Page MenuHome

[rc1/oiio] bad memory access.
Closed, ResolvedPublic

Description

This problem triggers with you enable the page heap on windows (it's kinda like asan, tracks bad memory things like use after free etc) and try to render classroom_cpu.blend.

stacktrace:

 	blender.exe!strlen() Line 70	Unknown
 	blender.exe!std::char_traits<char>::length(const char * _First) Line 523	C++
 	blender.exe!std::basic_string<char,std::char_traits<char>,std::allocator<char> >::assign(const char * _Ptr) Line 1169	C++
 	blender.exe!std::basic_string<char,std::char_traits<char>,std::allocator<char> >::basic_string<char,std::char_traits<char>,std::allocator<char> >(const char * _Ptr) Line 782	C++
>	blender.exe!OpenImageIO::v1_6::JpgInput::open(const std::basic_string<char,std::char_traits<char>,std::allocator<char> > & name, OpenImageIO::v1_6::ImageSpec & newspec) Line 284	C++
 	blender.exe!ccl::ImageManager::get_image_metadata(const std::basic_string<char,std::char_traits<char>,std::allocator<char> > & filename, void * builtin_data, bool & is_linear) Line 163	C++
 	blender.exe!ccl::ImageManager::add_image(const std::basic_string<char,std::char_traits<char>,std::allocator<char> > & filename, void * builtin_data, bool animated, float frame, bool & is_float, bool & is_linear, ccl::InterpolationType interpolation, ccl::ExtensionType extension, bool use_alpha) Line 281	C++
 	blender.exe!ccl::ImageTextureNode::compile(ccl::SVMCompiler & compiler) Line 312	C++
 	blender.exe!ccl::SVMCompiler::generate_node(ccl::ShaderNode * node, std::set<ccl::ShaderNode *,ccl::ShaderNodeIDComparator,std::allocator<ccl::ShaderNode *> > & done) Line 387	C++
 	blender.exe!ccl::SVMCompiler::generate_svm_nodes(const std::set<ccl::ShaderNode *,ccl::ShaderNodeIDComparator,std::allocator<ccl::ShaderNode *> > & nodes, ccl::SVMCompiler::CompilerState * state) Line 429	C++
 	blender.exe!ccl::SVMCompiler::generate_closure_node(ccl::ShaderNode * node, ccl::SVMCompiler::CompilerState * state) Line 447	C++
 	blender.exe!ccl::SVMCompiler::generate_multi_closure(ccl::ShaderNode * root_node, ccl::ShaderNode * node, ccl::SVMCompiler::CompilerState * state) Line 614	C++
 	blender.exe!ccl::SVMCompiler::compile_type(ccl::Shader * shader, ccl::ShaderGraph * graph, ccl::ShaderType type) Line 708	C++
 	blender.exe!ccl::SVMCompiler::compile(ccl::Scene * scene, ccl::Shader * shader, ccl::vector<ccl::int4,ccl::GuardedAllocator<ccl::int4> > & global_svm_nodes, int index, ccl::SVMCompiler::Summary * summary) Line 793	C++
 	blender.exe!ccl::SVMShaderManager::device_update(ccl::Device * device, ccl::DeviceScene * dscene, ccl::Scene * scene, ccl::Progress & progress) Line 78	C++
 	blender.exe!ccl::Scene::device_update(ccl::Device * device_, ccl::Progress & progress) Line 157	C++
 	blender.exe!ccl::Session::update_scene() Line 824	C++
 	blender.exe!ccl::Session::run_cpu() Line 555	C++
 	blender.exe!ccl::Session::run() Line 696	C++
 	[External Code]	
 	blender.exe!ccl::thread::run(void * arg) Line 57	C++
 	pthreadVC2.dll!000007fee1e7627b()	Unknown
 	pthreadVC2.dll!000007fee1e78eb7()	Unknown
 	pthreadVC2.dll!000007fee1e79102()	Unknown
 	[External Code]

the problem lies in the handling of jpeg's with comment fields, in this case "textures\childsdrawing\childDrawing_05.jpg" is the problem, it contains a comment field that is not zero terminated, the oiio version we use doesn't check the length of the field and tries to construct a std::string, which calls strlen, which runs off into the weeds due to the missing \0.

fixed in oiio here

https://github.com/OpenImageIO/oiio/commit/44a317b7061c993c7879f271bca412ba66769785

This got fixed in 1.6.11, we're currently at 1.6.9 (but 1.6.17 is available)

Made a task to track the problem, given right now might not be the most convenient time to upgrade libs.

Details

Type
Bug

Event Timeline

Sergey Sharybin (sergey) claimed this task.
Sergey Sharybin (sergey) triaged this task as Normal priority.

This isn't a new issue, so let's not touch libraries for 2.78 but to an update after the release.

I can also tag the svn libraries so we can update them for the master but not for the release.

Sergey Sharybin (sergey) closed this task as Resolved.Dec 2 2016, 2:17 PM

Should be resolved on Linux now and will be resolved on other platforms with the libs update call on ML [1]

[1] https://lists.blender.org/pipermail/bf-committers/2016-December/047889.html