Possible crash if FIRMessagingTokenManager is dealloc'ed while a token fetch is in progress

[kelan]

Description

I am seeing a crash in FIRMessagingTokenManager which is 100% repeatable during some login/logout flows in our app, and also is fairly repeatable in our automated tests on CI that use the app as the test host (which has the Firebase SDK started as normal), but aren't doing anything directly with this class.

The issue is that -[FIRMessagingTokenManager fetchNewTokenWithAuthorizedEntity:scope:instanceID:options:handler:] does a "weak/strong dance" for self in its completion block, but it doesn't check for nil self (after strongifying it) before dereferencing it on line 315 (self->_tokenStore saveTokenInfo:tokenInfo handler:…). So it crashes if the instance has been dealloced, thus self is now nil.

I think we are releasing our strong reference to the instance right after requesting the token, because we async'ly find that another auth token is invalid, so we want to reset the app to a signed-out state. I think there is a similar race during our automated CI tests which hit this crash fairly often.

Looking at the code, it seems like it should check for nil self after calling FIRMessaging_STRONGIFY(self) on FIRMessagingTokenManager.m:298, and do an early return.

Reproducing the issue

No response

Firebase SDK Version

At least in 9.5.0 and the latest (10.4.0)

Xcode Version

14.2 (14C18)

Installation Method

Swift Package Manager

Firebase Product(s)

Messaging

Targeted Platforms

iOS

Relevant Log Output

No response

If using Swift Package Manager, the project's Package.resolved

No response

If using CocoaPods, the project's Podfile.lock

No response

[google-oss-bot]

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.