view3d.toolshelf() segmentation fault #46764

Closed
opened 2015-11-13 23:58:56 +01:00 by Luca Zeug · 12 comments

System Information
osx 10.11.1

Blender Version
Broken: 2.76b, 45cae17

Short description of error
seg fault after exiting BGE/switching screens

Exact steps for others to reproduce the error

  1. Active Region Overlap
  2. Run this script repeatedly (sometimes ca. 10 times):
import bpy

bpy.context.scene.render.engine = 'BLENDER_GAME'

for area in bpy.context.screen.areas:
    if area.type == 'VIEW_3D':
        override = bpy.context.copy()
        override['area'] = area
        bpy.ops.view3d.toolshelf(override)
        bpy.ops.screen.screen_full_area(override, use_hide_panels=True)

bpy.ops.view3d.game_start()

for area in bpy.context.screen.areas:
    if area.type == 'VIEW_3D':
        override = bpy.context.copy()
        override['area'] = area
        bpy.ops.view3d.toolshelf(override)
        print(bpy.ops.screen.screen_full_area(use_hide_panels=True))

I'm also writing a addon, witch is triggering a seg fault everytime. Not sure how to attach though.

**System Information** osx 10.11.1 **Blender Version** Broken: 2.76b, 45cae17 **Short description of error** seg fault after exiting BGE/switching screens **Exact steps for others to reproduce the error** 1. Active Region Overlap 2. Run this script repeatedly (sometimes ca. 10 times): ``` import bpy bpy.context.scene.render.engine = 'BLENDER_GAME' for area in bpy.context.screen.areas: if area.type == 'VIEW_3D': override = bpy.context.copy() override['area'] = area bpy.ops.view3d.toolshelf(override) bpy.ops.screen.screen_full_area(override, use_hide_panels=True) bpy.ops.view3d.game_start() for area in bpy.context.screen.areas: if area.type == 'VIEW_3D': override = bpy.context.copy() override['area'] = area bpy.ops.view3d.toolshelf(override) print(bpy.ops.screen.screen_full_area(use_hide_panels=True)) ``` I'm also writing a addon, witch is triggering a seg fault everytime. Not sure how to attach though.
Author

Changed status to: 'Open'

Changed status to: 'Open'
Author

Added subscriber: @blendedutopist

Added subscriber: @blendedutopist

Added subscriber: @ideasman42

Added subscriber: @ideasman42

The script works here both in 2.76a and master (603b867588).

OSX does handle events and the BGE slightly differently, could someone else on OSX confirm?

The script works here both in 2.76a and master (603b867588). OSX does handle events and the BGE slightly differently, could someone else on OSX confirm?

Added subscriber: @brecht

Added subscriber: @brecht

I'm getting crashes in the region overlap blending animation code. The SCREEN_OT_region_blend stores a pointer to an area rgi->sa, and by the time the timer event happens the area has been freed and we're using an invalid pointer.

