Page MenuHome
Create Task
Maniphest T78392

[2.83.5, 2.90, 2.91] Crash on undo/ redo after changing modes
Closed, ResolvedPublicBUG
Actions

Description

System Information
Operating system: Windows-10-10.0.18362-SP0 64 Bits
Graphics card: GeForce GTX 1080/PCIe/SSE2 NVIDIA Corporation 4.5.0 NVIDIA 442.19

Blender Version
Broken: version: 2.90.0 Alpha, branch: master, commit date: 2020-06-27 21:56, hash: rB59d2dd2237ce
Broken: version: 2.83.1, branch: master, commit date: 2020-06-25 09:47, hash: rB8289fc688b3e
Worked: 2.82 (sub 7), branch: master, commit date: 2020-02-12 16:20, hash: rB77d23b0bd76f

Short description of error
Crashes when undo/ redo enters and exits different modes; tested with object and edit mode on default startup file and consistently crashes.

Exact steps for others to reproduce the error

  • select default cube and press (tab) several times to cycle modes from object to edit mode (3-4 times or more)
  • undo shortcut (ctrl z) several times (3-4 times or more causes crash)
  • redo shortcut (ctrl shift z) crashes blender (always crashes on the 3rd or 4th redo on my system)

Based on the default 2.83.1 and 2.9 startup files; tested on 2.82 with 256 undo/ redo steps without any crashes.

Revisions and Commits

rB Blender
rBa4be38c0650b Fix T78392: [2.83.5, 2.90, 2.91] Crash on undo/ redo after changing modes.
rBec6d32b238da Fix T78392: [2.83.5, 2.90, 2.91] Crash on undo/ redo after changing modes.

Related Objects

Event Timeline

Jawad Alshakhs (jshakhs) created this task.Jun 28 2020, 8:56 PM
Vincent Blankfield (vvv) added a subscriber: Vincent Blankfield (vvv).Jun 29 2020, 11:17 PM

Reproduced. Crashes on redo. No crash with Preferences > Experimental > Undo Legacy.

Stack trace:

>	ui_but_value_get(but=0x000001b9137e2e48) Line 2378
 	ui_but_is_pushed_ex(but=0x000001b9137e2e48, value=0x00000063c4bfea70) Line 2002
 	[Inline Frame] ui_but_update_select_flag() Line 2086
 	ui_but_update_ex(but=0x000001b9137e2e48, validate) Line 3506
 	[Inline Frame] ui_but_update() Line 3676
 	[Inline Frame] ui_but_update_and_icon_set() Line 4631
 	uiDefIconBut(block, type, retval, icon=546, x=0, y=0, width=20, height=20, poin=0x0000000000000068, min=1.00000000, max=0.000000000, a1=0.000000000, a2=0.000000000, tip=0x00007ff6cd3022b0) Line 5019
 	uiDefIconButBit(block=0x000001b9137b3a38, type, bit, retval, icon=546, x=0, y=0, width=20, height=20, poin=0x0000000000000068, min=1.00000000, max=0.000000000, a1=0.000000000, a2=0.000000000, tip=0x00007ff6cd3022b0) Line 5057
 	uiTemplateEditModeSelection(layout=0x000001b913436f68, C) Line 162
 	uiTemplateHeader3D_mode(layout=0x000001b913436f68, C=0x000001b904858c18) Line 238
 	RNA_function_call(C, reports, ptr, func, parms=0x00000063c4bfef88) Line 7494
 	pyrna_func_call(self, args, kw=0x0000000000000000) Line 6328
 	[External Code]	
 	bpy_class_call(C=0x000001b904858c18, ptr=0x00000063c4bff950, func=0x00007ff6ceeff300, parms=0x00000063c4bff968) Line 8513
 	header_draw(C=0x000001b904858c18, hdr=0x00000063c4bff9f0) Line 707
 	ED_region_header_layout(C=0x000001b904858c18, region=0x000001b9074367f8) Line 2872
 	ED_region_header(C=0x000001b904858c18, region=0x000001b9074367f8) Line 2935
 	ED_region_do_draw(C=0x000001b904858c18, region=0x000001b9074367f8) Line 543
 	wm_draw_window_offscreen(C=0x000001b904858c18, win=0x000001b906eaa2b8, stereo) Line 713
 	wm_draw_window(C=0x000001b904858c18, win=0x000001b906eaa2b8) Line 841
 	wm_draw_update(C=0x000001b904858c18) Line 1042
 	WM_main(C=0x000001b904858c18) Line 482
 	main(argc=1, UNUSED_argv_c=0x0000000000000000) Line 534
 	[External Code]

