Android crash due to potential tagged pointer misusage

Question

Android crash due to potential tagged pointer misusage

Closed this issue 2 months ago · 1 comments

⚠️ Issues not using this template will be systematically closed.

Describe the bug
When cleaning up resources, specifically the AssetLoader we get a crash on some android devices.
The issue seems to be due to a misusage of tagged pointers, which is furthermore explained here: https://source.android.com/docs/security/test/tagged-pointers

Are we doing any of this?:

To Reproduce
Steps to reproduce the behavior:

Destroy the asset loader:

gltfio::AssetLoader::destroy(&assetLoader);

(Note: If necessary I can try to provide a full reproduction!)

Expected behavior
Properly cleanup without a crash

Screenshots
n/a

Logs

(Note: this crash logs make it seem like its just a problem in our internal library, but please check the screenshot from the debugger)

2024-04-17 08:58:15.115  5448-5695  libc                    com.margelo.filamentexample          A  Pointer tag for 0xdac0112a5280002b was truncated, see 'https://source.android.com/devices/tech/debug/tagged-pointers'.
2024-04-17 08:58:15.115  5448-5695  libc                    com.margelo.filamentexample          A  Fatal signal 6 (SIGABRT), code -1 (SI_QUEUE) in tid 5695 (FilamentRendere), pid 5448 (filamentexample)
2024-04-17 08:58:15.540  6026-6026  DEBUG                   pid-6026                             A  Cmdline: com.margelo.filamentexample
2024-04-17 08:58:15.540  6026-6026  DEBUG                   pid-6026                             A  pid: 5448, tid: 5695, name: FilamentRendere  >>> com.margelo.filamentexample <<<
2024-04-17 08:58:15.540  6026-6026  DEBUG                   pid-6026                             A        #02 pc 0000000001570564  /data/app/~~GP8kgVVVg-EUrUVc5XqR3A==/com.margelo.filamentexample-OzaQWdrswFWcIt5IWz-1oA==/lib/arm64/libRNFilament.so (BuildId: 9228a395fd879fba96cac7114c2d5205ea850de1)
2024-04-17 08:58:15.540  6026-6026  DEBUG                   pid-6026                             A        #03 pc 0000000001570508  /data/app/~~GP8kgVVVg-EUrUVc5XqR3A==/com.margelo.filamentexample-OzaQWdrswFWcIt5IWz-1oA==/lib/arm64/libRNFilament.so (BuildId: 9228a395fd879fba96cac7114c2d5205ea850de1)
2024-04-17 08:58:15.540  6026-6026  DEBUG                   pid-6026                             A        #04 pc 000000000157048c  /data/app/~~GP8kgVVVg-EUrUVc5XqR3A==/com.margelo.filamentexample-OzaQWdrswFWcIt5IWz-1oA==/lib/arm64/libRNFilament.so (BuildId: 9228a395fd879fba96cac7114c2d5205ea850de1)
2024-04-17 08:58:15.540  6026-6026  DEBUG                   pid-6026                             A        #05 pc 0000000001570424  /data/app/~~GP8kgVVVg-EUrUVc5XqR3A==/com.margelo.filamentexample-OzaQWdrswFWcIt5IWz-1oA==/lib/arm64/libRNFilament.so (BuildId: 9228a395fd879fba96cac7114c2d5205ea850de1)
2024-04-17 08:58:15.540  6026-6026  DEBUG                   pid-6026                             A        #06 pc 00000000018a1e38  /data/app/~~GP8kgVVVg-EUrUVc5XqR3A==/com.margelo.filamentexample-OzaQWdrswFWcIt5IWz-1oA==/lib/arm64/libRNFilament.so (BuildId: 9228a395fd879fba96cac7114c2d5205ea850de1)
2024-04-17 08:58:15.540  6026-6026  DEBUG                   pid-6026                             A        #07 pc 00000000018a19f8  /data/app/~~GP8kgVVVg-EUrUVc5XqR3A==/com.margelo.filamentexample-OzaQWdrswFWcIt5IWz-1oA==/lib/arm64/libRNFilament.so (BuildId: 9228a395fd879fba96cac7114c2d5205ea850de1)
2024-04-17 08:58:15.540  6026-6026  DEBUG                   pid-6026                             A        #08 pc 000000000189e55c  /data/app/~~GP8kgVVVg-EUrUVc5XqR3A==/com.margelo.filamentexample-OzaQWdrswFWcIt5IWz-1oA==/lib/arm64/libRNFilament.so (BuildId: 9228a395fd879fba96cac7114c2d5205ea850de1)
2024-04-17 08:58:15.540  6026-6026  DEBUG                   pid-6026                             A        #09 pc 00000000018c20cc  /data/app/~~GP8kgVVVg-EUrUVc5XqR3A==/com.margelo.filamentexample-OzaQWdrswFWcIt5IWz-1oA==/lib/arm64/libRNFilament.so (BuildId: 9228a395fd879fba96cac7114c2d5205ea850de1)
2024-04-17 08:58:15.540  6026-6026  DEBUG                   pid-6026                             A        #10 pc 00000000018a17d8  /data/app/~~GP8kgVVVg-EUrUVc5XqR3A==/com.margelo.filamentexample-OzaQWdrswFWcIt5IWz-1oA==/lib/arm64/libRNFilament.so (BuildId: 9228a395fd879fba96cac7114c2d5205ea850de1)
2024-04-17 08:58:15.540  6026-6026  DEBUG                   pid-6026                             A        #11 pc 000000000189de38  /data/app/~~GP8kgVVVg-EUrUVc5XqR3A==/com.margelo.filamentexample-OzaQWdrswFWcIt5IWz-1oA==/lib/arm64/libRNFilament.so (filament::gltfio::AssetLoader::destroy(filament::gltfio::AssetLoader**)+40) (BuildId: 9228a395fd879fba96cac7114c2d5205ea850de1)

Debugger:

Desktop (please complete the following information):

OS: android
GPU: Mali-G78 MP14
Backend: OpenGL

Smartphone (please complete the following information):

Device: sm-g991b/ds aka. Samsung Galaxy S21 5G
OS: Android 14

Additional context

/

Answer 1 · 2024-04-17T07:13:22.000Z

Well, pardon, seems like we are trying to destroy something thats already null - thats clearly an issue in our implementation. Sorry for bothering you!