* thread #1: tid = 0xd2b5, 0x0000000100618a8e blender`ED_region_tag_redraw(ar=0x0000002600000135) + 30 at area.c:558, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x2600000219)
    frame #0: 0x0000000100618a8e blender`ED_region_tag_redraw(ar=0x0000002600000135) + 30 at area.c:558
  * frame #1: 0x0000000100618ced blender`ED_area_tag_redraw(sa=0x0000000106322078) + 61 at area.c:600
    frame #2: 0x000000010062ed79 blender`region_blend_end(C=0x000000010621ec38, ar=0x000000010636c788, is_running=false) + 249 at screen_ops.c:4092
    frame #3: 0x000000010063706e blender`region_blend_invoke(C=0x000000010621ec38, UNUSED_op=0x0000000114f6ccf8, event=0x0000000114f65ba8) + 190 at screen_ops.c:4154
    frame #4: 0x000000010001be85 blender`wm_operator_invoke(C=0x000000010621ec38, ot=0x000000010672c928, event=0x0000000114f65ba8, properties=0x0000000115538d18, reports=0x0000000000000000, poll_only=false) + 549 at wm_event_system.c:1093
    frame #5: 0x000000010001da15 blender`wm_handler_operator_call(C=0x000000010621ec38, handlers=0x000000010635b3d8, handler=0x000000010c872bc8, event=0x0000000114f65ba8, properties=0x0000000115538d18) + 933 at wm_event_system.c:1722
    frame #6: 0x000000010001cc99 blender`wm_handlers_do_intern(C=0x000000010621ec38, event=0x0000000114f65ba8, handlers=0x000000010635b3d8) + 649 at wm_event_system.c:1997
    frame #7: 0x0000000100017cd5 blender`wm_handlers_do(C=0x000000010621ec38, event=0x0000000114f65ba8, handlers=0x000000010635b3d8) + 37 at wm_event_system.c:2106
    frame #8: 0x00000001000178ab blender`wm_event_do_handlers(C=0x000000010621ec38) + 2091 at wm_event_system.c:2483
    frame #9: 0x000000010000b82e blender`WM_main(C=0x000000010621ec38) + 30 at wm.c:489
    frame #10: 0x0000000100006c9e blender`main(argc=1, argv=0x00007fff5fbff718) + 1294 at creator.c:2001
    frame #11: 0x0000000100006784 blender`start + 52
I'm getting crashes in the region overlap blending animation code. The `SCREEN_OT_region_blend` stores a pointer to an area `rgi->sa`, and by the time the timer event happens the area has been freed and we're using an invalid pointer. ``` * thread #1: tid = 0xd2b5, 0x0000000100618a8e blender`ED_region_tag_redraw(ar=0x0000002600000135) + 30 at area.c:558, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x2600000219) frame #0: 0x0000000100618a8e blender`ED_region_tag_redraw(ar=0x0000002600000135) + 30 at area.c:558 * frame #1: 0x0000000100618ced blender`ED_area_tag_redraw(sa=0x0000000106322078) + 61 at area.c:600 frame #2: 0x000000010062ed79 blender`region_blend_end(C=0x000000010621ec38, ar=0x000000010636c788, is_running=false) + 249 at screen_ops.c:4092 frame #3: 0x000000010063706e blender`region_blend_invoke(C=0x000000010621ec38, UNUSED_op=0x0000000114f6ccf8, event=0x0000000114f65ba8) + 190 at screen_ops.c:4154 frame #4: 0x000000010001be85 blender`wm_operator_invoke(C=0x000000010621ec38, ot=0x000000010672c928, event=0x0000000114f65ba8, properties=0x0000000115538d18, reports=0x0000000000000000, poll_only=false) + 549 at wm_event_system.c:1093 frame #5: 0x000000010001da15 blender`wm_handler_operator_call(C=0x000000010621ec38, handlers=0x000000010635b3d8, handler=0x000000010c872bc8, event=0x0000000114f65ba8, properties=0x0000000115538d18) + 933 at wm_event_system.c:1722 frame #6: 0x000000010001cc99 blender`wm_handlers_do_intern(C=0x000000010621ec38, event=0x0000000114f65ba8, handlers=0x000000010635b3d8) + 649 at wm_event_system.c:1997 frame #7: 0x0000000100017cd5 blender`wm_handlers_do(C=0x000000010621ec38, event=0x0000000114f65ba8, handlers=0x000000010635b3d8) + 37 at wm_event_system.c:2106 frame #8: 0x00000001000178ab blender`wm_event_do_handlers(C=0x000000010621ec38) + 2091 at wm_event_system.c:2483 frame #9: 0x000000010000b82e blender`WM_main(C=0x000000010621ec38) + 30 at wm.c:489 frame #10: 0x0000000100006c9e blender`main(argc=1, argv=0x00007fff5fbff718) + 1294 at creator.c:2001 frame #11: 0x0000000100006784 blender`start + 52 ```

Ah thanks, for finding the cause, in fact this crashes by pressing: T, Ctrl-Up, Ctrl-Up (very fast).

