cpp - generics

Unity Engine
,
1

Hi guys,

we are dealing with strange crashes using JSON deserialization. We are using this plugin https://www.assetstore.unity3d.com/en/#!/content/11347. Game is crashing when deserializing JSON data. Device is using iOS 7 and Unity was 5.2.3. It looks like, that this type of crash is not 100 %, and I think it depends on iOS version. We have crashes of this type with previous version of unity 5.2.21f, but they occured much less often :frowning:

Here is generated c++ method, where crash occurs (line 37):

// System.Boolean System.Collections.Generic.Dictionary`2<System.Object,System.Object>::TryGetValue(TKey,TValue&)
extern TypeInfo* ArgumentNullException_t1_1500_il2cpp_TypeInfo_var;
extern TypeInfo* Object_t_il2cpp_TypeInfo_var;
extern Il2CppCodeGenString* _stringLiteral793;
extern "C" bool Dictionary_2_TryGetValue_m1_15085_gshared (Dictionary_2_t1_1952 * __this, Object_t * ___key, Object_t ** ___value, const MethodInfo* method)
{
    static bool s_Il2CppMethodIntialized;
    if (!s_Il2CppMethodIntialized)
    {
        ArgumentNullException_t1_1500_il2cpp_TypeInfo_var = il2cpp_codegen_type_info_from_index(3);
        Object_t_il2cpp_TypeInfo_var = il2cpp_codegen_type_info_from_index(0);
        _stringLiteral793 = il2cpp_codegen_string_literal_from_index(793);
        s_Il2CppMethodIntialized = true;
    }
    int32_t V_0 = 0;
    int32_t V_1 = 0;
    Object_t * V_2 = {0};
    {
        Object_t * L_0 = ___key;
        if (L_0)
        {
            goto IL_0016;
        }
    }
    {
        ArgumentNullException_t1_1500 * L_1 = (ArgumentNullException_t1_1500 *)il2cpp_codegen_object_new (ArgumentNullException_t1_1500_il2cpp_TypeInfo_var);
        ArgumentNullException__ctor_m1_13269(L_1, (String_t*)_stringLiteral793, /*hidden argument*/NULL);
        il2cpp_codegen_raise_exception((Il2CppCodeGenException*)L_1);
    }
   
IL_0016:
    {
        Object_t* L_2 = (Object_t*)(__this->___hcp_12);
        Object_t * L_3 = ___key;
        NullCheck((Object_t*)L_2);
        //LINE 8481 HERE !!!! - CRASH 
        int32_t L_4 = (int32_t)InterfaceFuncInvoker1< int32_t, Object_t * >::Invoke(1 /* System.Int32 System.Collections.Generic.IEqualityComparer`1<System.Object>::GetHashCode(T) */, IL2CPP_RGCTX_DATA(InitializedTypeInfo(method->declaring_type)->rgctx_data, 35), (Object_t*)L_2, (Object_t *)L_3);
        V_0 = (int32_t)((int32_t)((int32_t)L_4|(int32_t)((int32_t)-2147483648)));
        Int32U5BU5D_t1_275* L_5 = (Int32U5BU5D_t1_275*)(__this->___table_4);
        int32_t L_6 = V_0;
        Int32U5BU5D_t1_275* L_7 = (Int32U5BU5D_t1_275*)(__this->___table_4);
        NullCheck(L_7);
        NullCheck(L_5);
        IL2CPP_ARRAY_BOUNDS_CHECK(L_5, ((int32_t)((int32_t)((int32_t)((int32_t)L_6&(int32_t)((int32_t)2147483647)))%(int32_t)(((int32_t)((int32_t)(((Array_t *)L_7)->max_length)))))));
        int32_t L_8 = ((int32_t)((int32_t)((int32_t)((int32_t)L_6&(int32_t)((int32_t)2147483647)))%(int32_t)(((int32_t)((int32_t)(((Array_t *)L_7)->max_length))))));
        V_1 = (int32_t)((int32_t)((int32_t)(*(int32_t*)(int32_t*)SZArrayLdElema(L_5, L_8, sizeof(int32_t)))-(int32_t)1));
        goto IL_00a2;
    }
   
IL_0048:
    {
        LinkU5BU5D_t1_3010* L_9 = (LinkU5BU5D_t1_3010*)(__this->___linkSlots_5);
        int32_t L_10 = V_1;
        NullCheck(L_9);
        IL2CPP_ARRAY_BOUNDS_CHECK(L_9, L_10);
        int32_t L_11 = (int32_t)(((Link_t1_256 *)(Link_t1_256 *)SZArrayLdElema(L_9, L_10, sizeof(Link_t1_256 )))->___HashCode_0);
        int32_t L_12 = V_0;
        if ((!(((uint32_t)L_11) == ((uint32_t)L_12))))
        {
            goto IL_0090;
        }
    }
    {
        Object_t* L_13 = (Object_t*)(__this->___hcp_12);
        ObjectU5BU5D_t1_272* L_14 = (ObjectU5BU5D_t1_272*)(__this->___keySlots_6);
        int32_t L_15 = V_1;
        NullCheck(L_14);
        IL2CPP_ARRAY_BOUNDS_CHECK(L_14, L_15);
        int32_t L_16 = L_15;
        Object_t * L_17 = ___key;
        NullCheck((Object_t*)L_13);
        bool L_18 = (bool)InterfaceFuncInvoker2< bool, Object_t *, Object_t * >::Invoke(0 /* System.Boolean System.Collections.Generic.IEqualityComparer`1<System.Object>::Equals(T,T) */, IL2CPP_RGCTX_DATA(InitializedTypeInfo(method->declaring_type)->rgctx_data, 35), (Object_t*)L_13, (Object_t *)(*(Object_t **)(Object_t **)SZArrayLdElema(L_14, L_16, sizeof(Object_t *))), (Object_t *)L_17);
        if (!L_18)
        {
            goto IL_0090;
        }
    }
    {
        Object_t ** L_19 = ___value;
        ObjectU5BU5D_t1_272* L_20 = (ObjectU5BU5D_t1_272*)(__this->___valueSlots_7);
        int32_t L_21 = V_1;
        NullCheck(L_20);
        IL2CPP_ARRAY_BOUNDS_CHECK(L_20, L_21);
        int32_t L_22 = L_21;
        (*(Object_t **)L_19) = (*(Object_t **)(Object_t **)SZArrayLdElema(L_20, L_22, sizeof(Object_t *)));
        return 1;
    }
   
IL_0090:
    {
        LinkU5BU5D_t1_3010* L_23 = (LinkU5BU5D_t1_3010*)(__this->___linkSlots_5);
        int32_t L_24 = V_1;
        NullCheck(L_23);
        IL2CPP_ARRAY_BOUNDS_CHECK(L_23, L_24);
        int32_t L_25 = (int32_t)(((Link_t1_256 *)(Link_t1_256 *)SZArrayLdElema(L_23, L_24, sizeof(Link_t1_256 )))->___Next_1);
        V_1 = (int32_t)L_25;
    }
   
IL_00a2:
    {
        int32_t L_26 = V_1;
        if ((!(((uint32_t)L_26) == ((uint32_t)(-1)))))
        {
            goto IL_0048;
        }
    }
    {
        Object_t ** L_27 = ___value;
        Initobj (Object_t_il2cpp_TypeInfo_var, (&V_2));
        Object_t * L_28 = V_2;
        (*(Object_t **)L_27) = L_28;
        return 0;
    }
}
2

@Wawro01

This is not something I’ve seen before. Can you submit a bug report and include a project that causes this crash? If so, please let me know the bug report number. Thanks!