blender
/
blender
128
396
Fork 568
Code Issues 6.2k Pull Requests 754 Projects 19 Wiki Activity

blf_kerning/blf_unscaled_F26Dot6_to_pixels heap-use-after-free #100242

New Issue
Closed
opened 2022-08-06 13:08:45 +02:00 by Krzysztof Trzciński · 18 comments
Krzysztof Trzciński commented 2022-08-06 13:08:45 +02:00
Copy Link

System Information
Operating system: Ubuntu 22.04.1 LTS
Graphics card: GeForce RTX 2070 SUPER

Blender Version
Broken: master branch from github (8f915f0efb)
Worked: N/A

Seems to happen randomly. Sometimes a second after I start Blender jus moving cursor around. Sometimes I get to work for a bit.
Blender gets killed as ASAN aborts when the error happens. Possibly this doesn't get noticed much without ASAN build.

blenderkit updater: Running background check for update
blenderkit addon: Starting background checking thread
blenderkit addon: Checking for update now in background
blenderkit addon: Checking for update function
blenderkit addon: Read in JSON settings from file
blenderkit addon: Determined it's not yet time to check for updates
blenderkit addon: Aborting check for updated, check interval not reached
blenderkit addon: Finished check update, doing callback
blenderkit addon: Running background update callback
blenderkit addon: BG thread: Finished check update, no callback
Read blend: /home/elmo/Documents/blends/furniture.blend
Color management: scene view "Filmic" not found, setting default "Standard".
=================================================================
==68040==ERROR: AddressSanitizer: heap-use-after-free on address 0x6160008f10a0 at pc 0x000008f6faf6 bp 0x7fff39018d80 sp 0x7fff39018d70
READ of size 8 at 0x6160008f10a0 thread T0
    - 0 0x8f6faf5 in blf_unscaled_F26Dot6_to_pixels /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:126
    - 1 0x8f7e2bc in blf_kerning /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:371
    - 2 0x8f7e2bc in blf_font_wrap_apply /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:1000
    - 3 0x8f7f0b2 in blf_font_boundbox__wrap /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:1099
    - 4 0x8f7af63 in blf_font_width /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:838
    - 5 0x8f6aa71 in BLF_width_ex /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf.c:682
    - 6 0x23d2450 in ui_tooltip_create_with_data /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_region_tooltip.cc:1145
    - 7 0x23d7288 in UI_tooltip_create_from_button_or_extra_icon /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_region_tooltip.cc:1387
    - 8 0x22a4aaf in ui_but_tooltip_init /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_handlers.c:8220
    - 9 0x54c4aa in WM_tooltip_init /home/elmo/Documents/repos/blender/blender/source/blender/windowmanager/intern/wm_tooltip.c:111
    - 10 0x48e17a in wm_event_do_handlers /home/elmo/Documents/repos/blender/blender/source/blender/windowmanager/intern/wm_event_system.cc:3884
    - 11 0x449d17 in WM_main /home/elmo/Documents/repos/blender/blender/source/blender/windowmanager/intern/wm.c:631
    - 12 0x435681 in main /home/elmo/Documents/repos/blender/blender/source/creator/creator.c:546
    - 13 0x7f1d8e498d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    - 14 0x7f1d8e498e3f in __libc_start_main_impl ../csu/libc-start.c:392
    - 15 0x4349e4 in _start (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x4349e4)

0x6160008f10a0 is located 32 bytes inside of 544-byte region [0x6160008f1080,0x6160008f12a0)
freed by thread T0 here:
    - 0 0x7f1d8ea10517 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127
    - 1 0x8f9c2b0 in FT_Done_Size (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x8f9c2b0)

previously allocated by thread T0 here:
    - 0 0x7f1d8ea10867 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
    - 1 0x8f99d14 in ft_mem_alloc (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x8f99d14)

