blender
/
blender
129
397
Fork 571
Code Issues 6.2k Pull Requests 752 Projects 19 Wiki Activity

uv_on_emitter crash #84588

New Issue
Closed
opened 2021-01-11 11:07:38 +01:00 by Roman Markov · 14 comments
Roman Markov commented 2021-01-11 11:07:38 +01:00
Copy Link

System Information
Operating system: Windows-10-10.0.18362-SP0 64 Bits
Graphics card: GeForce GTX 760M/PCIe/SSE2 NVIDIA Corporation 4.5.0 NVIDIA 425.31

Blender Version
Broken:

  • 2.92.0 Alpha, branch: master, commit date: 2020-11-26 23:29, hash: 1709bc5164
  • 2.92.0 Alpha, branch: master, commit date: 2021-01-07 22:28, hash: 61f1faac3f
  • 2.91.0
  • 2.83.10
    Worked: ?

Crashes:

  • Running bpy.types.Particle.uv_on_emitter() results in unexpected behavior, including returning nan, 0, <number>e-40/e+40 in different combinations and eventually giving an EXCEPTION_ACCESS_VIOLATION crash. The behavior is present when accompanied by viewport updates of any sort and having other modifiers on the mesh. Open the attached file and run the uv_on_emitter_crash script multiple times.

  • Running bpy.types.ParticleSystem.uv_on_emitter() results in an EXCEPTION_ACCESS_VIOLATION crash if the particle parameter is not specified. Open the attached file and run the no_particle_crash script.

uv_on_emitter_crash_test.blend

210111_130012_%pn_%t.mp4

**System Information** Operating system: Windows-10-10.0.18362-SP0 64 Bits Graphics card: GeForce GTX 760M/PCIe/SSE2 NVIDIA Corporation 4.5.0 NVIDIA 425.31 **Blender Version** Broken: - 2.92.0 Alpha, branch: master, commit date: 2020-11-26 23:29, hash: `1709bc5164` - 2.92.0 Alpha, branch: master, commit date: 2021-01-07 22:28, hash: `61f1faac3f` - 2.91.0 - 2.83.10 Worked: ? **Crashes:** - Running **[bpy.types.Particle.uv_on_emitter() ](https://docs.blender.org/api/current/bpy.types.Particle.html#bpy.types.Particle.uv_on_emitter)** results in unexpected behavior, including returning `nan`, `0`, `<number>e-40/e+40` in different combinations and eventually giving an `EXCEPTION_ACCESS_VIOLATION` crash. The behavior is present when accompanied by viewport updates of any sort and having other modifiers on the mesh. Open the attached file and run the `uv_on_emitter_crash` script multiple times. - Running **[bpy.types.ParticleSystem.uv_on_emitter() ](https://docs.blender.org/api/current/bpy.types.ParticleSystem.html#bpy.types.ParticleSystem.uv_on_emitter)** results in an `EXCEPTION_ACCESS_VIOLATION` crash if the `particle` parameter is not specified. Open the attached file and run the `no_particle_crash` script. [uv_on_emitter_crash_test.blend](https://archive.blender.org/developer/F9559650/uv_on_emitter_crash_test.blend) [210111_130012_%pn_%t.mp4](https://archive.blender.org/developer/F9559649/210111_130012__pn__t.mp4)
Roman Markov commented 2021-01-11 11:07:38 +01:00
Author
Copy Link

Added subscriber: @unwave

Added subscriber: @unwave
Robert Guetzkow commented 2021-01-11 12:04:14 +01:00
Member
Copy Link

Added subscriber: @rjg

Added subscriber: @rjg
Robert Guetzkow commented 2021-01-11 12:04:14 +01:00
Member
Copy Link

Running the script causes a heap-buffer overflow for me, according to ASAN.

