Blender Crashes when zooming in the node editor
Closed, ResolvedPublic

Description

System Information
TOSHIBA Satellite L350D-03F

Operating system and graphics card
OS: Windows 7 Professional (x64) Service Pack 1 (build 7601), Graphics: AMD Athlon X2 Dual-Core QL-60 1.90 gigahertz
Ram: 3GB DDR2

Blender Version
Broken: Blender 2.78a #4bble22

Short description of error
Blender crashes whenever I zoom (scroll wheel) in the node editor window but this only seems to occurs if the preview render is active in the 3D viewport.

Exact steps for others to reproduce the error

  1. Load the file.
  2. In the 3D viewport window enable the preview render.
  3. Now hover over the Node Editor (window #2) then ZOOM IN using the scroll wheel.

Get the blend file here (expires in 7 days)
http://www.filedropper.com/pbrfresnelgregzaal

Mirror:
https://expirebox.com/download/857dbd71af0326005eda7006b0dad0fc.html

Details

Type
Bug

The blend file is included

Confirmed. This appears to be an invalid ASCII glyph table freeing.

=================================================================
==12123==ERROR: AddressSanitizer: heap-use-after-free on address 0x62300013a6b0 at pc 0x000003bec990 bp 0x7ffc7f1fdf10 sp 0x7ffc7f1fdf00
READ of size 8 at 0x62300013a6b0 thread T0
    #0 0x3bec98f in blf_font_ensure_ascii_table /home/lukas/src/bf-blender/blender/source/blender/blenfont/intern/blf_font.c:118
    #1 0x3beccb6 in blf_font_draw_ex /home/lukas/src/bf-blender/blender/source/blender/blenfont/intern/blf_font.c:188
    #2 0x3bed1e8 in blf_font_draw /home/lukas/src/bf-blender/blender/source/blender/blenfont/intern/blf_font.c:214
    #3 0x3be9c1a in BLF_draw_ex /home/lukas/src/bf-blender/blender/source/blender/blenfont/intern/blf.c:567
    #4 0x3be9cb8 in BLF_draw /home/lukas/src/bf-blender/blender/source/blender/blenfont/intern/blf.c:574
    #5 0x1d596bf in ED_region_info_draw /home/lukas/src/bf-blender/blender/source/blender/editors/screen/area.c:2111
    #6 0x126f06d in view3d_main_region_draw_engine_info /home/lukas/src/bf-blender/blender/source/blender/editors/space_view3d/view3d_draw.c:3601
    #7 0x1270fd4 in view3d_main_region_draw_info /home/lukas/src/bf-blender/blender/source/blender/editors/space_view3d/view3d_draw.c:3887
    #8 0x1271661 in view3d_main_region_draw /home/lukas/src/bf-blender/blender/source/blender/editors/space_view3d/view3d_draw.c:3944
    #9 0x1d4a012 in ED_region_do_draw /home/lukas/src/bf-blender/blender/source/blender/editors/screen/area.c:518
    #10 0xfafaa4 in wm_method_draw_triple /home/lukas/src/bf-blender/blender/source/blender/windowmanager/intern/wm_draw.c:557
    #11 0xfb20f4 in wm_draw_update /home/lukas/src/bf-blender/blender/source/blender/windowmanager/intern/wm_draw.c:956
    #12 0xfa33e5 in WM_main /home/lukas/src/bf-blender/blender/source/blender/windowmanager/intern/wm.c:495
    #13 0xf99707 in main /home/lukas/src/bf-blender/blender/source/creator/creator.c:527
    #14 0x7f1df2f8a82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #15 0xf98a98 in _start (/home/lukas/src/bf-blender/cmake-debug/bin/blender+0xf98a98)

0x62300013a6b0 is located 4528 bytes inside of 6256-byte region [0x623000139500,0x62300013ad70)
freed by thread T0 here:
    #0 0x7f1df782e2ca in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x982ca)
    #1 0x395049d in MEM_lockfree_freeN /home/lukas/src/bf-blender/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:169
    #2 0x3bf57a1 in blf_glyph_cache_free /home/lukas/src/bf-blender/blender/source/blender/blenfont/intern/blf_glyph.c:154
    #3 0x3bf55f3 in blf_glyph_cache_clear /home/lukas/src/bf-blender/blender/source/blender/blenfont/intern/blf_glyph.c:136
    #4 0x3be8360 in BLF_cache_clear /home/lukas/src/bf-blender/blender/source/blender/blenfont/intern/blf.c:140
    #5 0x191563b in UI_view2d_zoom_cache_reset /home/lukas/src/bf-blender/blender/source/blender/editors/interface/view2d.c:1034
    #6 0x1927522 in view_zoomstep_exit /home/lukas/src/bf-blender/blender/source/blender/editors/interface/view2d_ops.c:744
    #7 0x192778a in view_zoomin_exec /home/lukas/src/bf-blender/blender/source/blender/editors/interface/view2d_ops.c:771
    #8 0x192798e in view_zoomin_invoke /home/lukas/src/bf-blender/blender/source/blender/editors/interface/view2d_ops.c:794
    #9 0xfb8f2d in wm_operator_invoke /home/lukas/src/bf-blender/blender/source/blender/windowmanager/intern/wm_event_system.c:1099
    #10 0xfbc7ad in wm_handler_operator_call /home/lukas/src/bf-blender/blender/source/blender/windowmanager/intern/wm_event_system.c:1751
    #11 0xfbe025 in wm_handlers_do_intern /home/lukas/src/bf-blender/blender/source/blender/windowmanager/intern/wm_event_system.c:2031
    #12 0xfbe828 in wm_handlers_do /home/lukas/src/bf-blender/blender/source/blender/windowmanager/intern/wm_event_system.c:2142
    #13 0xfc0535 in wm_event_do_handlers /home/lukas/src/bf-blender/blender/source/blender/windowmanager/intern/wm_event_system.c:2477
    #14 0xfa33cd in WM_main /home/lukas/src/bf-blender/blender/source/blender/windowmanager/intern/wm.c:489
    #15 0xf99707 in main /home/lukas/src/bf-blender/blender/source/creator/creator.c:527
    #16 0x7f1df2f8a82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