SUMMARY: AddressSanitizer: heap-use-after-free /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:126 in blf_unscaled_F26Dot6_to_pixels
Shadow bytes around the buggy address:
  0x0c2c801161c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c801161d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c801161e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c801161f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c80116200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c2c80116210: fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c80116220: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c80116230: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c80116240: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c80116250: fd fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c80116260: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==68040==ABORTING
**System Information** Operating system: Ubuntu 22.04.1 LTS Graphics card: GeForce RTX 2070 SUPER **Blender Version** Broken: master branch from github (8f915f0efba3da652ad06fa9fcfba7d6ca26e719) Worked: N/A Seems to happen randomly. Sometimes a second after I start Blender jus moving cursor around. Sometimes I get to work for a bit. Blender gets killed as ASAN aborts when the error happens. Possibly this doesn't get noticed much without ASAN build. ``` blenderkit updater: Running background check for update blenderkit addon: Starting background checking thread blenderkit addon: Checking for update now in background blenderkit addon: Checking for update function blenderkit addon: Read in JSON settings from file blenderkit addon: Determined it's not yet time to check for updates blenderkit addon: Aborting check for updated, check interval not reached blenderkit addon: Finished check update, doing callback blenderkit addon: Running background update callback blenderkit addon: BG thread: Finished check update, no callback Read blend: /home/elmo/Documents/blends/furniture.blend Color management: scene view "Filmic" not found, setting default "Standard". ================================================================= ==68040==ERROR: AddressSanitizer: heap-use-after-free on address 0x6160008f10a0 at pc 0x000008f6faf6 bp 0x7fff39018d80 sp 0x7fff39018d70 READ of size 8 at 0x6160008f10a0 thread T0 - 0 0x8f6faf5 in blf_unscaled_F26Dot6_to_pixels /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:126 - 1 0x8f7e2bc in blf_kerning /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:371 - 2 0x8f7e2bc in blf_font_wrap_apply /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:1000 - 3 0x8f7f0b2 in blf_font_boundbox__wrap /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:1099 - 4 0x8f7af63 in blf_font_width /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:838 - 5 0x8f6aa71 in BLF_width_ex /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf.c:682 - 6 0x23d2450 in ui_tooltip_create_with_data /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_region_tooltip.cc:1145 - 7 0x23d7288 in UI_tooltip_create_from_button_or_extra_icon /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_region_tooltip.cc:1387 - 8 0x22a4aaf in ui_but_tooltip_init /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_handlers.c:8220 - 9 0x54c4aa in WM_tooltip_init /home/elmo/Documents/repos/blender/blender/source/blender/windowmanager/intern/wm_tooltip.c:111 - 10 0x48e17a in wm_event_do_handlers /home/elmo/Documents/repos/blender/blender/source/blender/windowmanager/intern/wm_event_system.cc:3884 - 11 0x449d17 in WM_main /home/elmo/Documents/repos/blender/blender/source/blender/windowmanager/intern/wm.c:631 - 12 0x435681 in main /home/elmo/Documents/repos/blender/blender/source/creator/creator.c:546 - 13 0x7f1d8e498d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 - 14 0x7f1d8e498e3f in __libc_start_main_impl ../csu/libc-start.c:392 - 15 0x4349e4 in _start (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x4349e4) 0x6160008f10a0 is located 32 bytes inside of 544-byte region [0x6160008f1080,0x6160008f12a0) freed by thread T0 here: - 0 0x7f1d8ea10517 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 - 1 0x8f9c2b0 in FT_Done_Size (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x8f9c2b0) previously allocated by thread T0 here: - 0 0x7f1d8ea10867 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145 - 1 0x8f99d14 in ft_mem_alloc (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x8f99d14) SUMMARY: AddressSanitizer: heap-use-after-free /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:126 in blf_unscaled_F26Dot6_to_pixels Shadow bytes around the buggy address: 0x0c2c801161c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2c801161d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2c801161e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2c801161f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2c80116200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x0c2c80116210: fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd 0x0c2c80116220: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2c80116230: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2c80116240: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2c80116250: fd fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2c80116260: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==68040==ABORTING ```
Krzysztof Trzciński commented 2022-08-06 13:08:45 +02:00
Author
Copy Link

Added subscriber: @elmo

Added subscriber: @elmo
Robert Guetzkow commented 2022-08-06 16:25:22 +02:00
Member
Copy Link

Changed status from 'Needs Triage' to: 'Confirmed'

Changed status from 'Needs Triage' to: 'Confirmed'
Robert Guetzkow commented 2022-08-06 16:33:33 +02:00
Member
Copy Link

Added subscriber: @Harley

Added subscriber: @Harley
Krzysztof Trzciński commented 2022-08-06 17:28:53 +02:00
Author
Copy Link

I managed to get a crash with fast unwind disabled:

==74451==ERROR: AddressSanitizer: heap-use-after-free on address 0x6160008673a0 at pc 0x000008f6faf6 bp 0x7ffcd029ac10 sp 0x7ffcd029ac00
READ of size 8 at 0x6160008673a0 thread T0
    - 0 0x8f6faf5 in blf_unscaled_F26Dot6_to_pixels /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:126
    - 1 0x8f7e2bc in blf_kerning /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:371
    - 2 0x8f7e2bc in blf_font_wrap_apply /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:1000
    - 3 0x8f7f0b2 in blf_font_boundbox__wrap /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:1099
    - 4 0x8f7af63 in blf_font_width /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:838
    - 5 0x8f6aa71 in BLF_width_ex /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf.c:682
    - 6 0x23d2450 in ui_tooltip_create_with_data /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_region_tooltip.cc:1145
    - 7 0x23d7288 in UI_tooltip_create_from_button_or_extra_icon /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_region_tooltip.cc:1387
    - 8 0x22a4aaf in ui_but_tooltip_init /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_handlers.c:8220
    - 9 0x54c4aa in WM_tooltip_init /home/elmo/Documents/repos/blender/blender/source/blender/windowmanager/intern/wm_tooltip.c:111
    - 10 0x48e17a in wm_event_do_handlers /home/elmo/Documents/repos/blender/blender/source/blender/windowmanager/intern/wm_event_system.cc:3884
    - 11 0x449d17 in WM_main /home/elmo/Documents/repos/blender/blender/source/blender/windowmanager/intern/wm.c:631
    - 12 0x435681 in main /home/elmo/Documents/repos/blender/blender/source/creator/creator.c:546
    - 13 0x7fd9b798fd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    - 14 0x7fd9b798fe3f in __libc_start_main_impl ../csu/libc-start.c:392
    - 15 0x4349e4 in _start (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x4349e4)

