s2 icon indicating copy to clipboard operation
s2 copied to clipboard
verified publisher icon radarlabs

builder: segmentation fault

Open missinglink opened this issue 4 years ago • 3 comments

Hi guys,

I was having a play with this lib today when I encountered the following seg fault:

const SegfaultHandler = require('segfault-handler');
SegfaultHandler.registerHandler('crash.log');

// https://developers.google.com/maps/documentation/javascript/examples/layer-data-polygon
// Define the LatLng coordinates for the outer path.
const outerCoords = [
  { lat: -32.364, lng: 153.207 }, // north west
  { lat: -35.364, lng: 153.207 }, // south west
  { lat: -35.364, lng: 158.207 }, // south east
  { lat: -32.364, lng: 158.207 }, // north east
];

// Define the LatLng coordinates for an inner path.
const innerCoords1 = [
  { lat: -33.364, lng: 154.207 },
  { lat: -34.364, lng: 154.207 },
  { lat: -34.364, lng: 155.207 },
  { lat: -33.364, lng: 155.207 },
];

// Define the LatLng coordinates for another inner path.
const innerCoords2 = [
  { lat: -33.364, lng: 156.207 },
  { lat: -34.364, lng: 156.207 },
  { lat: -34.364, lng: 157.207 },
  { lat: -33.364, lng: 157.207 },
];

const s2 = require('@radarlabs/s2');
const builder = new s2.Builder()

builder.addLoop(new s2.Loop(outerCoords.map(c => new s2.LatLng(c.lat, c.lng))))
builder.addLoop(new s2.Loop(innerCoords1.map(c => new s2.LatLng(c.lat, c.lng))))
// builder.addLoop(new s2.Loop(innerCoords2.map(c => new s2.LatLng(c.lat, c.lng))))

const polygon = builder.build()

PID 50798 received SIGSEGV for address: 0x9
0   segfault-handler.node               0x000000011246ffb0 _ZL16segfault_handleriP9__siginfoPv + 304
1   libsystem_platform.dylib            0x00007fff6dd2a5fd _sigtramp + 29
2   libsystem_malloc.dylib              0x00007fff6dcecd8b free_tiny + 459
3   s2.node                             0x00000001124b9bc7 _ZN19MutableS2ShapeIndex5ClearEv + 23
4   s2.node                             0x000000011255645a _ZN9S2Polygon10InitNestedENSt3__16vectorINS0_10unique_ptrI6S2LoopNS0_14default_deleteIS3_EEEENS0_9allocatorIS6_EEEE + 42
5   s2.node                             0x00000001125586be _ZN9S2Polygon12InitOrientedENSt3__16vectorINS0_10unique_ptrI6S2LoopNS0_14default_deleteIS3_EEEENS0_9allocatorIS6_EEEE + 126
6   s2.node                             0x0000000112513b15 _ZN13s2builderutil14S2PolygonLayer5BuildERKN9S2Builder5GraphEP7S2Error + 1493
7   s2.node                             0x00000001124d85c9 _ZN9S2Builder11BuildLayersEv + 905
8   s2.node                             0x00000001124d7fef _ZN9S2Builder5BuildEP7S2Error + 383
9   s2.node                             0x0000000112480c5b _ZN7Builder5BuildERKN4Napi12CallbackInfoE + 107
10  s2.node                             0x000000011248230b _ZZN4Napi10ObjectWrapI7BuilderE29InstanceMethodCallbackWrapperEP10napi_env__P20napi_callback_info__ENKUlvE_clEv + 139
11  s2.node                             0x000000011248222a _ZN4Napi10ObjectWrapI7BuilderE29InstanceMethodCallbackWrapperEP10napi_env__P20napi_callback_info__ + 42
12  node                                0x0000000105d178e1 _ZN6v8impl12_GLOBAL__N_123FunctionCallbackWrapper6InvokeERKN2v820FunctionCallbackInfoINS2_5ValueEEE + 119
13  node                                0x0000000105edd286 _ZN2v88internal25FunctionCallbackArguments4CallENS0_15CallHandlerInfoE + 520
14  node                                0x0000000105edc948 _ZN2v88internal12_GLOBAL__N_119HandleApiCallHelperILb0EEENS0_11MaybeHandleINS0_6ObjectEEEPNS0_7IsolateENS0_6HandleINS0_10HeapObjectEEESA_NS8_INS0_20FunctionTemplateInfoEEENS8_IS4_EENS0_16BuiltinArgumentsE + 769
15  node                                0x0000000105edc01f _ZN2v88internalL26Builtin_Impl_HandleApiCallENS0_16BuiltinArgumentsEPNS0_7IsolateE + 246
16  node                                0x000000010651d1f9 Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_BuiltinExit + 57
17  node                                0x00000001064b64ab Builtins_InterpreterEntryTrampoline + 203
[1]    50798 segmentation fault  node example.js

If I uncomment the third loop, I get a different error:

node(50860,0x113123dc0) malloc: *** error for object 0xe8df8948105f8b48: pointer being freed was not allocated
node(50860,0x113123dc0) malloc: *** set a breakpoint in malloc_error_break to debug
[1]    50860 abort      node example.js

missinglink avatar Sep 08 '21 12:09 missinglink 

node --version
v16.4.2

uname -a
Darwin Peters-MBP-2.fritz.box 19.6.0 Darwin Kernel Version 19.6.0: Thu Jun 18 20:49:00 PDT 2020; root:xnu-6153.141.1~1/RELEASE_X86_64 x86_64

missinglink avatar Sep 08 '21 12:09 missinglink

I think there's an error in my usage where I'm duplicating the start and end points of the loop, removing the end points unfortunately doesn't seem to help with the segfault though.

outerCoords.splice(-1)
innerCoords1.splice(-1)
innerCoords2.splice(-1)

missinglink avatar Sep 08 '21 12:09 missinglink

After spending a bit of time with the C++ API, I think this is a simple matter of moving these lines to the constructor.

missinglink avatar Sep 09 '21 11:09 missinglink