v.4.7.10 Hardened Memory Allocator Error

derei commented 3 months ago

Description

Error at first launch after update (F-Droid).

Steps to reproduce

Update the app to ver 4.7.10 Attempt to launch it (error may be device/os dependent)

Actual result

Crash. See log.

Expected result

App to run without errors.

Your Environment (required)

WARNING Crash-Logs MAY contain information you deem sensitive. Review this CAREFULLY before posting your issue!

OsmAnd Version: 4.7.10
Android/iOS version: 14 / GrapheneOS
Device model: Pixel 7 Pro
Crash-Log:

type: crash
OS: Graphene OS
Device: Google Pixel 7 Pro
cmdline: net.osmand.plus
processUptime: 3s

abortMessage: hardened_malloc: fatal allocator error: detected write after free

signal: 6 (SIGABRT), code -1 (SI_QUEUE)
threadName: GLThread 31

backtrace:
    libc.so (abort+164, pc [Redacted])
    libc.so (fatal_error+44, pc [Redacted])
    libc.so (allocate+1912, pc [Redacted])
    libc.so (malloc+36, pc [Redacted])
    libQt5Core.so (QArrayData::allocate(unsigned long, unsigned long, unsigned long, QFlags<QArrayData::AllocationOption>)+124, pc [Redacted])
    libOsmAndCoreWithJNI.so ([Function Offset Redacted])
    libOsmAndCoreWithJNI.so ([Function Offset Redacted])
    libOsmAndCoreWithJNI.so ([Function Offset Redacted])
    libOsmAndCoreWithJNI.so ([Function Offset Redacted])
    libOsmAndCoreWithJNI.so (Java_net_osmand_core_jni_OsmAndCoreJNI_IMapRenderer_1renderFrame_1_1SWIG_11+36, pc [Redacted])
    base.odex (art_jni_trampoline+128, pc [Redacted])
    base.odex (net.osmand.core.jni.IMapRenderer.renderFrame+48, pc [Redacted])
    base.odex (MapRendererView$RendererProxy.onDrawFrame+632, pc [Redacted])
    libart.so (nterp_helper+7712, pc [Redacted])
    framework.jar (GLSurfaceView$GLThread.guardedRun+1096, pc [Redacted])
    libart.so (nterp_helper+3924, pc [Redacted])
    framework.jar (GLSurfaceView$GLThread.run+52, pc [Redacted])
    libart.so (art_quick_invoke_stub+612, pc [Redacted])
    libart.so (Invoke+220, pc [Redacted])
    libart.so (Thread::CreateCallback(void*)+1656, pc [Redacted])
    libc.so (__pthread_start(void*)+204, pc [Redacted])
    libc.so (__start_thread+64, pc [Redacted])

Redacted for Privacy:

UID: User identifier removed.
Memory Addresses: Specific addresses obscured.
Device Details: Generalized model and OS information.

yuriiurshuliak commented 3 months ago

Please attempt to update the app or download the version available on Google Play and test the scenario again. If the issue persists, please provide us with any new observations or feedback.

QJKX commented 3 months ago

I didn't get the logs so I can't be sure it's the same problem but I too had crashes after upgrading the f-droid version to 4.7.10 (arm64-v8a). Osmand~ would load, be a bit laggy then crash without a visible error after a few seconds.

I tried upgrading to f-droid's 4.7.17. Same crashes.

Still on 4.7.17, I changed the renderer to V1 and it stopped crashing. I changed the render back to V2 and it still seems OK.

scaidermern commented 3 months ago

I didn't get the logs so I can't be sure it's the same problem but I too had crashes after upgrading the f-droid version to 4.7.10 (arm64-v8a). Osmand~ would load, be a bit laggy then crash without a visible error after a few seconds.

I tried upgrading to f-droid's 4.7.17. Same crashes.

Still on 4.7.17, I changed the renderer to V1 and it stopped crashing. I changed the render back to V2 and it still seems OK.

Sounds like #19890 if you have live updates enabled. Try to delete and redownload them.

QJKX commented 3 months ago

if you have live updates enabled

I do.

Sounds like #19890

It could be.

Piscium commented 2 months ago

Today OsmAnd crashed at start. It happened only once, I don't know how to reproduce the issue. It is likely unrelated to issue #19890 as I don't have live updates enabled.

Like the OP, I am running GrapheneOS, and the error messages was exactly the same: abortMessage: hardened_malloc: fatal allocator error: detected write after free

I am using the same version than the OP, 4.7.10 from F-Droid, on Pixel 8.

My backtrace though is quite different from the OP, although libOsmAndCoreWithJNI.so and libc.so feature in both.

This is manifesting in GrapheneOS because it has hardened malloc, I guess most Android vendors don't use it.

I got two traces from the same crash. I don't feel comfortable pasting them here due to potential security issues (I am not sure what in it is security sensitive). However I can email them to a dev working on this issue. Both traces show a backtrace. One of the backtrace frames has libQt5Core.so, the other 24 frames have libOsmAndCoreWithJNI.so or libc.so.

Update (06/June): I thought I was using version 4.7.17 but only found today that I was actually using version 4.7.10. The confusion arose because although version 4.7.17 was in F-Droid, the "suggested" version is 4.7.10, and that is what was installed without me realising the difference. I edited my comment above to reflect the correct version where I got the issue.

vshcherb commented 1 month ago

We will try to unlock MTE and check for crashes

Andrewschenko commented 1 month ago

I got two traces from the same crash. I don't feel comfortable pasting them here due to potential security issues (I am not sure what in it is security sensitive). However I can email them to a dev working on this issue. Both traces show a backtrace. One of the backtrace frames has libQt5Core.so, the other 24 frames have libOsmAndCoreWithJNI.so or libc.so.

Could you send them to me via our support service, please? I'm working on this issue.

Piscium commented 1 month ago

I got two traces from the same crash. I don't feel comfortable pasting them here due to potential security issues (I am not sure what in it is security sensitive). However I can email them to a dev working on this issue. Both traces show a backtrace. One of the backtrace frames has libQt5Core.so, the other 24 frames have libOsmAndCoreWithJNI.so or libc.so.

Could you send them to me via our support service, please? I'm working on this issue.

Hi, I can send them to you. However I don't know what you mean by "via our support service". Can you please be more specific?

DmitryAlexei commented 1 month ago

@Piscium you can send logs to support@osmand.net Please mention that issue in your e-mail

Piscium commented 1 month ago

@Piscium you can send logs to support@osmand.net Please mention that issue in your e-mail

Thanks. Just sent them. Cheers

DmitryAlexei commented 1 month ago

Since the problem is no longer reproducible, we will consider the problem solved

osmandapp / OsmAnd