Skip to content

[Flutter 3] Null pointer dereference in libmapbox-gl.so #107297

New issue
New issue
Closed
flutter/engine
#43423
Closed
[Flutter 3] Null pointer dereference in libmapbox-gl.so#107297
flutter/engine
#43423
Assignees
johnmccutchan
Labels
P2Important issues not at the top of the work lista: platform-viewsEmbedding Android/iOS views in Flutter appsc: crashStack traces logged to the consolec: regressionIt was better in the past than it is nowengineflutter/engine related. See also e: labels.platform-androidAndroid applications specifically
@tonnyavery

Description

@tonnyavery
tonnyavery
opened on Jul 8, 2022

I am looking for some help debugging a new critical native crash that affects Mapbox Flutter plugin.

The issue doesn't reproduce on Flutter 2.13 and is only present in Flutter 3.x. No changes to the way plugin was integrated were made and no changes to the native code that plugin relies on were made. The only change was upgrade to Flutter 3.

I have checked the changes done in Flutter engine between 2.13 and 3.0 releases and it's only dart revision: https://github.com/flutter/engine/compare/3096903c8923608d3c1ccf8058a29c31a2bfbc53..d1b9a6938ad77326ac3a94d92bbc77933ed829ed.

Any insight on where to dig?

Steps to Reproduce

  1. Execute flutter run on the code sample
  2. Click on any button that would open the map (try again if it didn't crash)
  3. Observer native crash
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'google/sdk_gphone64_arm64/emulator64_arm64:12/S2B2.211203.006/8015633:userdebug/dev-keys'
Revision: '0'
ABI: 'arm64'
Timestamp: 2022-07-08 13:33:24.673577251+0200
Process uptime: 0s
Cmdline: com.mapbox.mapboxglexample
pid: 4347, tid: 4489, name: GLThread 98  >>> com.mapbox.mapboxglexample <<<
uid: 10152
tagged_addr_ctrl: 0000000000000001
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0
Cause: null pointer dereference
    x0  0000000000000000  x1  0000000000000000  x2  0000000000000001  x3  00000073580c68fc
    x4  00000072b018e338  x5  000000000000004a  x6  4900ff55284901ff  x7  7f7f7f7f7f7f7f7f
    x8  0000000000000000  x9  00000072b018f040  x10 0000000000000001  x11 0000000000000001
    x12 00000000000000ff  x13 0000000000000000  x14 7ffbffff00000000  x15 0000000000000000
    x16 00000072c0d5ef70  x17 00000075f77d72cc  x18 000000728602c000  x19 00000072b018e448
    x20 0000000000000000  x21 0000000000000001  x22 00000072dde6f7a4  x23 0000000000001070
    x24 0000007358200880  x25 00000072b018e5b0  x26 00000072b018e5e0  x27 00000072b018e5b0
    x28 00000072b018e4b0  x29 00000072b018e3e0
    lr  00000072c094981c  sp  00000072b018e3d0  pc  00000072c0949948  pst 0000000060001000
backtrace:
      #00 pc 000000000011d948  /data/app/~~Q0TqeVocFhBLh_eRCp4W2Q==/com.mapbox.mapboxglexample-2g_T8q8jdDQ3a3tJWF_j1g==/lib/arm64/libmapbox-gl.so (BuildId: 5340fab4c92fd87f8304775de4bc95627e863fd7)
      #01 pc 000000000011d818  /data/app/~~Q0TqeVocFhBLh_eRCp4W2Q==/com.mapbox.mapboxglexample-2g_T8q8jdDQ3a3tJWF_j1g==/lib/arm64/libmapbox-gl.so (BuildId: 5340fab4c92fd87f8304775de4bc95627e863fd7)
      #02 pc 00000000000adc2c  /data/app/~~Q0TqeVocFhBLh_eRCp4W2Q==/com.mapbox.mapboxglexample-2g_T8q8jdDQ3a3tJWF_j1g==/lib/arm64/libmapbox-gl.so (BuildId: 5340fab4c92fd87f8304775de4bc95627e863fd7)
      #03 pc 00000000002d7644  /apex/com.android.art/lib64/libart.so (art_quick_generic_jni_trampoline+148) (BuildId: adb75d6f792faa24b1bc8cf512fb112c)
      #04 pc 000000000020a0a0  /apex/com.android.art/lib64/libart.so (nterp_helper+4016) (BuildId: adb75d6f792faa24b1bc8cf512fb112c)
      #05 pc 00000000004297a4  [anon:dalvik-classes2.dex extracted in memory from /data/app/~~Q0TqeVocFhBLh_eRCp4W2Q==/com.mapbox.mapboxglexample-2g_T8q8jdDQ3a3tJWF_j1g==/base.apk!classes2.dex] (com.mapbox.mapboxsdk.maps.renderer.MapRenderer.onDrawFrame+12)
      #06 pc 000000000020a044  /apex/com.android.art/lib64/libart.so (nterp_helper+3924) (BuildId: adb75d6f792faa24b1bc8cf512fb112c)
      #07 pc 000000000042b484  [anon:dalvik-classes2.dex extracted in memory from /data/app/~~Q0TqeVocFhBLh_eRCp4W2Q==/com.mapbox.mapboxglexample-2g_T8q8jdDQ3a3tJWF_j1g==/base.apk!classes2.dex] (com.mapbox.mapboxsdk.maps.renderer.glsurfaceview.GLSurfaceViewMapRenderer.onDrawFrame+0)
      #08 pc 000000000020af10  /apex/com.android.art/lib64/libart.so (nterp_helper+7712) (BuildId: adb75d6f792faa24b1bc8cf512fb112c)
      #09 pc 000000000042befa  [anon:dalvik-classes2.dex extracted in memory from /data/app/~~Q0TqeVocFhBLh_eRCp4W2Q==/com.mapbox.mapboxglexample-2g_T8q8jdDQ3a3tJWF_j1g==/base.apk!classes2.dex] (com.mapbox.mapboxsdk.maps.renderer.glsurfaceview.MapboxGLSurfaceView$GLThread.guardedRun+994)
      #10 pc 000000000020a044  /apex/com.android.art/lib64/libart.so (nterp_helper+3924) (BuildId: adb75d6f792faa24b1bc8cf512fb112c)
      #11 pc 000000000042c490  [anon:dalvik-classes2.dex extracted in memory from /data/app/~~Q0TqeVocFhBLh_eRCp4W2Q==/com.mapbox.mapboxglexample-2g_T8q8jdDQ3a3tJWF_j1g==/base.apk!classes2.dex] (com.mapbox.mapboxsdk.maps.renderer.glsurfaceview.MapboxGLSurfaceView$GLThread.run+48)
      #12 pc 00000000002cdd64  /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+548) (BuildId: adb75d6f792faa24b1bc8cf512fb112c)
      #13 pc 0000000000317fb0  /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+156) (BuildId: adb75d6f792faa24b1bc8cf512fb112c)
      #14 pc 00000000003cc480  /apex/com.android.art/lib64/libart.so (art::JValue art::InvokeVirtualOrInterfaceWithJValues<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, jvalue const*)+380) (BuildId: adb75d6f792faa24b1bc8cf512fb112c)
      #15 pc 000000000045efd8  /apex/com.android.art/lib64/libart.so (art::Thread::CreateCallback(void*)+992) (BuildId: adb75d6f792faa24b1bc8cf512fb112c)
      #16 pc 00000000000b1810  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+264) (BuildId: b2e84269f59e7b1658e3a470fd302458)
      #17 pc 00000000000512f0  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: b2e84269f59e7b1658e3a470fd302458)

