Opened 6 years ago
Closed 6 years ago
#1249 closed defect/bug (fixed)
maptool segfaults if memory slices > 32GB
Reported by: | kazer | Owned by: | KaZeR |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | tools | Version: | git master |
Severity: | normal | Keywords: | |
Cc: |
Description
I ran some tests on a server with a lot of RAM. When the memory slice is bigger than 32GB, maptool segfaults.
(gdb) r -M -k -S "36000000000" -u http://maps.navit-project.org/planet-36.bin -5 planet-36.bin.md5 -6 planet-36.bin < planet.o5m Starting program: /navit/bin/navit/maptool/maptool -M -k -S "36000000000" -u http://maps.navit-project.org/planet-36.bin -5 planet-36.bin.md5 -6 planet-36.bin < planet.o5m warning: Could not load shared library symbols for linux-vdso.so.1. Do you need "set solib-search-path" or "set sysroot"? [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". I will KEEP tmp files PROGRESS: Phase 1: reading input data 0:00 0 MB Program received signal SIGSEGV, Segmentation fault. 0x000000000041edf3 in node_item_find_index_in_ordered_list (id=200542) at /navit/navit/maptool/osm.c:1377 1377 if (node_buffer_base[node_count-1].id < id) (gdb) (gdb) bt #0 0x000000000041edf3 in node_item_find_index_in_ordered_list (id=200542) at /navit/navit/maptool/osm.c:1377 #1 node_item_get (id=200542) at /navit/navit/maptool/osm.c:1426 #2 0x000000000041eea0 in node_ref_way (node=<optimized out>) at /navit/navit/maptool/osm.c:2904 #3 nodes_ref_item_bin (ib=ib@entry=0x6a5c80 <misc_item_buffer>) at /navit/navit/maptool/osm.c:2915 #4 0x0000000000421701 in osm_end_way (osm=0x7fffffffe550) at /navit/navit/maptool/osm.c:1743 #5 0x0000000000424c99 in map_collect_data_osm_o5m (in=<optimized out>, osm=osm@entry=0x7fffffffe550) at /navit/navit/maptool/osm_o5m.c:307 #6 0x0000000000418e07 in osm_read_input_data (p=0x7fffffffe4e0, suffix=<optimized out>) at /navit/navit/maptool/maptool.c:498 #7 main (argc=<optimized out>, argv=<optimized out>) at /navit/navit/maptool/maptool.c:888
Attachments (1)
Change History (5)
Changed 6 years ago by tryagain
comment:1 Changed 6 years ago by tryagain
comment:2 Changed 6 years ago by kazer
It works, good job tryagain!
comment:3 Changed 6 years ago by kazer
Committed in r5890
comment:4 Changed 6 years ago by kazer
- Component changed from core to tools
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
I think i know the reason, signed int32 count of nodes in buffer overflows and you get a pointer before array beginning.
Please verify if it works with >32gb slice an huge_slices.diff applied.