2.92:

## 11307==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fffbefc17c8 at pc 0x000003a46d83 bp 0x7fffffffc030 sp 0x7fffffffc020
READ of size 4 at 0x7fffbefc17c8 thread T0
    - 0 0x3a46d82 in psys_interpolate_uvs /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/particle.c:1789
    - 1 0x73aa7f2 in rna_Particle_uv_on_emitter /home/dev/01-data/01-git/blender-git/blender/source/blender/makesrna/intern/rna_particle.c:424
    - 2 0x73eda92 in Particle_uv_on_emitter_call /home/dev/01-data/01-git/blender-git/build_linux_debug_full/source/blender/makesrna/intern/rna_particle_gen.c:5207
    - 3 0x6dfcd53 in RNA_function_call /home/dev/01-data/01-git/blender-git/blender/source/blender/makesrna/intern/rna_access.c:7548
    - 4 0x7856cff in pyrna_func_call /home/dev/01-data/01-git/blender-git/blender/source/blender/python/intern/bpy_rna.c:6315
    - 5 0x17567e56 in _PyObject_FastCallKeywords Objects/call.c:199
    - 6 0x351a3c2 in call_function Python/ceval.c:4619
    - 7 0x351f2f3 in _PyEval_EvalFrameDefault Python/ceval.c:3139
    - 8 0x351917a in function_code_fastcall Objects/call.c:283
    - 9 0x351a414 in call_function Python/ceval.c:4616
    - 10 0x351eae3 in _PyEval_EvalFrameDefault Python/ceval.c:3124
    - 11 0x17608c0c in _PyEval_EvalCodeWithName Python/ceval.c:3930
    - 12 0x17608e8d in PyEval_EvalCodeEx Python/ceval.c:3959
    - 13 0x17608eba in PyEval_EvalCode Python/ceval.c:524
    - 14 0x781f04e in python_script_exec /home/dev/01-data/01-git/blender-git/blender/source/blender/python/intern/bpy_interface_run.c:125
    - 15 0x781f916 in BPY_run_text /home/dev/01-data/01-git/blender-git/blender/source/blender/python/intern/bpy_interface_run.c:221
    - 16 0x9927e13 in text_run_script /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_text/text_ops.c:771
    - 17 0x992802e in text_run_script_exec /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_text/text_ops.c:810
    - 18 0x4fe1f42 in wm_operator_invoke /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1312
    - 19 0x4fe38ad in wm_operator_call_internal /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1507
    - 20 0x4fe3b0c in WM_operator_name_call_ptr /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1555
    - 21 0x91d7654 in ui_apply_but_funcs_after /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/interface/interface_handlers.c:939
    - 22 0x92618b4 in ui_handler_region_menu /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/interface/interface_handlers.c:10848
    - 23 0x4fdb116 in wm_handler_ui_call /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:643
    - 24 0x4ff128a in wm_handlers_do_intern /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2778
    - 25 0x4ff22cc in wm_handlers_do /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2886
    - 26 0x4ff79d3 in wm_event_do_handlers /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:3309
    - 27 0x4fc51df in WM_main /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm.c:635
    - 28 0x3523a7a in main /home/dev/01-data/01-git/blender-git/blender/source/creator/creator.c:522
    - 29 0x7ffff6e490b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    #30 0x3522c2d in _start (/home/dev/01-data/01-git/blender-git/build_linux_debug_full/bin/blender+0x3522c2d)

0x7fffbefc17c8 is located 56 bytes to the left of 294920-byte region [0x7fffbefc1800,0x7fffbf009808)
allocated by thread T0 here:
    - 0 0x7ffff7690dc6 in calloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10ddc6)
    - 1 0x18fc5d8f in MEM_lockfree_callocN /home/dev/01-data/01-git/blender-git/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:235
    - 2 0x18fc6071 in MEM_lockfree_calloc_arrayN /home/dev/01-data/01-git/blender-git/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:267
    - 3 0x4cdabdc in customData_add_layer__internal /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/customdata.c:2536
    - 4 0x4cdc6bd in CustomData_add_layer_named /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/customdata.c:2643
    - 5 0x4ce3d87 in CustomData_from_bmeshpoly /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/customdata.c:3337
    - 6 0x385a1b7 in BKE_mesh_tessface_calc_ex /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/mesh_evaluate.c:3231
    - 7 0x38275dd in BKE_mesh_tessface_calc /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/mesh.c:1543
    - 8 0x38277a3 in BKE_mesh_tessface_ensure /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/mesh.c:1560
    - 9 0x6a36854 in deformVerts /home/dev/01-data/01-git/blender-git/blender/source/blender/modifiers/intern/MOD_particlesystem.c:173
    - 10 0x38c87e9 in BKE_modifier_deform_verts /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/modifier.c:1070
    - 11 0x4afdf51 in mesh_calc_modifiers /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/DerivedMesh.cc:1169
    - 12 0x4b05d12 in mesh_build_data /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/DerivedMesh.cc:1872
    - 13 0x4b079db in makeDerivedMesh /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/DerivedMesh.cc:2020
    - 14 0x39fa95a in BKE_object_handle_data_update /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/object_update.c:193
    - 15 0x39fd700 in BKE_object_eval_uber_data /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/object_update.c:385
    - 16 0x174a0787 in void std::__invoke_impl<void, void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>(std::__invoke_other, void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*&&, Scene*&, Object*&) /usr/include/c++/9/bits/invoke.h:60
    - 17 0x17498c83 in std::__invoke_result<void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>::type std::__invoke<void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>(void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*&&, Scene*&, Object*&) /usr/include/c++/9/bits/invoke.h:95
    - 18 0x1748cc86 in void std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>::__call<void, Depsgraph*&&, 0ul, 1ul, 2ul>(std::tuple<Depsgraph*&&>&&, std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/9/functional:400
    - 19 0x174813c7 in void std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>::operator()<Depsgraph*, void>(Depsgraph*&&) /usr/include/c++/9/functional:484
    - 20 0x17476561 in std::_Function_handler<void (Depsgraph*), std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)> >::_M_invoke(std::_Any_data const&, Depsgraph*&&) /usr/include/c++/9/bits/std_function.h:300
    - 21 0x173ea428 in std::function<void (Depsgraph*)>::operator()(Depsgraph*) const /usr/include/c++/9/bits/std_function.h:688
    - 22 0x173e5997 in evaluate_node /home/dev/01-data/01-git/blender-git/blender/source/blender/depsgraph/intern/eval/deg_eval.cc:113
    - 23 0x173e59e6 in deg_task_run_func /home/dev/01-data/01-git/blender-git/blender/source/blender/depsgraph/intern/eval/deg_eval.cc:124
    - 24 0x18f86174 in Task::operator()() const::{lambda()#1}::operator()() const /home/dev/01-data/01-git/blender-git/blender/source/blender/blenlib/intern/task_pool.cc:118
    - 25 0x18f875e7 in tbb::interface7::internal::delegated_function<Task::operator()() const::{lambda()#1} const, void>::operator()() const /home/dev/01-data/01-git/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task_arena.h:93
    - 26 0x4fabf94 in tbb::interface7::internal::isolate_within_arena(tbb::interface7::internal::delegate_base&, long) (/home/dev/01-data/01-git/blender-git/build_linux_debug_full/bin/blender+0x4fabf94)
    - 27 0x7fffffffb7ff  ([stack]+0x1e7ff)

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/particle.c:1789 in psys_interpolate_uvs
Shadow bytes around the buggy address:
  0x100077df02a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x100077df02b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x100077df02c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x100077df02d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x100077df02e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
# >0x100077df02f0: fa fa fa fa fa fa fa fa fa[fa]fa fa fa fa fa fa
  0x100077df0300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100077df0310: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100077df0320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100077df0330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100077df0340: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):

Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc

2.91:

## 11422==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fedc63af7c8 at pc 0x000003906891 bp 0x7ffdc20a2f20 sp 0x7ffdc20a2f10
READ of size 4 at 0x7fedc63af7c8 thread T0
    - 0 0x3906890 in psys_interpolate_uvs /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/particle.c:1505
    - 1 0x6e5900f in rna_Particle_uv_on_emitter /home/dev/01-data/01-git/blender-git/blender/source/blender/makesrna/intern/rna_particle.c:424
    - 2 0x6e9c2af in Particle_uv_on_emitter_call /home/dev/01-data/01-git/blender-git/build_linux_debug_full/source/blender/makesrna/intern/rna_particle_gen.c:5206
    - 3 0x690517a in RNA_function_call /home/dev/01-data/01-git/blender-git/blender/source/blender/makesrna/intern/rna_access.c:7578
    - 4 0x7321964 in pyrna_func_call /home/dev/01-data/01-git/blender-git/blender/source/blender/python/intern/bpy_rna.c:6315
    - 5 0x16c82c56 in _PyObject_FastCallKeywords Objects/call.c:199
    - 6 0x3405682 in call_function Python/ceval.c:4619
    - 7 0x340a5b3 in _PyEval_EvalFrameDefault Python/ceval.c:3139
    - 8 0x340443a in function_code_fastcall Objects/call.c:283
    - 9 0x34056d4 in call_function Python/ceval.c:4616
    - 10 0x3409da3 in _PyEval_EvalFrameDefault Python/ceval.c:3124
    - 11 0x16d23a0c in _PyEval_EvalCodeWithName Python/ceval.c:3930
    - 12 0x16d23c8d in PyEval_EvalCodeEx Python/ceval.c:3959
    - 13 0x16d23cba in PyEval_EvalCode Python/ceval.c:524
    - 14 0x72e9cb3 in python_script_exec /home/dev/01-data/01-git/blender-git/blender/source/blender/python/intern/bpy_interface_run.c:125
    - 15 0x72ea57b in BPY_run_text /home/dev/01-data/01-git/blender-git/blender/source/blender/python/intern/bpy_interface_run.c:221
    - 16 0x936aa71 in text_run_script /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_text/text_ops.c:760
    - 17 0x936ac8c in text_run_script_exec /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_text/text_ops.c:799
    - 18 0x4dd236d in wm_operator_invoke /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1300
    - 19 0x4dd3cdc in wm_operator_call_internal /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1500
    - 20 0x4dd3f3b in WM_operator_name_call_ptr /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1548
    - 21 0x8c3e994 in ui_apply_but_funcs_after /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/interface/interface_handlers.c:935
    - 22 0x8cc74e1 in ui_handler_region_menu /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/interface/interface_handlers.c:10776
    - 23 0x4dcb470 in wm_handler_ui_call /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:631
    - 24 0x4de1444 in wm_handlers_do_intern /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2743
    - 25 0x4de2486 in wm_handlers_do /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2851
    - 26 0x4de7b98 in wm_event_do_handlers /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:3274
    - 27 0x4db5d46 in WM_main /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm.c:476
    - 28 0x340ed5a in main /home/dev/01-data/01-git/blender-git/blender/source/creator/creator.c:519
    - 29 0x7fedfd11c0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    #30 0x340deed in _start (/home/dev/01-data/01-git/blender-git/build_linux_debug_full_2_91/bin/blender+0x340deed)

0x7fedc63af7c8 is located 56 bytes to the left of 294920-byte region [0x7fedc63af800,0x7fedc63f7808)
allocated by thread T0 here:
    - 0 0x7fedfd963dc6 in calloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10ddc6)
    - 1 0x186cacb5 in MEM_lockfree_callocN /home/dev/01-data/01-git/blender-git/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:235
    - 2 0x186caf97 in MEM_lockfree_calloc_arrayN /home/dev/01-data/01-git/blender-git/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:267
    - 3 0x4b50758 in customData_add_layer__internal /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/customdata.c:2520
    - 4 0x4b52239 in CustomData_add_layer_named /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/customdata.c:2627
    - 5 0x4b59903 in CustomData_from_bmeshpoly /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/customdata.c:3321
    - 6 0x3728ce3 in BKE_mesh_tessface_calc_ex /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/mesh_evaluate.c:3231
    - 7 0x36f6109 in BKE_mesh_tessface_calc /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/mesh.c:1562
    - 8 0x36f62cf in BKE_mesh_tessface_ensure /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/mesh.c:1579
    - 9 0x67ebdaa in deformVerts /home/dev/01-data/01-git/blender-git/blender/source/blender/modifiers/intern/MOD_particlesystem.c:173
    - 10 0x37969ee in BKE_modifier_deform_verts /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/modifier.c:1010
    - 11 0x498bd0f in mesh_calc_modifiers /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/DerivedMesh.c:1101
    - 12 0x49936c2 in mesh_build_data /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/DerivedMesh.c:1785
    - 13 0x499501d in makeDerivedMesh /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/DerivedMesh.c:1922
    - 14 0x38c1296 in BKE_object_handle_data_update /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/object_update.c:192
    - 15 0x38c403c in BKE_object_eval_uber_data /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/object_update.c:384
    - 16 0x16bbbacf in void std::__invoke_impl<void, void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>(std::__invoke_other, void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*&&, Scene*&, Object*&) /usr/include/c++/9/bits/invoke.h:60
    - 17 0x16bb46e1 in std::__invoke_result<void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>::type std::__invoke<void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>(void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*&&, Scene*&, Object*&) /usr/include/c++/9/bits/invoke.h:95
    - 18 0x16ba87b4 in void std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>::__call<void, Depsgraph*&&, 0ul, 1ul, 2ul>(std::tuple<Depsgraph*&&>&&, std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/9/functional:400
    - 19 0x16b9c8a7 in void std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>::operator()<Depsgraph*, void>(Depsgraph*&&) /usr/include/c++/9/functional:484
    - 20 0x16b9177d in std::_Function_handler<void (Depsgraph*), std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)> >::_M_invoke(std::_Any_data const&, Depsgraph*&&) /usr/include/c++/9/bits/std_function.h:300
    - 21 0x16b0162a in std::function<void (Depsgraph*)>::operator()(Depsgraph*) const /usr/include/c++/9/bits/std_function.h:688
    - 22 0x16afcb99 in evaluate_node /home/dev/01-data/01-git/blender-git/blender/source/blender/depsgraph/intern/eval/deg_eval.cc:114
    - 23 0x16afcbe8 in deg_task_run_func /home/dev/01-data/01-git/blender-git/blender/source/blender/depsgraph/intern/eval/deg_eval.cc:125
    - 24 0x1868b25c in Task::operator()() const::{lambda()#1}::operator()() const /home/dev/01-data/01-git/blender-git/blender/source/blender/blenlib/intern/task_pool.cc:118
    - 25 0x1868c6cf in tbb::interface7::internal::delegated_function<Task::operator()() const::{lambda()#1} const, void>::operator()() const /home/dev/01-data/01-git/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task_arena.h:93
    - 26 0x4d9fb64 in tbb::interface7::internal::isolate_within_arena(tbb::interface7::internal::delegate_base&, long) (/home/dev/01-data/01-git/blender-git/build_linux_debug_full_2_91/bin/blender+0x4d9fb64)
    - 27 0x7ffdc20a26ef  ([stack]+0x1d6ef)

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/particle.c:1505 in psys_interpolate_uvs
Shadow bytes around the buggy address:
  0x0ffe38c6dea0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ffe38c6deb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ffe38c6dec0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ffe38c6ded0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ffe38c6dee0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
# >0x0ffe38c6def0: fa fa fa fa fa fa fa fa fa[fa]fa fa fa fa fa fa
  0x0ffe38c6df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffe38c6df10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffe38c6df20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffe38c6df30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffe38c6df40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):

Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc

2.83

## 11459==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fb5ca5c07c8 at pc 0x0000032b940f bp 0x7ffed1a2f1c0 sp 0x7ffed1a2f1b0
READ of size 4 at 0x7fb5ca5c07c8 thread T0
    - 0 0x32b940e in psys_interpolate_uvs /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/particle.c:1439
    - 1 0x5a998dc in rna_Particle_uv_on_emitter /home/dev/01-data/01-git/blender-git/blender/source/blender/makesrna/intern/rna_particle.c:347
    - 2 0x5adc87f in Particle_uv_on_emitter_call /home/dev/01-data/01-git/blender-git/build_linux_debug_full/source/blender/makesrna/intern/rna_particle_gen.c:5135
    - 3 0x557e9d2 in RNA_function_call /home/dev/01-data/01-git/blender-git/blender/source/blender/makesrna/intern/rna_access.c:7606
    - 4 0x5eafa27 in pyrna_func_call /home/dev/01-data/01-git/blender-git/blender/source/blender/python/intern/bpy_rna.c:6326
    - 5 0x14d4f003 in _PyObject_FastCallKeywords Objects/call.c:199
    - 6 0x2da4d44 in call_function Python/ceval.c:4619
    - 7 0x2da4d44 in _PyEval_EvalFrameDefault Python/ceval.c:3139
    - 8 0x2da0eaf in function_code_fastcall Objects/call.c:283
    - 9 0x2daac2d in call_function Python/ceval.c:4616
    - 10 0x2daac2d in _PyEval_EvalFrameDefault Python/ceval.c:3124
    - 11 0x14e0087b in _PyEval_EvalCodeWithName Python/ceval.c:3930
    - 12 0x14e009ad in PyEval_EvalCodeEx Python/ceval.c:3959
    - 13 0x14e009da in PyEval_EvalCode Python/ceval.c:524
    - 14 0x5e74461 in python_script_exec /home/dev/01-data/01-git/blender-git/blender/source/blender/python/intern/bpy_interface.c:499
    - 15 0x5e74d29 in BPY_execute_text /home/dev/01-data/01-git/blender-git/blender/source/blender/python/intern/bpy_interface.c:592
    - 16 0x7e14bba in text_run_script /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_text/text_ops.c:755
    - 17 0x7e14dd5 in text_run_script_exec /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_text/text_ops.c:794
    - 18 0x4233804 in wm_operator_invoke /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1296
    - 19 0x4235264 in wm_operator_call_internal /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1498
    - 20 0x423554c in WM_operator_name_call_ptr /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1546
    - 21 0x77437a8 in ui_apply_but_funcs_after /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/interface/interface_handlers.c:887
    - 22 0x77cb654 in ui_handler_region_menu /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/interface/interface_handlers.c:10706
    - 23 0x422c75a in wm_handler_ui_call /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:622
    - 24 0x4242dfa in wm_handlers_do_intern /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2743
    - 25 0x4243ec6 in wm_handlers_do /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2854
    - 26 0x4249758 in wm_event_do_handlers /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:3283
    - 27 0x4217770 in WM_main /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm.c:450
    - 28 0x2dac34b in main /home/dev/01-data/01-git/blender-git/blender/source/creator/creator.c:528
    - 29 0x7fb5fe91c0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    #30 0x2dab49d in _start (/home/dev/01-data/01-git/blender-git/build_linux_debug_full_2_83/bin/blender+0x2dab49d)