0x6160008673a0 is located 32 bytes inside of 544-byte region [0x616000867380,0x6160008675a0)
freed by thread T0 here:
    - 0 0x7fd9b7f07517 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127
    - 1 0x8f9c2b0 in FT_Done_Size (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x8f9c2b0)
    - 2 0x8fa47fe in FTC_MruList_Remove (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x8fa47fe)
    - 3 0x8fa4867 in FTC_MruList_RemoveSelection (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x8fa4867)
    - 4 0x8fa531a in ftc_face_node_done (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x8fa531a)
    - 5 0x8fa5212 in FTC_MruList_New (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x8fa5212)
    - 6 0x8fa6a98 in FTC_Manager_LookupFace (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x8fa6a98)
    - 7 0x8fa6c87 in FTC_CMapCache_Lookup (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x8fa6c87)
    - 8 0x8f6fa0c in blf_get_char_index /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:115
    - 9 0x8f89f4f in blf_glyph_index_from_charcode /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_glyph.c:587
    - 10 0x8f8df44 in blf_glyph_ensure /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_glyph.c:984
    - 11 0x8f7d5ea in blf_glyph_from_utf8_and_step /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:340
    - 12 0x8f7d5ea in blf_font_wrap_apply /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:995
    - 13 0x8f7f0b2 in blf_font_boundbox__wrap /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:1099
    - 14 0x8f7af63 in blf_font_width /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:838
    - 15 0x8f6aa71 in BLF_width_ex /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf.c:682
    - 16 0x23d2450 in ui_tooltip_create_with_data /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_region_tooltip.cc:1145
    - 17 0x23d7288 in UI_tooltip_create_from_button_or_extra_icon /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_region_tooltip.cc:1387
    - 18 0x22a4aaf in ui_but_tooltip_init /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_handlers.c:8220
    - 19 0x54c4aa in WM_tooltip_init /home/elmo/Documents/repos/blender/blender/source/blender/windowmanager/intern/wm_tooltip.c:111
    - 20 0x48e17a in wm_event_do_handlers /home/elmo/Documents/repos/blender/blender/source/blender/windowmanager/intern/wm_event_system.cc:3884
    - 21 0x449d17 in WM_main /home/elmo/Documents/repos/blender/blender/source/blender/windowmanager/intern/wm.c:631
    - 22 0x435681 in main /home/elmo/Documents/repos/blender/blender/source/creator/creator.c:546
    - 23 0x7fd9b798fd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    - 24 0x7fd9b798fe3f in __libc_start_main_impl ../csu/libc-start.c:392
    - 25 0x4349e4 in _start (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x4349e4)

previously allocated by thread T0 here:
    - 0 0x7fd9b7f07867 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
    - 1 0x8f99d14 in ft_mem_alloc (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x8f99d14)
    - 2 0x8f9c08b in FT_New_Size (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x8f9c08b)
    - 3 0x8fa6dfd in ftc_scaler_lookup_size (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x8fa6dfd)
    - 4 0x8fa5248 in FTC_MruList_New (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x8fa5248)
    - 5 0x8fa68bb in FTC_Manager_LookupSize (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x8fa68bb)
    - 6 0x8f83f09 in blf_font_size /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:1541
    - 7 0x8f67e50 in BLF_size /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf.c:368
    - 8 0x23e071e in UI_fontstyle_set /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_style.cc:499
    - 9 0x23dea0b in UI_fontstyle_string_width /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_style.cc:342
    - 10 0x23ded41 in UI_fontstyle_string_width_with_block_aspect /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_style.cc:357
    - 11 0x22f8556 in ui_text_icon_width_ex /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_layout.c:349
    - 12 0x2311414 in ui_item_menu /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_layout.c:2944
    - 13 0x2311f44 in uiItemM_ptr /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_layout.c:2998
    - 14 0x2311fc6 in uiItemM /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_layout.c:3015
    - 15 0x459c2ed in rna_uiItemM /home/elmo/Documents/repos/blender/blender/source/blender/makesrna/intern/rna_ui_api.c:431
    - 16 0x45ae5a7 in UILayout_menu_call /home/elmo/Documents/repos/blender/build_linux_debug_lite/source/blender/makesrna/intern/rna_ui_gen.c:2371
    - 17 0x3c3f1d1 in RNA_function_call /home/elmo/Documents/repos/blender/blender/source/blender/makesrna/intern/rna_access.c:6133
    - 18 0x4822981 in pyrna_func_call /home/elmo/Documents/repos/blender/blender/source/blender/python/intern/bpy_rna.c:6320
    - 19 0x9441987 in _PyObject_MakeTpCall Objects/call.c:215
    - 20 0x4326ce in _PyObject_VectorcallTstate Include/cpython/abstract.h:112
    - 21 0x4326ce in _PyObject_VectorcallTstate Include/cpython/abstract.h:99
    - 22 0x4326ce in PyObject_Vectorcall Include/cpython/abstract.h:123
    - 23 0x4326ce in call_function Python/ceval.c:5867
    - 24 0x4326ce in _PyEval_EvalFrameDefault Python/ceval.c:4181
    - 25 0x9500013 in _PyEval_EvalFrame Include/internal/pycore_ceval.h:46
    - 26 0x9500013 in _PyEval_Vector Python/ceval.c:5065
    - 27 0x944160e in PyVectorcall_Call Objects/call.c:255
    - 28 0x482c963 in bpy_class_call /home/elmo/Documents/repos/blender/blender/source/blender/python/intern/bpy_rna.c:8606
    - 29 0x4597b16 in menu_draw /home/elmo/Documents/repos/blender/blender/source/blender/makesrna/intern/rna_ui.c:900
    - 30 0x234070e in UI_menutype_draw /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_layout.c:5812
    - 31 0x231219e in uiItemMContents /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_layout.c:3031
    - 32 0x459c317 in rna_uiItemM_contents /home/elmo/Documents/repos/blender/blender/source/blender/makesrna/intern/rna_ui_api.c:436
    - 33 0x45ae709 in UILayout_menu_contents_call /home/elmo/Documents/repos/blender/build_linux_debug_lite/source/blender/makesrna/intern/rna_ui_gen.c:2389

