Invalid image URL crashes the client app

[yakovmanshin]

Step 1: Describe your environment

• Xcode version: 12.5.1
• Firebase SDK version: 8.4.0
• Installation method: CocoaPods
• Firebase Component: IAM

Step 2: Describe the problem

Steps to reproduce:

1. Compose a new in-app message in the Firebase Console, and leave a trailing whitespace in the image URL;
2. Make the message appear in the app (send a test message or publish the campaign).

Why the crash happens:

1. In FIRIAMFetchResponseParser’s convertToMessageDefinitionWithMessageDict:, [NSURL URLWithString:imageURLStr] returns nil because of the whitespace;
2. The msgData object is created with nil in imageURL;
3. nil URLs produce no image data;
4. The imageData parameter in FIRInAppMessagingDisplayMessage initializer is not nullable, so the entire displayMessage object becomes nil;
5. FIRInAppMessagingDisplay’s displayMessage:displayDelegate: method assumes messageForDisplay is not optional, so when a nil is received in the Swift runtime, a crash occurs.

Next Steps

In addition to the check introduced in the associated pull request, a new method could be added to FIRIAMFetchResponseParser to sanitize URL strings by handling common errors, such as whitespaces.

Filed in #8485. Implemented in #8486.

Images

Stack Trace

Crashed: com.apple.main-thread
0  libswiftCore.dylib             0x1b68d45b8 swift_getObjectType + 60
1  <REDACTED>                     0x10358a344 closure #1 in <REDACTED>.displayMessage(_:displayDelegate:) + 4390806340 (<compiler-generated>:4390806340)
2  <REDACTED>                     0x1021a89b0 thunk for @escaping @callee_guaranteed () -> () + 4369959344 (<compiler-generated>:4369959344)
3  libdispatch.dylib              0x1a8de69a8 _dispatch_call_block_and_release + 24
4  libdispatch.dylib              0x1a8de7524 _dispatch_client_callout + 16
5  libdispatch.dylib              0x1a8d995b4 _dispatch_main_queue_callback_4CF$VARIANT$mp + 904
6  CoreFoundation                 0x1a909f6bc __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__ + 12
7  CoreFoundation                 0x1a909a590 __CFRunLoopRun + 1724
8  CoreFoundation                 0x1a9099ba8 CFRunLoopRunSpecific + 424
9  GraphicsServices               0x1b3209344 GSEventRunModal + 160
10 UIKitCore                      0x1ad1d53e4 UIApplicationMain + 1932
11 <REDACTED>                     0x10215cb2c main + 15 (<REDACTED>.swift:15)
12 libdyld.dylib                  0x1a8f218f0 start + 4

[google-oss-bot]

I found a few problems with this issue:

• I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
• This issue does not seem to follow the issue template. Make sure you provide all the required information.

[morganchen12]

It'd be nice as well if we can check for common errors when the IAM is being created in console.