Page MenuHome

Crash during texture baking - Bad copy ctor for DynamicArray inside makesrna.c
Closed, ResolvedPublic

Description

System Information
Operating system: Windows-10-10.0.18362-SP0 64 Bits
Graphics card: Quadro 600/PCIe/SSE2 NVIDIA Corporation 4.5.0 NVIDIA 369.09

Blender Version
Broken: version: 2.90 (sub 3), branch: master, commit date: 2020-05-22 20:59, hash: rB86fa8dc7f73a
Broken: version: 2.83 has the same code as well...
Worked: n/a

Short description of error
The copy ctor for DynamicArray has a bug which attempts to free uninitialized memory. This was caught when attempting to bake a simple normal map on 2 objects using a Debug build.

Exact steps for others to reproduce the error

  • Open attached .blend
  • Hit Bake

data is 0xcccccccccccccccc

blender.exe!BL::DynamicArray<float>::copy_from(const BL::DynamicArray<float> & other) Line 228	C++
blender.exe!BL::DynamicArray<float>::DynamicArray<float>(const BL::DynamicArray<float> & other) Line 219	C++
blender.exe!BL::RenderPass::rect() Line 54362	C++
blender.exe!ccl::BlenderSession::do_write_update_render_tile(ccl::RenderTile & rtile, bool do_update_only, bool do_read_only, bool highlight) Line 355	C++
blender.exe!ccl::BlenderSession::read_render_tile(ccl::RenderTile & rtile) Line 383	C++
[External Code]	
blender.exe!ccl::Session::acquire_tile(ccl::RenderTile & rtile, ccl::Device * tile_device, unsigned int tile_types) Line 467	C++
[External Code]	
blender.exe!ccl::CPUDevice::thread_render(ccl::DeviceTask & task) Line 1026	C++
blender.exe!ccl::CPUDevice::thread_run(ccl::DeviceTask * task) Line 533	C++

Revisions and Commits

Event Timeline

Can not reproduce on version: 2.90 (sub 3), branch: master, commit date: 2020-05-24 19:14, hash: rBf13b6875516f

Operating system: Windows-10-10.0.18362-SP0 64 Bits
Graphics card: Radeon RX550/550 Series ATI Technologies Inc. 4.5.13587 Core Profile Context 20.4.1 26.20.15029.20013

For uninitialized ram to be 0xcccccccccccccccc with MSVC you have to be using a debug build, otherwise it may just randomly have the lucky value of 0 and not trigger the bug.

i can repro with current master on windows, on linux asan ought to catch it.

Richard Antalik (ISS) changed the task status from Needs Triage to Confirmed.Mon, May 25, 5:40 PM

For uninitialized ram to be 0xcccccccccccccccc with MSVC you have to be using a debug build, otherwise it may just randomly have the lucky value of 0 and not trigger the bug.

i can repro with current master on windows, on linux asan ought to catch it.

Thanks, I didn't know this though I guess I should, otherwise I am guessing...

Will confirm then.