[Bug] Crash in AuthResponse::error_code

[mcasper]

[REQUIRED] Please fill in the following fields:

• Pre-built SDK from the website or open-source from this repo: open-source from this repo
• Firebase C++ SDK version: v8.6.0
• Problematic Firebase Component: Auth
• Other Firebase Components in use: Database
• Platform you are using the C++ SDK on: Mac
• Platform you are targeting: Desktop

[REQUIRED] Please describe the issue here:

If an AuthRequest is cancelled or times out, calling error_code() on it causes a crash.

Example stacktraces:

Crashed: Thread
0  Tuple                          0xef351e firebase::auth::AuthResponse::error_code() const + 2608 (memory:2608)
1  Tuple                          0xed6999 firebase::auth::AuthenticationResult firebase::auth::AuthenticationResult::FromResponse<firebase::auth::VerifyCustomTokenResponse>(firebase::auth::VerifyCustomTokenResponse const&) + 39 (authentication_result.h:39)
2  Tuple                          0xed609a firebase::auth::AuthenticationResult firebase::auth::CompleteSignInFlow<firebase::auth::VerifyCustomTokenResponse>(firebase::auth::AuthData*, firebase::auth::VerifyCustomTokenResponse const&) + 62 (authentication_result.h:62)
3  Tuple                          0xec7ca4 void firebase::auth::PerformSignInFlow<firebase::auth::VerifyCustomTokenResponse, firebase::auth::User*, firebase::auth::VerifyCustomTokenRequest>(firebase::auth::AuthDataHandle<firebase::auth::User*, firebase::auth::VerifyCustomTokenRequest>*) + 62 (authentication_result.h:62)
4  Tuple                          0xed5f6d firebase::Future<firebase::auth::User*> firebase::auth::CallAsync<firebase::auth::User*, firebase::auth::VerifyCustomTokenRequest>(firebase::auth::AuthData*, firebase::auth::Promise<firebase::auth::User*>, std::__1::unique_ptr<firebase::auth::VerifyCustomTokenRequest, std::__1::default_delete<firebase::auth::VerifyCustomTokenRequest> >, firebase::auth::AuthDataHandle<firebase::auth::User*, firebase::auth::VerifyCustomTokenRequest>::CallbackT)::'lambda'(firebase::auth::AuthDataHandle<firebase::auth::User*, firebase::auth::VerifyCustomTokenRequest>*)::__invoke(firebase::auth::AuthDataHandle<firebase::auth::User*, firebase::auth::VerifyCustomTokenRequest>*) + 102 (auth_util.h:102)
5  Tuple                          0xeb637c firebase::scheduler::Scheduler::TriggerCallback(firebase::SharedPtr<firebase::scheduler::Scheduler::RequestData> const&) + 107 (shared_ptr.h:107)
6  Tuple                          0xeb5f43 firebase::scheduler::Scheduler::WorkerThreadRoutine(void*) + 169 (scheduler.cc:169)
7  Tuple                          0xeb6c48 void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, void (*)(void*), void*> >(void*) + 2622 (memory:2622)
8  libsystem_pthread.dylib        0x6950 _pthread_start + 224
9  libsystem_pthread.dylib        0x247b thread_start + 15

Crashed: Thread
0  Tuple                          0xef351e firebase::auth::AuthResponse::error_code() const + 2608 (memory:2608)
1  Tuple                          0xeeae32 firebase::auth::(anonymous namespace)::EnsureFreshToken(firebase::auth::AuthData*, bool, bool) + 83 (user_desktop.cc:83)
2  Tuple                          0xeeaa54 firebase::auth::User::GetTokenInternal(bool, int)::$_3::__invoke(firebase::auth::AuthDataHandle<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, firebase::rest::Request>*) + 71 (user_desktop.cc:71)
3  Tuple                          0xeee4ed firebase::Future<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > firebase::auth::CallAsync<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, firebase::rest::Request>(firebase::auth::AuthData*, firebase::auth::Promise<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, std::__1::unique_ptr<firebase::rest::Request, std::__1::default_delete<firebase::rest::Request> >, firebase::auth::AuthDataHandle<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, firebase::rest::Request>::CallbackT)::'lambda'(firebase::auth::AuthDataHandle<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, firebase::rest::Request>*)::__invoke(firebase::auth::AuthDataHandle<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, firebase::rest::Request>*) + 102 (auth_util.h:102)
4  Tuple                          0xeb637c firebase::scheduler::Scheduler::TriggerCallback(firebase::SharedPtr<firebase::scheduler::Scheduler::RequestData> const&) + 107 (shared_ptr.h:107)
5  Tuple                          0xeb5f43 firebase::scheduler::Scheduler::WorkerThreadRoutine(void*) + 169 (scheduler.cc:169)
6  Tuple                          0xeb6c48 void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, void (*)(void*), void*> >(void*) + 2622 (memory:2622)
7  libsystem_pthread.dylib        0x68fc _pthread_start + 224
8  libsystem_pthread.dylib        0x2443 thread_start + 15

I believe this happens because of the timeout and cancelled branches of https://github.com/firebase/firebase-cpp-sdk/blob/main/app/rest/transport_curl.cc#L412, which both call MarkFailed instead of MarkCompleted. MarkFailed never sets application_data_, which leads to the bad access in error_code.

@dconeybe I believe this is another permutation of #615

[jonsimantov]

Thanks for reporting this, it does look similar to #615. I think the fix is as simple as checking if application_data_ is null; I created a PR #738 to add this change. If you are building from source, could you see if building from that branch fixes the issue?

[dconeybe]

@jonsimantov I agree. I remember noticing the fact that ResponseJson overrides MarkCompleted() but fails to override MarkFailed(). I agree with your assessment that overriding MarkFailed() is the correct solution.

[dconeybe]

Oops, didn't mean to close this issue. Reopening.

[jonsimantov]

@jonsimantov I agree. I remember noticing the fact that ResponseJson overrides MarkCompleted() but fails to override MarkFailed(). I agree with your assessment that overriding MarkFailed() is the correct solution.

@dconeybe I wasn't thinking of changing the behavior of MarkFailed (overriding it in response_json) as it could affect other things, I figured I'd just fix it at the error_code() level. We can discuss it in the PR.

[mcasper]

@jonsimantov I built with #738 (4dc5c31) and confirmed that it fixes the issue

[jonsimantov]

Thanks so much for your help in tracking this down and testing the fix!

The fix is merged into main now, and will be included in our next binary release (probably 8.8.0).