This:

diff --git a/source/blender/editors/space_view3d/view3d_header.c b/source/blender/editors/space_view3d/view3d_header.c
index f2e42cd1725..3668c3060a2 100644
--- a/source/blender/editors/space_view3d/view3d_header.c
+++ b/source/blender/editors/space_view3d/view3d_header.c
@@ -136,11 +136,34 @@ void uiTemplateEditModeSelection(uiLayout *layout, struct bContext *C)

   UI_block_func_handle_set(block, do_view3d_header_buttons, NULL);

+  //////////////////////////////////////////////////////////////////////////////////////////
+  printf("Entered uiTemplateEditModeSelection in %s\n", CTX_data_mode_string(C));
+  //////////////////////////////////////////////////////////////////////////////////////////
+
   if (obedit && (obedit->type == OB_MESH)) {
     BMEditMesh *em = BKE_editmesh_from_object(obedit);
     uiLayout *row;
     uiBut *but;

+    //////////////////////////////////////////////////////////////////////////////////////////
+    if (BKE_editmesh_from_object(CTX_data_edit_object(C)) == NULL) {
+      printf("Context says we're in %s\n", CTX_data_mode_string(C));
+      printf("But there's no edit object editmesh\n");
+      printf("em=%x, &em-selectmode=%x\n", em, &em->selectmode);
+      printf("If we continue execution, we will crash in ui_but_value_get() Line 2378\n");
+      printf("Because it will try to access (short *)but->poin\n");
+      printf("which is BKE_editmesh_from_object(CTX_data_edit_object(C))->selectmode\n");
+      printf("and BKE_editmesh_from_object(CTX_data_edit_object(C)) is NULL\n");
+      printf("So I'm going to return now.\n");
+      printf("Notice how the viewport mode button is now broken.\n");
+      printf("Also all further redos will fail here.\n");
+      printf("An attempt to switch the mode (using tab or the button) may crash or recover\n");
+      printf("from this broken state.\n");
+      return;
+    }
+    //////////////////////////////////////////////////////////////////////////////////////////
+
     row = uiLayoutRow(layout, true);
     block = uiLayoutGetBlock(row);
     but = uiDefIconButBitS(

will give following output (just hitting Ctrl+Shift+Z after tabbing a bunch of times, and undoing it all):

Entered uiTemplateEditModeSelection in objectmode
Entered uiTemplateEditModeSelection in mesh_edit
Entered uiTemplateEditModeSelection in objectmode
Entered uiTemplateEditModeSelection in mesh_edit
Entered uiTemplateEditModeSelection in objectmode
Entered uiTemplateEditModeSelection in mesh_edit
Entered uiTemplateEditModeSelection in mesh_edit
Context says we're in mesh_edit
But there's no edit object editmesh
em=0, &em-selectmode=68
If we continue execution, we will crash in ui_but_value_get() Line 2378
Because it will try to access (short *)but->poin
which is BKE_editmesh_from_object(CTX_data_edit_object(C))->selectmode
and BKE_editmesh_from_object(CTX_data_edit_object(C)) is NULL
So I'm going to return now.
Notice how the viewport mode button is now broken.
Also all further redos will fail here.
An attempt to switch the mode (using tab or the button) may crash or recover
from this broken state.