SUMMARY: AddressSanitizer: heap-use-after-free /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:126 in blf_unscaled_F26Dot6_to_pixels
Shadow bytes around the buggy address:
  0x0c2c80104e20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c80104e30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c80104e40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c80104e50: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c80104e60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c2c80104e70: fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c80104e80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c80104e90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c80104ea0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c80104eb0: fd fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c80104ec0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==74451==ABORTING
I managed to get a crash with fast unwind disabled: ``` ==74451==ERROR: AddressSanitizer: heap-use-after-free on address 0x6160008673a0 at pc 0x000008f6faf6 bp 0x7ffcd029ac10 sp 0x7ffcd029ac00 READ of size 8 at 0x6160008673a0 thread T0 - 0 0x8f6faf5 in blf_unscaled_F26Dot6_to_pixels /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:126 - 1 0x8f7e2bc in blf_kerning /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:371 - 2 0x8f7e2bc in blf_font_wrap_apply /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:1000 - 3 0x8f7f0b2 in blf_font_boundbox__wrap /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:1099 - 4 0x8f7af63 in blf_font_width /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:838 - 5 0x8f6aa71 in BLF_width_ex /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf.c:682 - 6 0x23d2450 in ui_tooltip_create_with_data /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_region_tooltip.cc:1145 - 7 0x23d7288 in UI_tooltip_create_from_button_or_extra_icon /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_region_tooltip.cc:1387 - 8 0x22a4aaf in ui_but_tooltip_init /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_handlers.c:8220 - 9 0x54c4aa in WM_tooltip_init /home/elmo/Documents/repos/blender/blender/source/blender/windowmanager/intern/wm_tooltip.c:111 - 10 0x48e17a in wm_event_do_handlers /home/elmo/Documents/repos/blender/blender/source/blender/windowmanager/intern/wm_event_system.cc:3884 - 11 0x449d17 in WM_main /home/elmo/Documents/repos/blender/blender/source/blender/windowmanager/intern/wm.c:631 - 12 0x435681 in main /home/elmo/Documents/repos/blender/blender/source/creator/creator.c:546 - 13 0x7fd9b798fd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 - 14 0x7fd9b798fe3f in __libc_start_main_impl ../csu/libc-start.c:392 - 15 0x4349e4 in _start (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x4349e4) 0x6160008673a0 is located 32 bytes inside of 544-byte region [0x616000867380,0x6160008675a0) freed by thread T0 here: - 0 0x7fd9b7f07517 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 - 1 0x8f9c2b0 in FT_Done_Size (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x8f9c2b0) - 2 0x8fa47fe in FTC_MruList_Remove (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x8fa47fe) - 3 0x8fa4867 in FTC_MruList_RemoveSelection (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x8fa4867) - 4 0x8fa531a in ftc_face_node_done (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x8fa531a) - 5 0x8fa5212 in FTC_MruList_New (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x8fa5212) - 6 0x8fa6a98 in FTC_Manager_LookupFace (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x8fa6a98) - 7 0x8fa6c87 in FTC_CMapCache_Lookup (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x8fa6c87) - 8 0x8f6fa0c in blf_get_char_index /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:115 - 9 0x8f89f4f in blf_glyph_index_from_charcode /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_glyph.c:587 - 10 0x8f8df44 in blf_glyph_ensure /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_glyph.c:984 - 11 0x8f7d5ea in blf_glyph_from_utf8_and_step /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:340 - 12 0x8f7d5ea in blf_font_wrap_apply /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:995 - 13 0x8f7f0b2 in blf_font_boundbox__wrap /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:1099 - 14 0x8f7af63 in blf_font_width /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:838 - 15 0x8f6aa71 in BLF_width_ex /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf.c:682 - 16 0x23d2450 in ui_tooltip_create_with_data /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_region_tooltip.cc:1145 - 17 0x23d7288 in UI_tooltip_create_from_button_or_extra_icon /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_region_tooltip.cc:1387 - 18 0x22a4aaf in ui_but_tooltip_init /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_handlers.c:8220 - 19 0x54c4aa in WM_tooltip_init /home/elmo/Documents/repos/blender/blender/source/blender/windowmanager/intern/wm_tooltip.c:111 - 20 0x48e17a in wm_event_do_handlers /home/elmo/Documents/repos/blender/blender/source/blender/windowmanager/intern/wm_event_system.cc:3884 - 21 0x449d17 in WM_main /home/elmo/Documents/repos/blender/blender/source/blender/windowmanager/intern/wm.c:631 - 22 0x435681 in main /home/elmo/Documents/repos/blender/blender/source/creator/creator.c:546 - 23 0x7fd9b798fd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 - 24 0x7fd9b798fe3f in __libc_start_main_impl ../csu/libc-start.c:392 - 25 0x4349e4 in _start (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x4349e4) previously allocated by thread T0 here: - 0 0x7fd9b7f07867 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145 - 1 0x8f99d14 in ft_mem_alloc (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x8f99d14) - 2 0x8f9c08b in FT_New_Size (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x8f9c08b) - 3 0x8fa6dfd in ftc_scaler_lookup_size (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x8fa6dfd) - 4 0x8fa5248 in FTC_MruList_New (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x8fa5248) - 5 0x8fa68bb in FTC_Manager_LookupSize (/home/elmo/Documents/repos/blender/build_linux_debug_lite/bin/blender+0x8fa68bb) - 6 0x8f83f09 in blf_font_size /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:1541 - 7 0x8f67e50 in BLF_size /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf.c:368 - 8 0x23e071e in UI_fontstyle_set /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_style.cc:499 - 9 0x23dea0b in UI_fontstyle_string_width /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_style.cc:342 - 10 0x23ded41 in UI_fontstyle_string_width_with_block_aspect /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_style.cc:357 - 11 0x22f8556 in ui_text_icon_width_ex /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_layout.c:349 - 12 0x2311414 in ui_item_menu /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_layout.c:2944 - 13 0x2311f44 in uiItemM_ptr /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_layout.c:2998 - 14 0x2311fc6 in uiItemM /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_layout.c:3015 - 15 0x459c2ed in rna_uiItemM /home/elmo/Documents/repos/blender/blender/source/blender/makesrna/intern/rna_ui_api.c:431 - 16 0x45ae5a7 in UILayout_menu_call /home/elmo/Documents/repos/blender/build_linux_debug_lite/source/blender/makesrna/intern/rna_ui_gen.c:2371 - 17 0x3c3f1d1 in RNA_function_call /home/elmo/Documents/repos/blender/blender/source/blender/makesrna/intern/rna_access.c:6133 - 18 0x4822981 in pyrna_func_call /home/elmo/Documents/repos/blender/blender/source/blender/python/intern/bpy_rna.c:6320 - 19 0x9441987 in _PyObject_MakeTpCall Objects/call.c:215 - 20 0x4326ce in _PyObject_VectorcallTstate Include/cpython/abstract.h:112 - 21 0x4326ce in _PyObject_VectorcallTstate Include/cpython/abstract.h:99 - 22 0x4326ce in PyObject_Vectorcall Include/cpython/abstract.h:123 - 23 0x4326ce in call_function Python/ceval.c:5867 - 24 0x4326ce in _PyEval_EvalFrameDefault Python/ceval.c:4181 - 25 0x9500013 in _PyEval_EvalFrame Include/internal/pycore_ceval.h:46 - 26 0x9500013 in _PyEval_Vector Python/ceval.c:5065 - 27 0x944160e in PyVectorcall_Call Objects/call.c:255 - 28 0x482c963 in bpy_class_call /home/elmo/Documents/repos/blender/blender/source/blender/python/intern/bpy_rna.c:8606 - 29 0x4597b16 in menu_draw /home/elmo/Documents/repos/blender/blender/source/blender/makesrna/intern/rna_ui.c:900 - 30 0x234070e in UI_menutype_draw /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_layout.c:5812 - 31 0x231219e in uiItemMContents /home/elmo/Documents/repos/blender/blender/source/blender/editors/interface/interface_layout.c:3031 - 32 0x459c317 in rna_uiItemM_contents /home/elmo/Documents/repos/blender/blender/source/blender/makesrna/intern/rna_ui_api.c:436 - 33 0x45ae709 in UILayout_menu_contents_call /home/elmo/Documents/repos/blender/build_linux_debug_lite/source/blender/makesrna/intern/rna_ui_gen.c:2389 SUMMARY: AddressSanitizer: heap-use-after-free /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:126 in blf_unscaled_F26Dot6_to_pixels Shadow bytes around the buggy address: 0x0c2c80104e20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2c80104e30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2c80104e40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2c80104e50: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2c80104e60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x0c2c80104e70: fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd 0x0c2c80104e80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2c80104e90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2c80104ea0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2c80104eb0: fd fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2c80104ec0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==74451==ABORTING ```
Krzysztof Trzciński commented 2022-08-06 17:32:48 +02:00
Author
Copy Link