previously allocated by thread T0 here:
    #0 0x7f1df782e79a in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9879a)
    #1 0x39509a4 in MEM_lockfree_callocN /home/lukas/src/bf-blender/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:286
    #2 0x3bf49a7 in blf_glyph_cache_new /home/lukas/src/bf-blender/blender/source/blender/blenfont/intern/blf_glyph.c:85
    #3 0x3bec8a2 in blf_font_size /home/lukas/src/bf-blender/blender/source/blender/blenfont/intern/blf_font.c:105
    #4 0x3be927e in BLF_size /home/lukas/src/bf-blender/blender/source/blender/blenfont/intern/blf.c:452
    #5 0x18b8b1a in UI_fontstyle_set /home/lukas/src/bf-blender/blender/source/blender/editors/interface/interface_style.c:540
    #6 0x18b77fa in UI_fontstyle_string_width /home/lukas/src/bf-blender/blender/source/blender/editors/interface/interface_style.c:379
    #7 0x1867ecc in ui_text_icon_width /home/lukas/src/bf-blender/blender/source/blender/editors/interface/interface_layout.c:238
    #8 0x187378f in uiItemL_ /home/lukas/src/bf-blender/blender/source/blender/editors/interface/interface_layout.c:1854
    #9 0x1873afb in uiItemL /home/lukas/src/bf-blender/blender/source/blender/editors/interface/interface_layout.c:1881
    #10 0x11242d2 in node_socket_button_label /home/lukas/src/bf-blender/blender/source/blender/editors/space_node/drawnode.c:80
    #11 0x1136d0c in std_node_socket_draw /home/lukas/src/bf-blender/blender/source/blender/editors/space_node/drawnode.c:3125
    #12 0x113c2ce in node_update_basis /home/lukas/src/bf-blender/blender/source/blender/editors/space_node/node_draw.c:374
    #13 0x113f2c1 in node_update_default /home/lukas/src/bf-blender/blender/source/blender/editors/space_node/node_draw.c:568
    #14 0x1144712 in node_update /home/lukas/src/bf-blender/blender/source/blender/editors/space_node/node_draw.c:1151
    #15 0x1144780 in node_update_nodetree /home/lukas/src/bf-blender/blender/source/blender/editors/space_node/node_draw.c:1163
    #16 0x1145265 in draw_nodetree /home/lukas/src/bf-blender/blender/source/blender/editors/space_node/node_draw.c:1265
    #17 0x1145de5 in drawnodespace /home/lukas/src/bf-blender/blender/source/blender/editors/space_node/node_draw.c:1373
    #18 0x117307f in node_main_region_draw /home/lukas/src/bf-blender/blender/source/blender/editors/space_node/space_node.c:661
    #19 0x1d4a012 in ED_region_do_draw /home/lukas/src/bf-blender/blender/source/blender/editors/screen/area.c:518
    #20 0xfafaa4 in wm_method_draw_triple /home/lukas/src/bf-blender/blender/source/blender/windowmanager/intern/wm_draw.c:557
    #21 0xfb20f4 in wm_draw_update /home/lukas/src/bf-blender/blender/source/blender/windowmanager/intern/wm_draw.c:956
    #22 0xfa33e5 in WM_main /home/lukas/src/bf-blender/blender/source/blender/windowmanager/intern/wm.c:495
    #23 0xf99707 in main /home/lukas/src/bf-blender/blender/source/creator/creator.c:527
    #24 0x7f1df2f8a82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: heap-use-after-free /home/lukas/src/bf-blender/blender/source/blender/blenfont/intern/blf_font.c:118 blf_font_ensure_ascii_table
Shadow bytes around the buggy address:
  0x0c468001f480: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c468001f490: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c468001f4a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c468001f4b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c468001f4c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c468001f4d0: fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd
  0x0c468001f4e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c468001f4f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c468001f500: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c468001f510: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c468001f520: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
==12123==ABORTING
Vuk Gardašević (lijenstina) triaged this task as "Confirmed" priority.Nov 24 2016, 12:46 PM

I can confirm this issue too.
Win 7 64 bit, AMD X3 455, R7 360, Blender build 411836d

Sergey Sharybin (sergey) lowered the priority of this task from "Confirmed" to "Incomplete".May 18 2017, 4:15 PM

Is it still an issue with latest builds from buildbot? Can see fix from Campbell at rB6a8a679.

Bastien Montagne (mont29) closed this task as "Resolved".May 27 2017, 6:53 PM
Bastien Montagne (mont29) claimed this task.

More than a week without reply. Considering this as resolved for now.

I have the same recurring issue on Blender 2.78c build e92f235 on MacOSX 10.12.5 (Intel i7 cores).

Using the above .blend file, zooming out and in the node editor crashes Blender with the following message:
blender(39268,0x10966b3c0) malloc: *** error for object 0x11300fa00: incorrect checksum for freed object - object was probably modified after being freed.

  • set a breakpoint in malloc_error_break to debug

Abort trap: 6

One positive thing though is that I tested the same scene with the latest Blender 2.8 build and it doesn't crash, not matter how much I zoom in and out.
So if nothing is done for this 2.78c build, at least there will be a fix in version 2.8.