<p>One issue in the code is the lack of any input parameter sanitation. With the wrong parameter values, it will eat up all available memory, and then crashes with a segfault:</p>
<pre><code>/home/osm/openstreetmap-website/vendor/bundle/ruby/2.5.0/gems/quad_tile-1.0.1/lib/quad_tile.rb:9: [BUG] Segmentation fault at 0x0000000200000000
ruby 2.5.1p57 (2018-03-29 revision 63029) [x86_64-linux-gnu]

-- Control frame information -----------------------------------------------
c:0083 p:---- s:0625 e:000624 CFUNC  :iterate_tiles_for_area
c:0082 p:0015 s:0620 e:000619 METHOD /home/osm/openstreetmap-website/vendor/bundle/ruby/2.5.0/gems/quad_tile-1.0.1/lib/quad_tile.rb:9
c:0081 p:0017 s:0612 e:000611 METHOD /home/osm/openstreetmap-website/lib/osm.rb:559
c:0080 p:0348 s:0605 E:001ab0 METHOD /home/osm/openstreetmap-website/app/controllers/api/swf_controller.rb:51


/home/osm/openstreetmap-website/lib/osm.rb:559:in `sql_for_area'
/home/osm/openstreetmap-website/vendor/bundle/ruby/2.5.0/gems/quad_tile-1.0.1/lib/quad_tile.rb:9:in `sql_for_area'
/home/osm/openstreetmap-website/vendor/bundle/ruby/2.5.0/gems/quad_tile-1.0.1/lib/quad_tile.rb:9:in `iterate_tiles_for_area'

[...]

-- Machine register context ------------------------------------------------
 RIP: 0x00007fc3631eeb85 RBP: 0x0000000080000000 RSP: 0x00007fc35cbdf750
 RAX: 0x0000000000000000 RBX: 0x000000000000ca2c RCX: 0x00000000ffffffff
 RDX: 0x000000007aec26d0 RDI: 0x0000000200000000 RSI: 0x000000007aec26d0
  R8: 0x0000000080000001  R9: 0x0000000000000000 R10: 0x0000000000000001
 R11: 0x0000000000000207 R12: 0x000000008000ca2d R13: 0x0000000000007e58
 R14: 0x0000000000000000 R15: 0x00000000ffc8f36a EFL: 0x0000000000010286

-- C level backtrace information -------------------------------------------
/usr/lib/x86_64-linux-gnu/libruby-2.5.so.2.5(0x7fc36fc90965) [0x7fc36fc90965]
/usr/lib/x86_64-linux-gnu/libruby-2.5.so.2.5(0x7fc36fc90b9c) [0x7fc36fc90b9c]
/usr/lib/x86_64-linux-gnu/libruby-2.5.so.2.5(0x7fc36fb5a884) [0x7fc36fb5a884]
/usr/lib/x86_64-linux-gnu/libruby-2.5.so.2.5(0x7fc36fc209a2) [0x7fc36fc209a2]
/lib/x86_64-linux-gnu/libc.so.6(0x7fc36f720f20) [0x7fc36f720f20]
/home/osm/openstreetmap-website/vendor/bundle/ruby/2.5.0/gems/quad_tile-1.0.1/lib/quad_tile/quad_tile.so(tilelist_for_area+0x85) [0x7fc3631eeb85]
/home/osm/openstreetmap-website/vendor/bundle/ruby/2.5.0/gems/quad_tile-1.0.1/lib/quad_tile/quad_tile.so(0xcee) [0x7fc3631eecee]
/usr/lib/x86_64-linux-gnu/libruby-2.5.so.2.5(0x7fc36fc79289) [0x7fc36fc79289]
/usr/lib/x86_64-linux-gnu/libruby-2.5.so.2.5(0x7fc36fc877b3) [0x7fc36fc877b3]
</code></pre>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/pull/2228?email_source=notifications&email_token=AAK2OLOAD7KA64ZK3WLHTW3PWF56NA5CNFSM4HN4PEF2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODVXFUAQ#issuecomment-493771266">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AAK2OLNSUVQ4F5WUZQIUAMDPWF56NANCNFSM4HN4PEFQ">mute the thread</a>.<img src="https://github.com/notifications/beacon/AAK2OLMRFLO3NPTIHMILQGDPWF56NA5CNFSM4HN4PEF2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODVXFUAQ.gif" height="1" width="1" alt="" /></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/openstreetmap/openstreetmap-website/pull/2228?email_source=notifications\u0026email_token=AAK2OLOAD7KA64ZK3WLHTW3PWF56NA5CNFSM4HN4PEF2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODVXFUAQ#issuecomment-493771266",
"url": "https://github.com/openstreetmap/openstreetmap-website/pull/2228?email_source=notifications\u0026email_token=AAK2OLOAD7KA64ZK3WLHTW3PWF56NA5CNFSM4HN4PEF2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODVXFUAQ#issuecomment-493771266",
"name": "View Pull Request"
},
"description": "View this Pull Request on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>