Looking at stacktrace I can see ui_but_tooltip_init and that hinted me on how to reliably reproduce issue. On splash screen I just move cursor over one of last open file names and wait. It seems that it crashes when it tries to show tooltip.
I have tried some other tooltip areas and oddly some work. I.e. thing in the properties panel seem to work. But hovering over "eye" icon or "camera" icon causes an ASAN crash.

Looking at stacktrace I can see `ui_but_tooltip_init` and that hinted me on how to reliably reproduce issue. On splash screen I just move cursor over one of last open file names and wait. It seems that it crashes when it tries to show tooltip. I have tried some other tooltip areas and oddly some work. I.e. thing in the properties panel seem to work. But hovering over "eye" icon or "camera" icon causes an ASAN crash.
Harley Acheson self-assigned this 2022-08-06 18:11:59 +02:00
Harley Acheson commented 2022-08-06 18:11:59 +02:00
Member
Copy Link

The following might have wrong assumptions, so feel free to chine in, help out, and correct.

Fairly certain that In blf_unscaled_F26Dot6_to_pixels the only thing that could be used after feeing is the "ft_size" member of the font. I'm guessing that this is just a normal result of the newly-added FreeType caching system that I am not dealing with correctly. I am adding an ft_size to the font when we size it, but the cache is removing sizes whenever it wants or needs to.

First, I really need to set that ft_size member of the font to NULL when the cache removes it. Then I think I need to add an "ensure_size" that can be called only when I need to get at that thing. That way the font can continue to work without face and without size unless absolutely needed.

