EXC_BAD_ACCESS in ph_swizzled_layoutSublayers - ApplicationViewLayoutPublisher accessing deallocated view during navigation transition

[tring-bhagya]

Version

3.32.0 and 3.58.1

Steps to Reproduce

1. Initialize PostHog with sessionReplay = true and screenshotMode = true
2. Have a UIView subclass (KMComposeChatView) containing a UITextField in the hierarchy
3. Push or pop any view controller via UINavigationController
4. App crashes with EXC_BAD_ACCESS in ApplicationViewLayoutPublisher

Environment:
PostHog iOS SDK: 3.32.0 and 3.58.1 (both affected)
iOS: 18.x and 26.x (both affected)
Xcode: [your version]
Device: Real device and simulator both affected
Release builds only (not reproducible in Debug)

Crash: EXC_BAD_ACCESS in ApplicationViewLayoutPublisher.swift:155
Trigger: Navigation push/pop while KMComposeChatView (UIView with UITextField) is in hierarchy

Stack trace:
thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
frame #0: 0x00007ff802539d97 libobjc.A.dylibobjc_msgSend + 23 frame #1: 0x00007ff809acb302 UIKitCore-[UIView(Internal) _didMoveFromWindow:toWindow:] + 1329
frame #2: 0x00007ff809acb16d UIKitCore-[UIView(Internal) _didMoveFromWindow:toWindow:] + 924 frame #3: 0x00007ff809acb16d UIKitCore-[UIView(Internal) _didMoveFromWindow:toWindow:] + 924
frame #4: 0x00007ff809acb16d UIKitCore-[UIView(Internal) _didMoveFromWindow:toWindow:] + 924 frame #5: 0x00007ff809acb16d UIKitCore-[UIView(Internal) _didMoveFromWindow:toWindow:] + 924
frame #6: 0x00007ff809acb16d UIKitCore-[UIView(Internal) _didMoveFromWindow:toWindow:] + 924 frame #7: 0x00007ff809acb16d UIKitCore-[UIView(Internal) _didMoveFromWindow:toWindow:] + 924
frame #8: 0x00007ff809abd44f UIKitCore__45-[UIView(Hierarchy) _postMovedFromSuperview:]_block_invoke + 144 frame #9: 0x00007ffb1118a0c6 CoreAutoLayout-[NSISEngine withBehaviors:performModifications:] + 84
frame #10: 0x00007ff809abd361 UIKitCore-[UIView _postMovedFromSuperview:] + 601 frame #11: 0x00007ff809ace542 UIKitCore-[UIView(Internal) _addSubview:positioned:relativeTo:] + 3246
frame #12: 0x00007ff80887cacf UIKitCore-[_UIParallaxDimmingView didMoveToWindow] + 179 frame #13: 0x00007ff809acb8df UIKitCore-[UIView(Internal) _didMoveFromWindow:toWindow:] + 2830
frame #14: 0x00007ff809acb16d UIKitCore-[UIView(Internal) _didMoveFromWindow:toWindow:] + 924 frame #15: 0x00007ff809acb16d UIKitCore-[UIView(Internal) _didMoveFromWindow:toWindow:] + 924
frame #16: 0x00007ff809abd44f UIKitCore__45-[UIView(Hierarchy) _postMovedFromSuperview:]_block_invoke + 144 frame #17: 0x00007ffb1118a0c6 CoreAutoLayout-[NSISEngine withBehaviors:performModifications:] + 84
frame #18: 0x00007ff809abd361 UIKitCore-[UIView _postMovedFromSuperview:] + 601 frame #19: 0x00007ff809ace542 UIKitCore-[UIView(Internal) _addSubview:positioned:relativeTo:] + 3246
frame #20: 0x00007ff808878726 UIKitCore__81-[_UINavigationParallaxTransition _animateOrCreatePropertyAnimatorForTransition:]_block_invoke_2 + 2136 frame #21: 0x00007ff809ac6b23 UIKitCore+[UIView(Animation) performWithoutAnimation:] + 84
frame #22: 0x00007ff808877e5c UIKitCore__81-[_UINavigationParallaxTransition _animateOrCreatePropertyAnimatorForTransition:]_block_invoke + 467 frame #23: 0x00007ff809accb17 UIKitCore+[UIView _performBlockDelayingTriggeringResponderEvents:forScene:] + 206
frame #24: 0x00007ff808877029 UIKitCore-[_UINavigationParallaxTransition _animateOrCreatePropertyAnimatorForTransition:] + 2260 frame #25: 0x00007ff808876726 UIKitCore-[_UINavigationParallaxTransition interruptibleAnimatorForTransition:] + 151
frame #26: 0x00007ff80885e7d2 UIKitCore-[UIPercentDrivenInteractiveTransition _startInterruptibleTransition:] + 112 frame #27: 0x00007ff80885eacb UIKitCore-[UIPercentDrivenInteractiveTransition startInteractiveTransition:] + 241
frame #28: 0x00007ff8088619d8 UIKitCore___UIViewControllerTransitioningRunCustomTransitionWithRequest_block_invoke_2 + 229 frame #29: 0x00007ff808a2ecd4 UIKitCore+[UIKeyboardSceneDelegate _pinInputViewsForKeyboardSceneDelegate:onBehalfOfResponder:duringBlock:] + 106
frame #30: 0x00007ff8088618b2 UIKitCore___UIViewControllerTransitioningRunCustomTransitionWithRequest_block_invoke.822 + 235 frame #31: 0x00007ff809ac67fe UIKitCore+[UIView(Animation) _setAlongsideAnimations:toRunByEndOfBlock:animated:] + 181
frame #32: 0x00007ff8088616f3 UIKitCore_UIViewControllerTransitioningRunCustomTransitionWithRequest + 729 frame #33: 0x00007ff809524595 UIKitCore-[_UIViewControllerTransitionConductor _startCustomTransition:] + 1481
frame #34: 0x00007ff8095233a8 UIKitCore-[_UIViewControllerTransitionConductor startDeferredTransitionIfNeeded] + 731 frame #35: 0x00007ff80873e72e UIKitCore-[UINavigationController __viewWillLayoutSubviews] + 116
frame #36: 0x00007ff80871a28b UIKitCore-[UILayoutContainerView layoutSubviews] + 207 frame #37: 0x00007ff8080817a6 UIKitCore___lldb_unnamed_symbol285388 + 438
frame #38: 0x00007ff808081b55 UIKitCore___lldb_unnamed_symbol285390 + 21 frame #39: 0x00007ff809ad39c1 UIKitCore-[UIView(CALayerDelegate) layoutSublayersOfLayer:] + 3327

