Page MenuHome

Crash in Walk Navigation in Camera mode (walk_invoke) on files that are just saved/just opened
Closed, ResolvedPublic

Description

System Information
Mac OS X 10.11.3
AMD Radeon HD 6750M 512 МБ

Blender Version
Broken: 2.77 (sub 0) Build: 2016-03-18 09:55:27 Darwin Release
Worked: (optional)

Short description of error

Exact steps for others to reproduce the error

  1. Start Blender
  2. Open any .blend file
  3. View -> Camera
  4. Press space -> Walk Navigation

Occurs every time for me. Not occurs if skipped step 2 (when editing unsaved file). Not occurs if making some edits after step 2, can be used as workaround.

Attaching saved default scene with only cube. For me, it crashes always after opening this file, selecting camera view and starting walk navigation.

(lldb) bt
* thread #1: tid = 0x4b8d44, 0x0000000100262405 blender`walk_invoke + 37, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x33b)
  * frame #0: 0x0000000100262405 blender`walk_invoke + 37
    frame #1: 0x0000000100163136 blender`wm_operator_invoke + 390
    frame #2: 0x000000010033de05 blender`ui_apply_but_funcs_after + 373
    frame #3: 0x000000010033da75 blender`ui_popup_handler + 517
    frame #4: 0x0000000100162587 blender`wm_handlers_do_intern + 1159
    frame #5: 0x000000010015f579 blender`wm_handlers_do + 25
    frame #6: 0x000000010015ea8a blender`wm_event_do_handlers + 890
    frame #7: 0x0000000100157550 blender`WM_main + 32
    frame #8: 0x0000000100154a89 blender`main + 3833
    frame #9: 0x0000000100153b7c blender`start + 52

frame #0: 0x0000000100262405 blender`walk_invoke + 37
blender`walk_invoke:
->  0x100262405 <+37>: testb  $0x1, 0x33b(%rax)
    0x10026240c <+44>: jne    0x1002627c9               ; <+1001>
    0x100262412 <+50>: leaq   0x6c93247(%rip), %rax     ; MEM_callocN
    0x100262419 <+57>: leaq   0x579e390(%rip), %rsi     ; "NavigationWalkOperation"

Event Timeline

Konstantin Mochalov (kolen) raised the priority of this task from to 90.
Konstantin Mochalov (kolen) updated the task description. (Show Details)
Konstantin Mochalov (kolen) edited a custom field.

I can not reproduce this bug ...
But here a diff to prevents the operator's execution where the context does not have RegionView3D (such as Tool Shelf)

@@ -1337,11 +1337,11 @@ static void walkApply_ndof(bContext *C, WalkInfo *walk)
 static int walk_invoke(bContext *C, wmOperator *op, const wmEvent *event)
 {
 	RegionView3D *rv3d = CTX_wm_region_view3d(C);
 	WalkInfo *walk;
 
-	if (rv3d->viewlock & RV3D_LOCKED)
+	if (!rv3d || rv3d->viewlock & RV3D_LOCKED)
 		return OPERATOR_CANCELLED;
 
 	walk = MEM_callocN(sizeof(WalkInfo), "NavigationWalkOperation");
 
 	op->customdata = walk;

Can't reproduce this either with recent build or build from the specified time, on Arch Linux though.

Hmm, seems that it's not related to open/save state, but on where mouse is.
Tried now, always crashes when mouse is over Tool Shelf or Properties:

And never crashes when mouse is over main area of 3d view:

Tried to build Blender with debug symbols to examine crash further but not succeeded in it.

b0a7e77 build (blender-2.77-b0a7e77-OSX-10.6-x86_64.zip) behaves the same.

I can recreate the issue. If the cursor is on any panel that is a part of the 3D view window (T, N or the Header) calling the search (spacebar) and sellecting the Walk Navigation from it - will crash Blender.
The camera view doesn't need to be selected nor objects added and happens with loaded factory settings too.

Tested on:
Windows 7 SP1 64-Bit (Catalyst 16.3) Blender versions: rB6d3fdccbd580, b0a7e77

With the -d parameter gives the error in the CMD: EXCEPTION_ACCESS_VIOLATION

Linux

2683dd8 on Xubuntu 15.10 64-Bit (Proprietary Drivers - 15.201.1151) and Antergos (Arch) 64-Bit (MESA 11.1.2)

1a6d455 on Ubuntu 14.04 LTS 64-Bit

With the -d parameter gives the error in the Terminal - Segmentation fault (core dumped)

Sorry for the noise, the crash is present in 2.70b too. Tested on Win7.

Bastien Montagne (mont29) lowered the priority of this task from 90 to 50.Mar 28 2016, 5:10 PM

yes, poll func of this operator is wrong indeed. easy fix :)