Timing of a fix might be problematic. I think anyone that could/should review would be in Vancouver now for Siggraph. Will see what I can do.

The following might have wrong assumptions, so feel free to chine in, help out, and correct. Fairly certain that In `blf_unscaled_F26Dot6_to_pixels` the only thing that *could* be used after feeing is the "ft_size" member of the font. I'm guessing that this is just a normal result of the newly-added FreeType caching system that I am not dealing with correctly. I am adding an ft_size to the font when we size it, but the cache is removing sizes whenever it wants or needs to. First, I really need to set that ft_size member of the font to NULL when the cache removes it. Then I think I need to add an "ensure_size" that can be called only when I need to get at that thing. That way the font can continue to work without face and without size unless absolutely needed. Timing of a fix might be problematic. I *think* anyone that could/should review would be in Vancouver now for Siggraph. Will see what I can do.
Ray molenkamp commented 2022-08-06 18:15:27 +02:00
Member
Copy Link

Added subscriber: @LazyDodo

Added subscriber: @LazyDodo
Ray molenkamp commented 2022-08-06 18:15:27 +02:00
Member
Copy Link

If landing a fix is problematic, reverting the caching commit that caused the issue should require much less approval?

If landing a fix is problematic, reverting the caching commit that caused the issue should require much less approval?
Harley Acheson commented 2022-08-06 18:19:41 +02:00
Member
Copy Link

@elmo - It would be great if I could get your assistance with this. I might submit a patch and initially add just you as reviewer so that you can compile and confirm that it fixes this issue. Then I'd remove you and add a technical code reviewer. Does that sound like something you could do?

@elmo - It would be great if I could get your assistance with this. I might submit a patch and initially add just you as reviewer so that you can compile and confirm that it fixes this issue. Then I'd remove you and add a technical code reviewer. Does that sound like something you could do?
Krzysztof Trzciński commented 2022-08-06 19:27:19 +02:00
Author
Copy Link

I can definitely try to compile with patch and see if it helps.
As for helping with understanding an issue and/or reviewing I am not sure how much I can help as I have very little familiarity with Blender source code and I have never before today looked at FreeType library.

Your explanation as to what is going wrong is what I was guessing from what I could see in code. I am not sure how you'd discover that FT decided to free something from cache (again, I'm not familiar with that at all).

I can definitely try to compile with patch and see if it helps. As for helping with understanding an issue and/or reviewing I am not sure how much I can help as I have very little familiarity with Blender source code and I have never before today looked at FreeType library. Your explanation as to what is going wrong is what I was guessing from what I could see in code. I am not sure how you'd discover that FT decided to free something from cache (again, I'm not familiar with that at all).
Harley Acheson commented 2022-08-06 19:40:12 +02:00
Member
Copy Link

@elmo - I can definitely try to compile with patch and see if it helps...

Actually that is all I'd need since you have been able to see/recreate this error it would be wonderful for you to confirm it fixes it (or does not).

am not sure how you'd discover that FT decided to free something from cache

FreeType has a callback for this. You'll see that in the patch when I submit it. But again, just compiling and seeing that it does not cause the error is a big help.

> @elmo - I can definitely try to compile with patch and see if it helps... Actually that is all I'd need since you have been able to see/recreate this error it would be wonderful for you to confirm it fixes it (or does not). > am not sure how you'd discover that FT decided to free something from cache FreeType has a callback for this. You'll see that in the patch when I submit it. But again, just compiling and seeing that it does not cause the error is a big help.
Harley Acheson commented 2022-08-06 20:19:53 +02:00
Member
Copy Link

@elmo - I wasn't able to add your name as reviewer to my diff (this interface doesn't seem to like your nick or name).

So can you apply, compile and test the following?

https://developer.blender.org/D15639

@elmo - I wasn't able to add your name as reviewer to my diff (this interface doesn't seem to like your nick or name). So can you apply, compile and test the following? https://developer.blender.org/D15639
Krzysztof Trzciński commented 2022-08-06 20:29:28 +02:00
Author
Copy Link
/home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c: In function ‘blf_ensure_size’:
/home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:1558:1: error: control reaches end of non-void function [-Werror=return-type]
 1558 | }