Ah thanks, for finding the cause, in fact this crashes by pressing: T, Ctrl-Up, Ctrl-Up (very fast).

Normally ED_area_exit() will remove the timer through calling ED_region_exit() for all its regions, so any invalid pointers should be freed by that. The full screen toggle in ED_screen_state_toggle() however swaps regions between different areas in ED_area_data_swap(), and so that doesn't happen in this case.

Normally `ED_area_exit()` will remove the timer through calling `ED_region_exit()` for all its regions, so any invalid pointers should be freed by that. The full screen toggle in `ED_screen_state_toggle()` however swaps regions between different areas in `ED_area_data_swap()`, and so that doesn't happen in this case.

I don't have a solution to this by the way and won't be looking into it further today or tomorrow, so feel free to fix it, otherwise I can look into it later this week.

I don't have a solution to this by the way and won't be looking into it further today or tomorrow, so feel free to fix it, otherwise I can look into it later this week.

This issue was referenced by 98931d9e39

This issue was referenced by 98931d9e395f8835a339061b665f0752a853f95a

Changed status from 'Open' to: 'Resolved'

Changed status from 'Open' to: 'Resolved'

@brecht, committed fix, but found a few other bugs here. (committed 2ced9326bb 304266b986, reported tricky one with action zones #46790).

@brecht, committed fix, but found a few other bugs here. (committed 2ced9326bb 304266b986, reported tricky one with action zones #46790).
Sign in to join this conversation.
No Label
Interest
Alembic
Interest
Animation & Rigging
Interest
Asset Browser
Interest
Asset Browser Project Overview
Interest
Audio
Interest
Automated Testing
Interest
Blender Asset Bundle
Interest
BlendFile
Interest
Collada
Interest
Compatibility
Interest
Compositing
Interest
Core
Interest
Cycles
Interest
Dependency Graph
Interest
Development Management
Interest
EEVEE
Interest
EEVEE & Viewport
Interest
Freestyle
Interest
Geometry Nodes
Interest
Grease Pencil
Interest
ID Management
Interest
Images & Movies
Interest
Import Export
Interest
Line Art
Interest
Masking
Interest
Metal
Interest
Modeling
Interest
Modifiers
Interest
Motion Tracking
Interest
Nodes & Physics
Interest
OpenGL
Interest
Overlay
Interest
Overrides
Interest
Performance
Interest
Physics
Interest
Pipeline, Assets & IO
Interest
Platforms, Builds & Tests
Interest
Python API
Interest
Render & Cycles
Interest
Render Pipeline
Interest
Sculpt, Paint & Texture
Interest
Text Editor
Interest
Translations
Interest
Triaging
Interest
Undo
Interest
USD
Interest
User Interface
Interest
UV Editing
Interest
VFX & Video
Interest
Video Sequencer
Interest
Virtual Reality
Interest
Vulkan
Interest
Wayland
Interest
Workbench
Interest: X11
Legacy
Blender 2.8 Project
Legacy
Milestone 1: Basic, Local Asset Browser
Legacy
OpenGL Error
Meta
Good First Issue
Meta
Papercut
Meta
Retrospective
Meta
Security
Module
Animation & Rigging
Module
Core
Module
Development Management
Module
EEVEE & Viewport
Module
Grease Pencil
Module
Modeling
Module
Nodes & Physics
Module
Pipeline, Assets & IO
Module
Platforms, Builds & Tests
Module
Python API
Module
Render & Cycles
Module
Sculpt, Paint & Texture
Module
Triaging
Module
User Interface
Module
VFX & Video
Platform
FreeBSD
Platform
Linux
Platform
macOS
Platform
Windows
Priority
High
Priority
Low
Priority
Normal
Priority
Unbreak Now!
Status
Archived
Status
Confirmed
Status
Duplicate
Status
Needs Info from Developers
Status
Needs Information from User
Status
Needs Triage
Status
Resolved
Type
Bug
Type
Design
Type
Known Issue
Type
Patch
Type
Report
Type
To Do
No Milestone
No project
No Assignees
4 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: blender/blender#46764
No description provided.