Crash occurring when trying to force unwrap possible nil response header

[Jeffrey-Chau-Leo]

Describe the bug

A crash is occurring when trying to verify the users email with a verification code with amplify.

The toString() function below in Utilities.swift crashes due to possible force unwrapping when nil

extension aws_byte_cursor {
    func toString() -> String {
        if self.len == 0 {
            return ""
        }

        let data = Data(bytesNoCopy: self.ptr, count: self.len, deallocator: .none)
        return String(data: data, encoding: .utf8)!
    }

    func toOptionalString() -> String? {
        if self.len == 0 { return nil }
        let data = Data(bytesNoCopy: self.ptr, count: self.len, deallocator: .none)
        return String(data: data, encoding: .utf8)!
    }
}

Expected Behavior

No crash

Current Behavior

Thread 8 Crashed:
0   App                             0x101570abc         [inlined] value
1   App                             0x101570abc         [inlined] aws_byte_cursor.toString (Utilities.swift:160)
2   App                             0x101570abc         [inlined] HTTPHeader.init (HTTPHeader.swift:18)
3   App                             0x101570abc         [inlined] HTTPHeader.__allocating_init (HTTPHeader.swift:19)
4   App                             0x101570abc         [inlined] onResponseHeaders (HTTPStreamCallbackCore.swift:56)
5   App                             0x101570abc         [inlined] Sequence.forEach
6   App                             0x101570abc         onResponseHeaders (HTTPStreamCallbackCore.swift:56)
7   App                             0x101570960         [inlined] aws_byte_cursor.toString (Utilities.swift:160)
8   App                             0x101570960         [inlined] HTTPHeader.init (HTTPHeader.swift:18)
9   App                             0x101570960         [inlined] HTTPHeader.__allocating_init (HTTPHeader.swift:19)
10  App                             0x101570960         [inlined] onResponseHeaders (HTTPStreamCallbackCore.swift:56)
11  App                             0x101570960         [inlined] Sequence.forEach
12  App                             0x101570960         onResponseHeaders (HTTPStreamCallbackCore.swift:56)
13  App                             0x1015bb048         s_decoder_on_header (h1_connection.c:1156)
14  App                             0x1015bc8a4         s_linestate_header (h1_decoder.c:534)
15  App                             0x1015bc1f0         s_state_getline (h1_decoder.c:126)
16  App                             0x1015bb9a4         aws_h1_decode (h1_decoder.c:724)
17  App                             0x1015b91e4         [inlined] s_try_process_next_stream_read_message (h1_connection.c:1863)
18  App                             0x1015b91e4         aws_h1_connection_try_process_read_messages (h1_connection.c:1755)
19  App                             0x1015ba31c         s_handler_process_read_message (h1_connection.c:1721)
20  App                             0x1015a2a04         s_process_read_message (secure_transport_tls_channel_handler.c:661)
21  App                             0x1015b11fc         s_do_read (socket_channel_handler.c:164)
22  App                             0x1015b0a88         s_on_readable_notification (socket_channel_handler.c:221)
23  App                             0x1015af7ec         s_on_socket_io_event (socket.c:1697)
24  App                             0x10159c744         aws_event_loop_thread (kqueue_event_loop.c:932)
25  App                             0x1015917bc         thread_fn (thread.c:177)
26  libsystem_pthread.dylib         0x40381a4d0         _pthread_start

Reproduction Steps

I personally have not been able to replicate this issue, but has been occurring with our users according to our logs.

Possible Solution

Safely unwrap possible nil response headers, e.g. use a ternary operator to return an empty string

Additional Information/Context

No response

aws-crt-swift version used

0.17.0 via amplify Swift

Compiler and Version used

XCode 15.0, Swift 5

Operating System and version

MacOS 13.5

[waahm7]

Hi,

Thank you for reporting the issue. We are looking into it. Could you please specify the service to which the failing requests were made? Thank you.

[Jeffrey-Chau-Leo]

We are using amplify-swift.

Specifically calling confirmSignUp followed by signIn

[waahm7]

@Jeffrey-Chau-Leo, thank you for the update. I asked because this can only fail when the headers contain non-ASCII characters. Since there is no standardization for which encoding to use for headers, we are discussing multiple approaches.

[waahm7]

@Jeffrey-Chau-Leo Do you know of any cases where the headers for SignUp or SignIn might have non-ASCII characters, perhaps as part of a username or something similar? We are thinking about limiting it to ASCII characters only and ignoring the rest.

[Jeffrey-Chau-Leo]

@waahm7

Unfortunately, yes, we may have users who have non-ASCII characters in their usernames.

[waahm7]

This is fixed in https://github.com/awslabs/aws-crt-swift/releases/tag/0.23.0. We have made the following improvements:

• Fixed some bugs in our encoding/decoding logic around UTF-8. UTF-8 should now work properly.
• For encodings other than UTF-8, we now try to decode using UTF-8 instead of force decoding and replace invalid bytes with the missing byte symbol (�).

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.