search

mapnik / clipper

Boost Software License 1.0
8 stars 5 forks source link

Reproducible free-without-malloc crash #4

Closed e-n-f closed 8 years ago

e-n-f commented 8 years ago

In the tippecanoe earcut-polygon branch, at e5461b1, which contains a copy of Clipper at 68c49e9a9a:

$ ./tippecanoe -z6 -f -o foo.mbtiles ne_10m_admin_0_countries.json
For layer 0, using name "ne_10m_admin_0_countries"
254 features, 1711238 bytes of geometry, 61421 bytes of metadata, 24955 bytes of string pool
Warning: splitting up polygon with more than 700 sides
tippecanoe(20345,0x1019ec000) malloc: *** error for object 0x7fbee4918950: pointer being freed was not allocated
*** set a breakpoint in malloc_error_break to debug
Abort trap: 6

The crash claims to be in Clipper:

(lldb) bt
* thread #2: tid = 0x9b799, 0x00007fff8b147286 libsystem_kernel.dylib`__pthread_kill + 10, stop reason = signal SIGABRT
  * frame #0: 0x00007fff8b147286 libsystem_kernel.dylib`__pthread_kill + 10
    frame #1: 0x00007fff81e5d9f9 libsystem_pthread.dylib`pthread_kill + 90
    frame #2: 0x00007fff8aa629b3 libsystem_c.dylib`abort + 129
    frame #3: 0x00007fff8fbab1cb libsystem_malloc.dylib`free + 428
    frame #4: 0x00000001000319f3 tippecanoe`ClipperLib::DisposeOutPts(ClipperLib::OutPt*&) + 131
    frame #5: 0x0000000100038475 tippecanoe`ClipperLib::ClipperBase::DisposeOutRec(unsigned long) + 101
    frame #6: 0x0000000100038318 tippecanoe`ClipperLib::ClipperBase::DisposeAllOutRecs() + 120
    frame #7: 0x0000000100039883 tippecanoe`ClipperLib::Clipper::Execute(ClipperLib::ClipType, ClipperLib::PolyTree&, ClipperLib::PolyFillType, ClipperLib::PolyFillType) + 147
    frame #8: 0x00000001000397dd tippecanoe`ClipperLib::Clipper::Execute(ClipperLib::ClipType, ClipperLib::PolyTree&, ClipperLib::PolyFillType) + 45
    frame #9: 0x0000000100023a2d tippecanoe`clean_or_clip_poly(geom=<unavailable>, z=<unavailable>, detail=<unavailable>, buffer=<unavailable>, clip=<unavailable>) + 1613 at geometry.cc:483
    frame #10: 0x0000000100012c64 tippecanoe`partial_feature_worker(v=0x00000001001ca630) + 1572 at tile.cc:544
    frame #11: 0x0000000100014cca tippecanoe`write_tile(geoms=0x00000001001caec0, metabase=0x0000000100134000, stringpool=0x0000000100143000, z=1, tx=0, ty=0, detail=<unavailable>, min_detail=<unavailable>, basezoom=<unavailable>, file_keys=<unavailable>, layernames=<unavailable>, outdb=<unavailable>, droprate=2.5, buffer=<unavailable>, fname=<unavailable>, geomfile=<unavailable>, minzoom=0, maxzoom=0, todo=2508802, geomstart=<unavailable>, along=<unavailable>, gamma=0, nlayers=<unavailable>, prevent=<unavailable>, additional=<unavailable>, child_shards=0, meta_off=<unavailable>, pool_off=<unavailable>, initial_x=<unavailable>, initial_y=<unavailable>, running=<unavailable>) + 6874 at tile.cc:869
    frame #12: 0x0000000100016825 tippecanoe`run_thread(vargs=0x00007fff5fbfd0d0) + 789 at tile.cc:1121
    frame #13: 0x00007fff81e5c05a libsystem_pthread.dylib`_pthread_body + 131
    frame #14: 0x00007fff81e5bfd7 libsystem_pthread.dylib`_pthread_start + 176
    frame #15: 0x00007fff81e593ed libsystem_pthread.dylib`thread_start + 13

cc @springmeyer @flippmoke

springmeyer commented 8 years ago

Looks like same crash as https://github.com/mapbox/mapnik-vector-tile/issues/198. /cc @flippmoke

e-n-f commented 8 years ago

No longer crashing for me with Clipper 381c817fd