Crash when loading a model from remote #621
Description
I tested to load a glb file using the ar-model-viewer app from the current main branch and got a crash. As of the crashlogs it loosk like a bufferoverflow to me, but since
i have no insights to the native code i can't dig deepEr into this.
glb model file is 3,5 MB but the size can't be the issue. I succesfully loaded files with 27 MB and more
Device was a Pixel 6 running API 36
Crashlogs:
Pointer tag for 0x726f48ffffffff was truncated, see 'https://source.android.com/devices/tech/debug/tagged-pointers'.
Fatal signal 6 (SIGABRT), code -1 (SI_QUEUE) in tid 20632 (e.armodelviewer), pid 20632 (e.armodelviewer)
Sometimes i also see:
Scudo ERROR: misaligned pointer when deallocating address 0x726f48ffffffff
So this is all about the same pointer
native backtrace:
07-14 16:30:02.166 21393 21393 F DEBUG :
07-14 16:30:02.166 21393 21393 F DEBUG : Build fingerprint: 'google/oriole/oriole:16/BP2A.250605.031.A2/13578606:user/release-keys'
07-14 16:30:02.166 21393 21393 F DEBUG : Revision: 'MP1.0'
07-14 16:30:02.166 21393 21393 F DEBUG : ABI: 'arm64'
07-14 16:30:02.166 21393 21393 F DEBUG : Timestamp: 2025-07-14 16:30:01.955888704+0200
07-14 16:30:02.166 21393 21393 F DEBUG : Process uptime: 41s
07-14 16:30:02.166 21393 21393 F DEBUG : Cmdline: io.github.sceneview.sample.armodelviewer
07-14 16:30:02.166 21393 21393 F DEBUG : pid: 21118, tid: 21118, name: e.armodelviewer >>> io.github.sceneview.sample.armodelviewer <
07-14 16:30:02.166 21393 21393 F DEBUG : uid: 10260
07-14 16:30:02.166 21393 21393 F DEBUG : tagged_addr_ctrl: 0000000000000001 (PR_TAGGED_ADDR_ENABLE)
07-14 16:30:02.166 21393 21393 F DEBUG : signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr --------
07-14 16:30:02.166 21393 21393 F DEBUG : Abort message: 'Scudo ERROR: misaligned pointer when deallocating address 0x726f48ffffffff'
07-14 16:30:02.166 21393 21393 F DEBUG : x0 0000000000000000 x1 000000000000527e x2 0000000000000006 x3 0000007ff97cd5e0
07-14 16:30:02.166 21393 21393 F DEBUG : x4 1f7164736d686e6f x5 1f7164736d686e6f x6 1f7164736d686e6f x7 7f7f7f7f7f7f7f7f
07-14 16:30:02.166 21393 21393 F DEBUG : x8 00000000000000f0 x9 472ac77cdb80a84e x10 0000000000000001 x11 00000078b4eb52e0
07-14 16:30:02.166 21393 21393 F DEBUG : x12 0000000068751469 x13 000000007fffffff x14 00000000016d340c x15 00000567bdaa5289
07-14 16:30:02.166 21393 21393 F DEBUG : x16 00000078b4f210d8 x17 00000078b4f08c40 x18 00000078c8148000 x19 000000000000527e
07-14 16:30:02.166 21393 21393 F DEBUG : x20 000000000000527e x21 00000000ffffffff x22 0000007663497640 x23 0000000000000000
07-14 16:30:02.166 21393 21393 F DEBUG : x24 000000767350f730 x25 00000077c3512f10 x26 0000000000000000 x27 0000000000000001
07-14 16:30:02.166 21393 21393 F DEBUG : x28 000000755cc75730 x29 0000007ff97cd660
07-14 16:30:02.166 21393 21393 F DEBUG : lr 00000078b4e9f5d8 sp 0000007ff97cd5e0 pc 00000078b4e9f5fc pst 0000000000001000
07-14 16:30:02.166 21393 21393 F DEBUG : 7 total frames
07-14 16:30:02.166 21393 21393 F DEBUG : backtrace:
07-14 16:30:02.166 21393 21393 F DEBUG : #00 pc 00000000000705fc /apex/com.android.runtime/lib64/bionic/libc.so (abort+156) (BuildId: 56d1c072e220860e239a4a1824a78f97)
07-14 16:30:02.166 21393 21393 F DEBUG : #1 pc 000000000005b0b8 /apex/com.android.runtime/lib64/bionic/libc.so (scudo::die()+8) (BuildId: 56d1c072e220860e239a4a1824a78f97)
07-14 16:30:02.166 21393 21393 F DEBUG : #2 pc 000000000005bd7c /apex/com.android.runtime/lib64/bionic/libc.so (scudo::reportRawError(char const)+28) (BuildId: 56d1c072e220860e239a4a1824a78f97)
07-14 16:30:02.166 21393 21393 F DEBUG : #3 pc 000000000005bcec /apex/com.android.runtime/lib64/bionic/libc.so (scudo::ScopedErrorReport::~ScopedErrorReport()+12) (BuildId: 56d1c072e220860e239a4a1824a78f97)
07-14 16:30:02.166 21393 21393 F DEBUG : #4 pc 000000000005c1c4 /apex/com.android.runtime/lib64/bionic/libc.so (scudo::reportMisalignedPointer(scudo::AllocatorAction, void)+116) (BuildId: 56d1c072e220860e239a4a1824a78f97)
07-14 16:30:02.166 21393 21393 F DEBUG : #5 pc 000000000005d8a0 /apex/com.android.runtime/lib64/bionic/libc.so (scudo::Allocator<scudo::AndroidNormalConfig, &scudo_malloc_postinit>::deallocate(void*, scudo::Chunk::Origin, unsigned long, unsigned long)+272) (BuildId: 56d1c072e220860e239a4a1824a78f97)