I have a crash with some optimisation code. What I'm trying to do is to remove some points from the input array when the previous and the next point are close enough. The method works well in almost all case but crash with some specific data.

我有一些优化代码的崩溃。我要做的是，在前面和下一个点足够接近的时候，从输入数组中移除一些点。该方法在几乎所有情况下都很有效，但在某些特定数据下崩溃。

An example of input data that crash:

一个输入数据崩溃的例子:

Value of coords : (51.55188, -0.17591), (51.55208, -0.17516), (51.55231, -0.17444)
Value of altitudes : 10000, 10000, 10000
Value of count : 3

If I skip the optimisation code and use directly the input value, then everything works correctly. It also works correctly if I simply memcpy the input values in the temp arrays.

如果我跳过optimisation代码并直接使用输入值，那么一切都可以正常工作。如果我简单地memcpy在temp数组中的输入值，它也能正常工作。

I got a EXC_BAD_ACCESS EXC_I386_GPFLT after using this method with the input data posted. The crash doesn't happen directly in this method but after when I use the object created at the end of the method. I've already tried NSZombie and Profiling for zombies. Everything works correctly with almost all the data but crash 100% with this specific input data (At least it is easier for me to debug!).

使用此方法后，我得到了一个EXC_BAD_ACCESS EXC_I386_GPFLT。崩溃不会直接发生在这个方法中，但是当我使用在方法末尾创建的对象之后。我已经尝试过NSZombie和Profiling。几乎所有的数据都能正常工作，但是100%使用这个特定的输入数据(至少对我来说调试起来更容易!)

The code of my method:

我的方法代码:

+ (instancetype) optimizedPolylineWithCoordinates:(CLLocationCoordinate2D*) coords altitudes:(RLMKAltitude*) altitudes count:(NSUInteger) count
{
    CGFloat minimumDistanceBetweenPoints = [self minimumOptimizedDistanceBetweenPoints];

    CLLocationCoordinate2D* tempCoords = malloc(sizeof(CLLocationCoordinate2D) * count);
    RLMKAltitude* tempAltitudes = malloc(sizeof(RLMKAltitude) * count);
    NSUInteger tempCoordsCount = 0;

    // Always keep first point
    tempCoords[0] = coords[0];
    tempAltitudes[0] = altitudes[0];
    ++tempCoordsCount;

    for (NSUInteger i = 1; i < (count - 1); i++)
    {
        MKMapPoint prevPoint = MKMapPointForCoordinate(coords[i - 1]);
        MKMapPoint nextPoint = MKMapPointForCoordinate(coords[i + 1]);

        // Get the distance between the next point and the previous point.
        CLLocationDistance distance = MKMetersBetweenMapPoints(nextPoint, prevPoint);

        // Keep the current point if the distance is greater than the minimum
        if (distance > minimumDistanceBetweenPoints)
        {
            tempCoords[tempCoordsCount] = coords[i];
            tempAltitudes[tempCoordsCount] = altitudes[i];
            ++tempCoordsCount;
        }
    }  

    // Always keep last point
    tempCoords[tempCoordsCount] = coords[(count - 1)];
    tempAltitudes[tempCoordsCount] = altitudes[(count - 1)];
    ++tempCoordsCount;

    RLMKMapWay* object =  [self polylineWithCoordinates:tempCoords altitudes:tempAltitudes count:tempCoordsCount];
    free(tempCoords);
    free(tempAltitudes);

    return object;
}

Note that the polylineWithCoordinates method called with the temp data take care of making copy of all the data so the problem is likely not related with the free located after the call (I've already tried to comment both lines and the crash still happen)

注意，使用temp数据调用的polylineWithCoordinates方法处理所有数据的复制，因此问题很可能与调用后的空闲位置无关(我已经尝试对这两行进行注释，并且仍然会发生崩溃)

1 个解决方案

#1

---