There is BLI_assert_unreachable(); at the end of that function. Not sure how other places do not fail/warn on this.

``` /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c: In function ‘blf_ensure_size’: /home/elmo/Documents/repos/blender/blender/source/blender/blenfont/intern/blf_font.c:1558:1: error: control reaches end of non-void function [-Werror=return-type] 1558 | } ``` There is ` BLI_assert_unreachable();` at the end of that function. Not sure how other places do not fail/warn on this.
Krzysztof Trzciński commented 2022-08-06 20:30:51 +02:00
Author
Copy Link

All other places are followed by some kind of return, so I guess that answer that question. I think we want return false after the assert.

All other places are followed by some kind of return, so I guess that answer that question. I think we want `return false` after the assert.
Krzysztof Trzciński commented 2022-08-06 20:32:43 +02:00
Author
Copy Link

With your patch and the extra return false it no longer crashes and I get a tooltip to appear both on the splash/greeting window and when hovering over icons in outliner.

With your patch and the extra `return false` it no longer crashes and I get a tooltip to appear both on the splash/greeting window and when hovering over icons in outliner.
Harley Acheson commented 2022-08-06 20:46:06 +02:00
Member
Copy Link

@elmo - Yes, added a return false after that BLI_assert_unreachable; I forgot that compilers might complain about that. LOL

Thanks for testing!

I'll see what I can do with this weird timing. We might just revert the caching commit until Brecht is back, or wait for review of this fix, or (possibly) commit fix early and review again later.

@elmo - Yes, added a `return false` after that `BLI_assert_unreachable`; I forgot that compilers might complain about that. LOL Thanks for testing! I'll see what I can do with this weird timing. We might just revert the caching commit until Brecht is back, or wait for review of this fix, or (possibly) commit fix early and review again later.
blender-admin commented 2022-08-09 02:23:25 +02:00
Copy Link

This issue was referenced by 8b3e3c1810

This issue was referenced by 8b3e3c18100aac6ac956e782dc108aae500eac93
Harley Acheson commented 2022-08-09 02:24:29 +02:00
Member
Copy Link

Changed status from 'Confirmed' to: 'Resolved'

Changed status from 'Confirmed' to: 'Resolved'
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
brush-assets-project
blender-v4.1-release
blender-v3.3-release
blender-v3.6-release
universal-scene-description
blender-v3.6-temp_wmoss_animrig_public
temp-sculpt-dyntopo
gpencil-next
anim/animation-id-113594
blender-v4.0-release
blender-projects-basics
bridge-curves
sculpt-blender
asset-browser-frontend-split
asset-shelf
tmp-usd-python-mtl
tmp-usd-3.6
blender-v3.5-release
blender-v2.93-release
realtime-clock
sculpt-dev
bevelv2
xr-dev
v4.1.1
v3.6.11
v3.3.18
v4.1.0
v3.3.17
v3.6.10
v3.6.9
v3.3.16
v3.6.8
v3.6.7
v3.3.14
v4.0.2
v4.0.1
v4.0.0
v3.6.5
v3.3.12
v3.6.4
v3.6.3
v3.3.11
v3.6.2
v3.3.10
v3.6.1
v3.3.9
v3.6.0
v3.3.8
v3.3.7
v2.93.18
v3.5.1
v3.3.6
v2.93.17
v3.5.0
v2.93.16
v3.3.5
v3.3.4
v2.93.15
v2.93.14
v3.3.3
v2.93.13
v2.93.12
v3.4.1
v3.3.2
v3.4.0
v3.3.1
v2.93.11
v3.3.0
v3.2.2
v2.93.10
v3.2.1
v3.2.0
v2.83.20
v2.93.9
v3.1.2
v3.1.1
v3.1.0
v2.83.19
v2.93.8
v3.0.1
v2.93.7
v3.0.0
v2.93.6
v2.93.5
v2.83.18
v2.93.4
v2.93.3
v2.83.17
v2.93.2
v2.93.1
v2.83.16
v2.93.0
v2.83.15
v2.83.14
v2.83.13
v2.92.0
v2.83.12
v2.91.2
v2.83.10
v2.91.0
v2.83.9
v2.83.8
v2.83.7
v2.90.1
v2.83.6.1
v2.83.6
v2.90.0
v2.83.5
v2.83.4
v2.83.3
v2.83.2
v2.83.1
v2.83
v2.82a
v2.82
v2.81a
v2.81
v2.80
v2.80-rc3
v2.80-rc2
v2.80-rc1
v2.79b
v2.79a
v2.79
v2.79-rc2
v2.79-rc1
v2.78c
v2.78b
v2.78a
v2.78
v2.78-rc2
v2.78-rc1
v2.77a
v2.77
v2.77-rc2
v2.77-rc1
v2.76b
v2.76a
v2.76
v2.76-rc3
v2.76-rc2
v2.76-rc1
v2.75a
v2.75
v2.75-rc2
v2.75-rc1
v2.74
v2.74-rc4
v2.74-rc3
v2.74-rc2
v2.74-rc1
v2.73a
v2.73
v2.73-rc1
v2.72b
2.72b
v2.72a
v2.72
v2.72-rc1
v2.71
v2.71-rc2
v2.71-rc1
v2.70a
v2.70
v2.70-rc2
v2.70-rc
v2.69
v2.68a
v2.68
v2.67b
v2.67a
v2.67
v2.66a
v2.66
v2.65a
v2.65
v2.64a
v2.64
v2.63a
v2.63
v2.61
v2.60a
v2.60
v2.59
v2.58a
v2.58
v2.57b
v2.57a
v2.57
v2.56a
v2.56
v2.55
v2.54
v2.53
v2.52
v2.51
v2.50
v2.49b
v2.49a
v2.49
v2.48a
v2.48
v2.47
v2.46
v2.45
v2.44
v2.43
v2.42a
v2.42
v2.41
v2.40
v2.37a
v2.37
v2.36
v2.35a
v2.35
v2.34
v2.33a
v2.33
v2.32
v2.31a
v2.31
v2.30
v2.28c
v2.28a
v2.28
v2.27
v2.26
v2.25
Labels
Clear labels   
Interest
Alembic

  
Interest
Animation & Rigging

  
Interest
Asset Browser

  
Interest
Asset Browser Project Overview

  
Interest
Audio

  
Interest
Automated Testing

  
Interest
Blender Asset Bundle

  
Interest
BlendFile

  
Interest
Collada

  
Interest