Expected results:
App shouldn't crash

Actual results:
App crashes with native crash that doesn't happen in Flutter 2.13

Code sample https://github.com/flutter-mapbox-gl/maps/tree/master/example

Follow readme instructions on how to run mapbox example app

Logs 
[✓] Flutter (Channel master, 3.1.0-0.0.pre.1542, on macOS 12.4 21F79 darwin-arm, locale en-GB)
    • Flutter version 3.1.0-0.0.pre.1542 on channel master at /Volumes/MyData/Common/Flutter/flutter
    • Upstream repository https://github.com/flutter/flutter.git
    • Framework revision b748d1fb1a (18 hours ago), 2022-07-07 10:46:07 -0700
    • Engine revision 61a3788bb9
    • Dart version 2.18.0 (build 2.18.0-261.0.dev)
    • DevTools version 2.15.0

[✓] Android toolchain - develop for Android devices (Android SDK version 32.1.0-rc1)
    • Android SDK at /Volumes/MyData/Common/Android/sdk
    • Platform android-32, build-tools 32.1.0-rc1
    • Java binary at: /Volumes/MyData/Applications/Android Studio.app/Contents/jre/Contents/Home/bin/java
    • Java version OpenJDK Runtime Environment (build 11.0.12+0-b1504.28-7817840)
    • All Android licenses accepted.

[✓] Xcode - develop for iOS and macOS (Xcode 13.4.1)
    • Xcode at /Applications/Xcode.app/Contents/Developer
    • Build 13F100
    • CocoaPods version 1.11.2

[✓] Chrome - develop for the web
    • Chrome at /Applications/Google Chrome.app/Contents/MacOS/Google Chrome

[✓] Android Studio (version 2021.2)
    • Android Studio at /Volumes/MyData/Applications/Android Studio.app/Contents
    • Flutter plugin can be installed from:
      🔨 https://plugins.jetbrains.com/plugin/9212-flutter
    • Dart plugin can be installed from:
      🔨 https://plugins.jetbrains.com/plugin/6351-dart
    • Java version OpenJDK Runtime Environment (build 11.0.12+0-b1504.28-7817840)

[✓] IntelliJ IDEA Ultimate Edition (version 2021.3.2)
    • IntelliJ at /Volumes/MyData/Applications/IntelliJ IDEA.app
    • Flutter plugin can be installed from:
      🔨 https://plugins.jetbrains.com/plugin/9212-flutter
    • Dart plugin can be installed from:
      🔨 https://plugins.jetbrains.com/plugin/6351-dart

[✓] VS Code (version 1.68.1)
    • VS Code at /Volumes/MyData/Applications/Visual Studio Code.app/Contents
    • Flutter extension version 3.42.0

[✓] Connected device (3 available)
    • sdk gphone64 arm64 (mobile) • emulator-5554 • android-arm64  • Android 12 (API 32) (emulator)
    • macOS (desktop)             • macos         • darwin-arm64   • macOS 12.4 21F79 darwin-arm
    • Chrome (web)                • chrome        • web-javascript • Google Chrome 103.0.5060.114

[✓] HTTP Host Availability
    • All required HTTP hosts are available

• No issues found!

Metadata

Metadata

Assignees

Labels

P2Important issues not at the top of the work lista: platform-viewsEmbedding Android/iOS views in Flutter appsc: crashStack traces logged to the consolec: regressionIt was better in the past than it is nowengineflutter/engine related. See also e: labels.platform-androidAndroid applications specifically

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions