Crash on Proportional Editing Curve Object #84453

New Issue

Fabio · 2021-01-06T12:25:31+01:00

Fabio commented

2021-01-06 12:25:31 +01:00

System Information
Operating system: Windows-10-10.0.19041-SP0 64 Bits
Graphics card: GeForce GTX 960M/PCIe/SSE2 NVIDIA Corporation 4.5.0 NVIDIA 460.89

Blender Version
Broken: version: 2.91.0, branch: master, commit date: 2020-11-25 08:34, hash: 0f45cab862
Worked: (newest version of Blender that worked as expected)

Short description of error
Curve object, edit mode, enable proportional editing and connected only, then hide a control point and try to move one of other control point, blender crush, it seems to happen only with curve object.

Exact steps for others to reproduce the error
This file replicate the error, you just try to move a control point in edit mode
PROPORTIONAL EDITING_CURVE OBJECT_CRUSH.blend

Thank you very much!

**System Information** Operating system: Windows-10-10.0.19041-SP0 64 Bits Graphics card: GeForce GTX 960M/PCIe/SSE2 NVIDIA Corporation 4.5.0 NVIDIA 460.89 **Blender Version** Broken: version: 2.91.0, branch: master, commit date: 2020-11-25 08:34, hash: `0f45cab862` Worked: (newest version of Blender that worked as expected) **Short description of error** Curve object, edit mode, enable proportional editing and connected only, then hide a control point and try to move one of other control point, blender crush, it seems to happen only with curve object. **Exact steps for others to reproduce the error** This file replicate the error, you just try to move a control point in edit mode [PROPORTIONAL EDITING_CURVE OBJECT_CRUSH.blend](https://archive.blender.org/developer/F9553062/PROPORTIONAL_EDITING_CURVE_OBJECT_CRUSH.blend) Thank you very much!

Fabio commented

2021-01-06 12:25:31 +01:00

Added subscriber: @piccattof

Falk David commented

2021-01-06 12:52:14 +01:00

Added subscriber: @filedescriptor

Falk David commented

2021-01-06 12:52:14 +01:00

Changed status from 'Needs Triage' to: 'Confirmed'

Falk David commented

2021-01-06 12:52:14 +01:00

I can confirm this on 2.92.0 Alpha, branch: master, commit date: 2021-01-06 10:55, hash: 4e23f08807. Here is the output of ASAN:

==331475==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61d00115ba30 at pc 0x000008ec0ee6 bp 0x7fffffffcc90 sp 0x7fffffffcc80
WRITE of size 4 at 0x61d00115ba30 thread T0
    - 0 0x8ec0ee5 in copy_v3_v3 /.../blender-git/blender/source/blender/blenlib/intern/math_vector_inline.c:63
    - 1 0x8ec5335 in createTransCurveVerts /.../blender-git/blender/source/blender/editors/transform/transform_convert_curve.c:310
    - 2 0x8e8facb in createTransData /.../blender-git/blender/source/blender/editors/transform/transform_convert.c:1187
    - 3 0x8e6b448 in initTransform /.../blender-git/blender/source/blender/editors/transform/transform.c:1726
    - 4 0x9084b13 in transformops_data /.../blender-git/blender/source/blender/editors/transform/transform_ops.c:394
    - 5 0x90856cc in transform_invoke /.../blender-git/blender/source/blender/editors/transform/transform_ops.c:510
    - 6 0x4fbd80d in wm_operator_invoke /.../blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1300
    - 7 0x4fc5bce in wm_handler_operator_call /.../blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2141
    - 8 0x4fc96f4 in wm_handlers_do_keymap_with_keymap_handler /.../blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2466
    - 9 0x4fccea8 in wm_handlers_do_intern /.../blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2762
    - 10 0x4fce135 in wm_handlers_do /.../blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2886
    - 11 0x4fd44b9 in wm_event_do_handlers /.../blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:3382
    - 12 0x4fa103e in WM_main /.../blender-git/blender/source/blender/windowmanager/intern/wm.c:635
    - 13 0x35389d9 in main /.../blender-git/blender/source/creator/creator.c:522
    - 14 0x7ffff6ea1cb1 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x28cb1)
    - 15 0x3537b8d in _start (/.../blender-git/build_linux_debug/bin/blender+0x3537b8d)

I can confirm this on 2.92.0 Alpha, branch: master, commit date: 2021-01-06 10:55, hash: `4e23f08807`. Here is the output of ASAN: ``` ==331475==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61d00115ba30 at pc 0x000008ec0ee6 bp 0x7fffffffcc90 sp 0x7fffffffcc80 WRITE of size 4 at 0x61d00115ba30 thread T0 - 0 0x8ec0ee5 in copy_v3_v3 /.../blender-git/blender/source/blender/blenlib/intern/math_vector_inline.c:63 - 1 0x8ec5335 in createTransCurveVerts /.../blender-git/blender/source/blender/editors/transform/transform_convert_curve.c:310 - 2 0x8e8facb in createTransData /.../blender-git/blender/source/blender/editors/transform/transform_convert.c:1187 - 3 0x8e6b448 in initTransform /.../blender-git/blender/source/blender/editors/transform/transform.c:1726 - 4 0x9084b13 in transformops_data /.../blender-git/blender/source/blender/editors/transform/transform_ops.c:394 - 5 0x90856cc in transform_invoke /.../blender-git/blender/source/blender/editors/transform/transform_ops.c:510 - 6 0x4fbd80d in wm_operator_invoke /.../blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1300 - 7 0x4fc5bce in wm_handler_operator_call /.../blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2141 - 8 0x4fc96f4 in wm_handlers_do_keymap_with_keymap_handler /.../blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2466 - 9 0x4fccea8 in wm_handlers_do_intern /.../blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2762 - 10 0x4fce135 in wm_handlers_do /.../blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2886 - 11 0x4fd44b9 in wm_event_do_handlers /.../blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:3382 - 12 0x4fa103e in WM_main /.../blender-git/blender/source/blender/windowmanager/intern/wm.c:635 - 13 0x35389d9 in main /.../blender-git/blender/source/creator/creator.c:522 - 14 0x7ffff6ea1cb1 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x28cb1) - 15 0x3537b8d in _start (/.../blender-git/build_linux_debug/bin/blender+0x3537b8d) ```

Philipp Oeser commented

2021-01-06 12:53:55 +01:00

Added subscriber: @lichtwerk

Philipp Oeser commented

2021-01-06 12:53:55 +01:00

I dont get immediate crashes, but I had a crash when closing blender after the above repro steps:

# backtrace
./blender(BLI_system_backtrace+0x20) [0x8642740]
./blender() [0xeac81a]
/lib64/libpthread.so.0(+0x141e0) [0x7f3f81a651e0]
./blender() [0xebb240]
./blender() [0x85a20d7]
./blender(BLI_ghash_free+0x4e) [0x85a2a4e]
./blender(BKE_curve_editNurb_keyIndex_free+0x1a) [0xebeb9a]
./blender() [0x1cc05e8]
./blender() [0x1c84d92]
./blender(BKE_undosys_stack_clear+0x47) [0x1c84f27]
./blender(BKE_undosys_stack_destroy+0x9) [0x1c84fa9]
./blender(ED_editors_exit+0xef) [0x726ea9f]
./blender(WM_exit_ex+0x156) [0x12445e6]
./blender(WM_exit+0xe) [0x12449ee]
./blender() [0x1244a19]
./blender() [0x1237f7e]
./blender() [0x12385cc]
./blender(wm_event_do_handlers+0x416) [0x1238db6]
./blender(WM_main+0x20) [0x122f9d0]
./blender(main+0x31e) [0xde69de]
/lib64/libc.so.6(__libc_start_main+0xf2) [0x7f3f8134b1e2]
./blender() [0xea9213]

# Python backtrace

1   ??                                                              0x7fffd13956ce 
2   ??                                                              0x7fffd13afb42 
3   blender::gpu::GLContext::buf_free     gl_context.cc        261  0xa2166c2      
4   blender::gpu::GLVertBuf::release_data gl_vertex_buffer.cc  45   0xa2260eb      
5   blender::gpu::VertBuf::clear          gpu_vertex_buffer.cc 71   0xa20e5af      
6   GPU_vertbuf_discard                   gpu_vertex_buffer.cc 160  0xa20e8d1      
7   temp_buffer_handle_free               draw_instance_data.c 211  0x35b1e2f      
8   BLI_memblock_destroy                  BLI_memblock.c       91   0xb6c3772      
9   DRW_instance_data_list_free           draw_instance_data.c 362  0x35b2401      
10  GPU_viewport_free                     gpu_viewport.c       1037 0xa2130e2      
11  wm_draw_region_buffer_free            wm_draw.c            415  0x3241b13      
12  WM_draw_region_free                   wm_draw.c            1096 0x3243534      
13  ED_view3d_stop_render_preview         space_view3d.c       244  0x4284e6a      
14  view3d_main_region_exit               space_view3d.c       462  0x42858c2      
15  ED_region_exit                        screen_edit.c        579  0x3bd5432      
16  ED_area_exit                          screen_edit.c        616  0x3bd55dc      
17  ED_screen_exit                        screen_edit.c        649  0x3bd5771      
18  WM_exit_ex                            wm_init_exit.c       511  0x325e011      
19  WM_exit                               wm_init_exit.c       674  0x325e29d      
20  wm_exit_handler                       wm_init_exit.c       447  0x325ddab

I dont get immediate crashes, but I had a crash when closing blender after the above repro steps: ``` # backtrace ./blender(BLI_system_backtrace+0x20) [0x8642740] ./blender() [0xeac81a] /lib64/libpthread.so.0(+0x141e0) [0x7f3f81a651e0] ./blender() [0xebb240] ./blender() [0x85a20d7] ./blender(BLI_ghash_free+0x4e) [0x85a2a4e] ./blender(BKE_curve_editNurb_keyIndex_free+0x1a) [0xebeb9a] ./blender() [0x1cc05e8] ./blender() [0x1c84d92] ./blender(BKE_undosys_stack_clear+0x47) [0x1c84f27] ./blender(BKE_undosys_stack_destroy+0x9) [0x1c84fa9] ./blender(ED_editors_exit+0xef) [0x726ea9f] ./blender(WM_exit_ex+0x156) [0x12445e6] ./blender(WM_exit+0xe) [0x12449ee] ./blender() [0x1244a19] ./blender() [0x1237f7e] ./blender() [0x12385cc] ./blender(wm_event_do_handlers+0x416) [0x1238db6] ./blender(WM_main+0x20) [0x122f9d0] ./blender(main+0x31e) [0xde69de] /lib64/libc.so.6(__libc_start_main+0xf2) [0x7f3f8134b1e2] ./blender() [0xea9213] # Python backtrace ``` ``` 1 ?? 0x7fffd13956ce 2 ?? 0x7fffd13afb42 3 blender::gpu::GLContext::buf_free gl_context.cc 261 0xa2166c2 4 blender::gpu::GLVertBuf::release_data gl_vertex_buffer.cc 45 0xa2260eb 5 blender::gpu::VertBuf::clear gpu_vertex_buffer.cc 71 0xa20e5af 6 GPU_vertbuf_discard gpu_vertex_buffer.cc 160 0xa20e8d1 7 temp_buffer_handle_free draw_instance_data.c 211 0x35b1e2f 8 BLI_memblock_destroy BLI_memblock.c 91 0xb6c3772 9 DRW_instance_data_list_free draw_instance_data.c 362 0x35b2401 10 GPU_viewport_free gpu_viewport.c 1037 0xa2130e2 11 wm_draw_region_buffer_free wm_draw.c 415 0x3241b13 12 WM_draw_region_free wm_draw.c 1096 0x3243534 13 ED_view3d_stop_render_preview space_view3d.c 244 0x4284e6a 14 view3d_main_region_exit space_view3d.c 462 0x42858c2 15 ED_region_exit screen_edit.c 579 0x3bd5432 16 ED_area_exit screen_edit.c 616 0x3bd55dc 17 ED_screen_exit screen_edit.c 649 0x3bd5771 18 WM_exit_ex wm_init_exit.c 511 0x325e011 19 WM_exit wm_init_exit.c 674 0x325e29d 20 wm_exit_handler wm_init_exit.c 447 0x325ddab ```

Falk David self-assigned this 2021-01-06 12:54:33 +01:00

Falk David commented

2021-01-06 14:32:03 +01:00

On a related note: It seems that curves don't hide the curve itself when a handle is hidden. This is inconsistent regarding meshes and other objects.