Compatibility
This issue affects/is about backward or forward compatibility

  
Interest
Compositing

  
Interest
Core

  
Interest
Cycles

  
Interest
Dependency Graph

  
Interest
Development Management

  
Interest
EEVEE

  
Interest
EEVEE & Viewport

  
Interest
Freestyle

  
Interest
Geometry Nodes

  
Interest
Grease Pencil

  
Interest
ID Management

  
Interest
Images & Movies

  
Interest
Import Export

  
Interest
Line Art

  
Interest
Masking

  
Interest
Metal

  
Interest
Modeling

  
Interest
Modifiers

  
Interest
Motion Tracking

  
Interest
Nodes & Physics

  
Interest
OpenGL

  
Interest
Overlay

  
Interest
Overrides

  
Interest
Performance

  
Interest
Physics

  
Interest
Pipeline, Assets & IO

  
Interest
Platforms, Builds & Tests

  
Interest
Python API

  
Interest
Render & Cycles

  
Interest
Render Pipeline

  
Interest
Sculpt, Paint & Texture

  
Interest
Text Editor

  
Interest
Translations

  
Interest
Triaging

  
Interest
Undo

  
Interest
USD

  
Interest
User Interface

  
Interest
UV Editing

  
Interest
VFX & Video

  
Interest
Video Sequencer

  
Interest
Virtual Reality

  
Interest
Vulkan

  
Interest
Wayland
Issues relating to Wayland windowing support.

  
Interest
Workbench

  
Interest: X11

Issues relating to Xorg/X11 support.

  
Legacy
Blender 2.8 Project

  
Legacy
Milestone 1: Basic, Local Asset Browser

  
Legacy
OpenGL Error

  
Meta
Good First Issue

  
Meta
Papercut

  
Meta
Retrospective

  
Meta
Security
Issues relating to security: https://wiki.blender.org/wiki/Process/Vulnerability_Reports

  
Module
Animation & Rigging

  
Module
Core

  
Module
Development Management

  
Module
EEVEE & Viewport

  
Module
Grease Pencil

  
Module
Modeling

  
Module
Nodes & Physics

  
Module
Pipeline, Assets & IO

  
Module
Platforms, Builds & Tests

  
Module
Python API

  
Module
Render & Cycles

  
Module
Sculpt, Paint & Texture

  
Module
Triaging

  
Module
User Interface

  
Module
VFX & Video

  
Platform
FreeBSD

  
Platform
Linux

  
Platform
macOS

  
Platform
Windows

  
Priority
High

  
Priority
Low

  
Priority
Normal

  
Priority
Unbreak Now!

  
Status
Archived

  
Status
Confirmed

  
Status
Duplicate

  
Status
Needs Info from Developers

  
Status
Needs Information from User

  
Status
Needs Triage

  
Status
Resolved

  
Type
Bug

  
Type
Design

  
Type
Known Issue

  
Type
Patch

  
Type
Report

  
Type
To Do

No Label
Interest
Alembic
Interest
Animation & Rigging
Interest
Asset Browser
Interest
Asset Browser Project Overview
Interest
Audio
Interest
Automated Testing
Interest
Blender Asset Bundle
Interest
BlendFile
Interest
Collada
Interest
Compatibility
Interest
Compositing
Interest
Core
Interest
Cycles
Interest
Dependency Graph
Interest
Development Management
Interest
EEVEE
Interest
EEVEE & Viewport
Interest
Freestyle
Interest
Geometry Nodes
Interest
Grease Pencil
Interest
ID Management
Interest
Images & Movies
Interest
Import Export
Interest
Line Art
Interest
Masking
Interest
Metal
Interest
Modeling
Interest
Modifiers
Interest
Motion Tracking
Interest
Nodes & Physics
Interest
OpenGL
Interest
Overlay
Interest
Overrides
Interest
Performance
Interest
Physics
Interest
Pipeline, Assets & IO
Interest
Platforms, Builds & Tests
Interest
Python API
Interest
Render & Cycles
Interest
Render Pipeline
Interest
Sculpt, Paint & Texture
Interest
Text Editor
Interest
Translations
Interest
Triaging
Interest
Undo
Interest
USD
Interest
User Interface
Interest
UV Editing
Interest
VFX & Video
Interest
Video Sequencer
Interest
Virtual Reality
Interest
Vulkan
Interest
Wayland
Interest
Workbench
Interest: X11
Legacy
Blender 2.8 Project
Legacy
Milestone 1: Basic, Local Asset Browser
Legacy
OpenGL Error
Meta
Good First Issue
Meta
Papercut
Meta
Retrospective
Meta
Security
Module
Animation & Rigging
Module
Core
Module
Development Management
Module
EEVEE & Viewport
Module
Grease Pencil
Module
Modeling
Module
Nodes & Physics
Module
Pipeline, Assets & IO
Module
Platforms, Builds & Tests
Module
Python API
Module
Render & Cycles
Module
Sculpt, Paint & Texture
Module
Triaging
Module
User Interface
Module
VFX & Video
Platform
FreeBSD
Platform
Linux
Platform
macOS
Platform
Windows
Priority
High
Priority
Low
Priority
Normal
Priority
Unbreak Now!
Status
Archived
Status
Confirmed
Status
Duplicate
Status
Needs Info from Developers
Status
Needs Information from User
Status
Needs Triage
Status
Resolved
Type
Bug
Type
Design
Type
Known Issue
Type
Patch
Type
Report
Type
To Do
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
Harley Acheson
5 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: blender/blender#100242
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?