• frame chore: renable ci #40: 0x0000000105c5f8d9 PostHogUIView.ph_swizzled_layoutSublayers(layer=<unavailable>) at ApplicationViewLayoutPublisher.swift:155:13 [opt] [inlined] frame #42: 0x00007ff81022fbb1 QuartzCoreCA::Layer::perform_update_(CA::Layer*, CALayer*, unsigned int, CA::LayerUpdateReason, CA::Transaction*) + 391
  frame Completion handler #43: 0x00007ff81022f490 QuartzCoreCA::Layer::update_if_needed_(CA::Transaction*, CA::LayerUpdateReason) + 700 frame #44: 0x00007ff81023c0a4 QuartzCoreCA::Layer::layout_and_display_if_needed(CA::Transaction*) + 110
  frame Add option to getFeatureFlag and isFeatureEnabled #45: 0x00007ff81012e6b7 QuartzCoreCA::Context::commit_transaction(CA::Transaction*, double, double*) + 769 frame #46: 0x00007ff81016bede QuartzCoreCA::Transaction::commit() + 748
  frame Add throttling to certain application lifecycle events #47: 0x00007ff81016d776 QuartzCoreCA::Transaction::flush_as_runloop_observer(bool) + 60 frame #48: 0x00007ff80930b4cf UIKitCore_UIApplicationFlushCATransaction + 57
  frame Feature Flag payloads does not work #49: 0x00007ff8091d98a6 UIKitCore__setupUpdateSequence_block_invoke_2 + 437 frame #50: 0x00007ff8083dedc1 UIKitCore_UIUpdateSequenceRunNext + 95
  frame Swift package testing #51: 0x00007ff8091d9cc5 UIKitCoreschedulerStepScheduledMainSectionContinue + 57 frame #52: 0x00007ffc1ec2d2fe UpdateCycleUC::DriverCore::continueProcessing() + 68
  frame Initializing PostHog in a SwiftUI app results in accent color not being respected #53: 0x00007ff80293c2cc CoreFoundation__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 frame #54: 0x00007ff80293c20e CoreFoundation__CFRunLoopDoSource0 + 157
  frame fix: Issues with main screen and tests #55: 0x00007ff80293b9eb CoreFoundation__CFRunLoopDoSources0 + 203 frame #56: 0x00007ff80293ab5b CoreFoundation__CFRunLoopRun + 916
  frame Add pod linting to the CI #57: 0x00007ff802935aa7 CoreFoundation_CFRunLoopRunSpecificWithOptions + 496 frame #58: 0x00007ff816b8d918 GraphicsServicesGSEventRunModal + 94
  frame PHFileStorage.m crashes #59: 0x00007ff80930cf4a UIKitCore-[UIApplication _run] + 842 frame #60: 0x00007ff809311f29 UIKitCoreUIApplicationMain + 123
  frame Crash on notification payload send #61: 0x00007ff80807db67 UIKitCoreUIApplicationMain(_:_:_:_:) + 103 frame #62: 0x00000001028461f2 Appspecialized static UIApplicationDelegate.main() at KMAppDelegate.swift:0 [opt] [inlined]
  frame Update device type #63: 0x00000001028461dd Appstatic KMAppDelegate.$main() at <compiler-generated>:17:1 [opt] [inlined] frame #64: 0x00000001028461dd Appmain at KMAppDelegate.swift:0 [opt]
  frame Chore: Set min. supported version for Apple #65: 0x0000000103d823dc dyld_simstart_sim + 10 frame #66: 0x0000000110395bb8 dyldstart + 3240

Expected Result

App should not crash during navigation transitions when a UIView subclass
containing a UITextField is present in the view hierarchy.

Actual Result

EXC_BAD_ACCESS crash in PostHog's ph_swizzled_layoutSublayers
(ApplicationViewLayoutPublisher.swift:155) during navigation push/pop transitions.

[ioannisj]

Hey @tring-bhagya thanks for reporting. I'll try to reproduce on my end and report back. We'll probably need to refactor a bit so we do as less work as possible during view layouts

[ioannisj]

Still looking into this, can't replicate on simulator though so far