So in the last "bad" redo the context got messed up, indicating that we're in edit mode, when we should've been and indeed are in object mode (notice the switches edit-object-edit-edit).

Jawad Alshakhs (jshakhs) added a comment.Jun 30 2020, 3:20 PM

Hi Vincent, thanks for your feedback, great to know legacy undo doesn't have the same issue, I just tried it and it works as expected.

Richard Antalik (ISS) changed the task status from Needs Triage to Confirmed.Jul 1 2020, 2:31 AM
Richard Antalik (ISS) added a project: User Interface.
Kevin Buhr (buhr) added a subscriber: Kevin Buhr (buhr).Jul 3 2020, 6:03 AM
Kevin Buhr (buhr) mentioned this in T79049: Crash on redo/undo.Jul 19 2020, 8:37 AM
Robert Guetzkow (rjg) merged a task: T79049: Crash on redo/undo.Jul 19 2020, 11:10 AM
Robert Guetzkow (rjg) added subscribers: Marshall Dale Tavares (Phos), Robert Guetzkow (rjg).
Hans Goudey (HooglyBoogly) triaged this task as High priority.Tue, Sep 8, 11:04 PM
Hans Goudey (HooglyBoogly) added a project: Data, Assets & I/O.
Hans Goudey (HooglyBoogly) changed the subtype of this task from "Report" to "Bug".
Hans Goudey (HooglyBoogly) added a subscriber: Hans Goudey (HooglyBoogly).

I can reproduce this easily by holding down tab so it quickly cycles between modes on the default cube, then undoing a few times, then redoing.

This seems more like an undo bug though, so I'm tagging the correct project.

This also applies to 2.90

Hans Goudey (HooglyBoogly) added a comment.Tue, Sep 8, 11:07 PM

And 2.83.5 as well

Hans Goudey (HooglyBoogly) renamed this task from Crash on undo/ redo while changing modes to [2.83.5, 2.90, 2.91] Crash on undo/ redo after changing modes.Tue, Sep 8, 11:08 PM
Hans Goudey (HooglyBoogly) mentioned this in T80377: Crash after multiple Undo/redo after switching between Edit mode and Object mode.Fri, Sep 11, 5:02 PM
Hans Goudey (HooglyBoogly) merged a task: T80377: Crash after multiple Undo/redo after switching between Edit mode and Object mode.Fri, Sep 11, 5:04 PM
Hans Goudey (HooglyBoogly) added subscribers: Filip Kokoška (WuTangH), Bastien Montagne (mont29), Julian Eisel (Severin) and 4 others.
Dalai Felinto (dfelinto) assigned this task to Bastien Montagne (mont29).Sat, Sep 12, 11:53 AM

@Hans Goudey (HooglyBoogly) when merging tasks remember to bring over the relevant information to the one that remains open.

As mentioned in T80377 simpler/exact steps to reproduce as well as assigning to Bastien since it is "new" undo related:

I can reproduce with the following:

  • Tab
  • Tab
  • Tab
  • Tab
  • Ctrl + Z (undo)
  • Shift Ctrl + Z (redo)
Bastien Montagne (mont29) moved this task from Backlog to Blender 2.90 on the Data, Assets & I/O board.Mon, Sep 14, 2:56 PM
Bastien Montagne (mont29) closed this task as Resolved by committing rBec6d32b238da: Fix T78392: [2.83.5, 2.90, 2.91] Crash on undo/ redo after changing modes..Mon, Sep 14, 2:59 PM
Bastien Montagne (mont29) added a commit: rBec6d32b238da: Fix T78392: [2.83.5, 2.90, 2.91] Crash on undo/ redo after changing modes..
Bastien Montagne (mont29) mentioned this in T77348: Blender LTS: Maintenance Task.Mon, Sep 14, 3:03 PM
Jeroen Bakker (jbakker) added a commit: rBa4be38c0650b: Fix T78392: [2.83.5, 2.90, 2.91] Crash on undo/ redo after changing modes..Wed, Sep 16, 2:41 PM