0x7fb5ca5c07c8 is located 56 bytes to the left of 294920-byte region [0x7fb5ca5c0800,0x7fb5ca608808)
allocated by thread #10 here:
    - 0 0x7fb5ff163dc6 in calloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10ddc6)
    - 1 0x167c3327 in MEM_lockfree_callocN /home/dev/01-data/01-git/blender-git/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:267
    - 2 0x167c3609 in MEM_lockfree_calloc_arrayN /home/dev/01-data/01-git/blender-git/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:299
    - 3 0x3f7c6d1 in customData_add_layer__internal /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/customdata.c:2361
    - 4 0x3f7e1a5 in CustomData_add_layer_named /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/customdata.c:2466
    - 5 0x3f85a0e in CustomData_from_bmeshpoly /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/customdata.c:3164
    - 6 0x311e13a in BKE_mesh_tessface_calc_ex /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/mesh_evaluate.c:3175
    - 7 0x30d33ed in BKE_mesh_tessface_calc /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/mesh.c:1384
    - 8 0x30d35b3 in BKE_mesh_tessface_ensure /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/mesh.c:1401
    - 9 0x5464d99 in deformVerts /home/dev/01-data/01-git/blender-git/blender/source/blender/modifiers/intern/MOD_particlesystem.c:158
    - 10 0x3154964 in modwrap_deformVerts /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/modifier.c:975
    - 11 0x3da01dd in mesh_calc_modifiers /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/DerivedMesh.c:1097
    - 12 0x3da89b9 in mesh_build_data /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/DerivedMesh.c:1769
    - 13 0x3daa16d in makeDerivedMesh /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/DerivedMesh.c:1902
    - 14 0x3275ca8 in BKE_object_handle_data_update /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/object_update.c:192
    - 15 0x3278b5f in BKE_object_eval_uber_data /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/object_update.c:384
    - 16 0x84bf2cb in void std::__invoke_impl<void, void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>(std::__invoke_other, void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*&&, Scene*&, Object*&) /usr/include/c++/9/bits/invoke.h:60
    - 17 0x84b87b3 in std::__invoke_result<void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>::type std::__invoke<void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>(void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*&&, Scene*&, Object*&) /usr/include/c++/9/bits/invoke.h:95
    - 18 0x84af02c in void std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>::__call<void, Depsgraph*&&, 0ul, 1ul, 2ul>(std::tuple<Depsgraph*&&>&&, std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/9/functional:400
    - 19 0x84a2f76 in void std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>::operator()<Depsgraph*, void>(Depsgraph*&&) /usr/include/c++/9/functional:484
    - 20 0x849698d in std::_Function_handler<void (Depsgraph*), std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)> >::_M_invoke(std::_Any_data const&, Depsgraph*&&) /usr/include/c++/9/bits/std_function.h:300
    - 21 0x85619ca in std::function<void (Depsgraph*)>::operator()(Depsgraph*) const /usr/include/c++/9/bits/std_function.h:688
    - 22 0x855c20c in evaluate_node /home/dev/01-data/01-git/blender-git/blender/source/blender/depsgraph/intern/eval/deg_eval.cc:115
    - 23 0x855c25e in deg_task_run_func /home/dev/01-data/01-git/blender-git/blender/source/blender/depsgraph/intern/eval/deg_eval.cc:126
    - 24 0x16785e57 in handle_local_queue /home/dev/01-data/01-git/blender-git/blender/source/blender/blenlib/intern/task_pool.cc:422
    - 25 0x16785e57 in task_scheduler_thread_run /home/dev/01-data/01-git/blender-git/blender/source/blender/blenlib/intern/task_pool.cc:459
    #26 0x7fb5ff037608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477

Thread #10 created by T0 here:
    - 0 0x7fb5ff090805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
    - 1 0x16786a48 in BLI_task_scheduler_create /home/dev/01-data/01-git/blender-git/blender/source/blender/blenlib/intern/task_pool.cc:520
    - 2 0x16799fda in BLI_task_scheduler_get /home/dev/01-data/01-git/blender-git/blender/source/blender/blenlib/intern/threads.c:175
    - 3 0x167922ac in BLI_task_parallel_range /home/dev/01-data/01-git/blender-git/blender/source/blender/blenlib/intern/task_iterator.c:328
    - 4 0x8570f31 in flush_prepare /home/dev/01-data/01-git/blender-git/blender/source/blender/depsgraph/intern/eval/deg_eval_flush.cc:113
    - 5 0x8570f31 in DEG::deg_graph_flush_updates(Main*, DEG::Depsgraph*) /home/dev/01-data/01-git/blender-git/blender/source/blender/depsgraph/intern/eval/deg_eval_flush.cc:354
    - 6 0x8400dce in DEG_evaluate_on_refresh /home/dev/01-data/01-git/blender-git/blender/source/blender/depsgraph/intern/depsgraph_eval.cc:63
    - 7 0x3465858 in scene_graph_update_tagged /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/scene.c:1327
    - 8 0x3465968 in BKE_scene_graph_update_tagged /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/scene.c:1366
    - 9 0x4229932 in wm_event_do_depsgraph /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:359
    - 10 0x4263cc9 in wm_file_read_post /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_files.c:561
    - 11 0x42669c4 in wm_homefile_read /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_files.c:1058
    - 12 0x42891f6 in WM_init /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_init_exit.c:295
    - 13 0x2dac148 in main /home/dev/01-data/01-git/blender-git/blender/source/creator/creator.c:449
    #14 0x7fb5fe91c0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/particle.c:1439 in psys_interpolate_uvs
Shadow bytes around the buggy address:
  0x0ff7394b00a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ff7394b00b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ff7394b00c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ff7394b00d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ff7394b00e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
# >0x0ff7394b00f0: fa fa fa fa fa fa fa fa fa[fa]fa fa fa fa fa fa
  0x0ff7394b0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff7394b0110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff7394b0120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff7394b0130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff7394b0140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):

Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc

Running the script causes a heap-buffer overflow for me, according to ASAN. 2.92: ```lines ## 11307==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fffbefc17c8 at pc 0x000003a46d83 bp 0x7fffffffc030 sp 0x7fffffffc020 READ of size 4 at 0x7fffbefc17c8 thread T0 - 0 0x3a46d82 in psys_interpolate_uvs /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/particle.c:1789 - 1 0x73aa7f2 in rna_Particle_uv_on_emitter /home/dev/01-data/01-git/blender-git/blender/source/blender/makesrna/intern/rna_particle.c:424 - 2 0x73eda92 in Particle_uv_on_emitter_call /home/dev/01-data/01-git/blender-git/build_linux_debug_full/source/blender/makesrna/intern/rna_particle_gen.c:5207 - 3 0x6dfcd53 in RNA_function_call /home/dev/01-data/01-git/blender-git/blender/source/blender/makesrna/intern/rna_access.c:7548 - 4 0x7856cff in pyrna_func_call /home/dev/01-data/01-git/blender-git/blender/source/blender/python/intern/bpy_rna.c:6315 - 5 0x17567e56 in _PyObject_FastCallKeywords Objects/call.c:199 - 6 0x351a3c2 in call_function Python/ceval.c:4619 - 7 0x351f2f3 in _PyEval_EvalFrameDefault Python/ceval.c:3139 - 8 0x351917a in function_code_fastcall Objects/call.c:283 - 9 0x351a414 in call_function Python/ceval.c:4616 - 10 0x351eae3 in _PyEval_EvalFrameDefault Python/ceval.c:3124 - 11 0x17608c0c in _PyEval_EvalCodeWithName Python/ceval.c:3930 - 12 0x17608e8d in PyEval_EvalCodeEx Python/ceval.c:3959 - 13 0x17608eba in PyEval_EvalCode Python/ceval.c:524 - 14 0x781f04e in python_script_exec /home/dev/01-data/01-git/blender-git/blender/source/blender/python/intern/bpy_interface_run.c:125 - 15 0x781f916 in BPY_run_text /home/dev/01-data/01-git/blender-git/blender/source/blender/python/intern/bpy_interface_run.c:221 - 16 0x9927e13 in text_run_script /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_text/text_ops.c:771 - 17 0x992802e in text_run_script_exec /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_text/text_ops.c:810 - 18 0x4fe1f42 in wm_operator_invoke /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1312 - 19 0x4fe38ad in wm_operator_call_internal /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1507 - 20 0x4fe3b0c in WM_operator_name_call_ptr /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1555 - 21 0x91d7654 in ui_apply_but_funcs_after /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/interface/interface_handlers.c:939 - 22 0x92618b4 in ui_handler_region_menu /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/interface/interface_handlers.c:10848 - 23 0x4fdb116 in wm_handler_ui_call /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:643 - 24 0x4ff128a in wm_handlers_do_intern /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2778 - 25 0x4ff22cc in wm_handlers_do /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2886 - 26 0x4ff79d3 in wm_event_do_handlers /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:3309 - 27 0x4fc51df in WM_main /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm.c:635 - 28 0x3523a7a in main /home/dev/01-data/01-git/blender-git/blender/source/creator/creator.c:522 - 29 0x7ffff6e490b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) #30 0x3522c2d in _start (/home/dev/01-data/01-git/blender-git/build_linux_debug_full/bin/blender+0x3522c2d) 0x7fffbefc17c8 is located 56 bytes to the left of 294920-byte region [0x7fffbefc1800,0x7fffbf009808) allocated by thread T0 here: - 0 0x7ffff7690dc6 in calloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10ddc6) - 1 0x18fc5d8f in MEM_lockfree_callocN /home/dev/01-data/01-git/blender-git/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:235 - 2 0x18fc6071 in MEM_lockfree_calloc_arrayN /home/dev/01-data/01-git/blender-git/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:267 - 3 0x4cdabdc in customData_add_layer__internal /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/customdata.c:2536 - 4 0x4cdc6bd in CustomData_add_layer_named /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/customdata.c:2643 - 5 0x4ce3d87 in CustomData_from_bmeshpoly /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/customdata.c:3337 - 6 0x385a1b7 in BKE_mesh_tessface_calc_ex /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/mesh_evaluate.c:3231 - 7 0x38275dd in BKE_mesh_tessface_calc /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/mesh.c:1543 - 8 0x38277a3 in BKE_mesh_tessface_ensure /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/mesh.c:1560 - 9 0x6a36854 in deformVerts /home/dev/01-data/01-git/blender-git/blender/source/blender/modifiers/intern/MOD_particlesystem.c:173 - 10 0x38c87e9 in BKE_modifier_deform_verts /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/modifier.c:1070 - 11 0x4afdf51 in mesh_calc_modifiers /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/DerivedMesh.cc:1169 - 12 0x4b05d12 in mesh_build_data /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/DerivedMesh.cc:1872 - 13 0x4b079db in makeDerivedMesh /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/DerivedMesh.cc:2020 - 14 0x39fa95a in BKE_object_handle_data_update /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/object_update.c:193 - 15 0x39fd700 in BKE_object_eval_uber_data /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/object_update.c:385 - 16 0x174a0787 in void std::__invoke_impl<void, void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>(std::__invoke_other, void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*&&, Scene*&, Object*&) /usr/include/c++/9/bits/invoke.h:60 - 17 0x17498c83 in std::__invoke_result<void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>::type std::__invoke<void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>(void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*&&, Scene*&, Object*&) /usr/include/c++/9/bits/invoke.h:95 - 18 0x1748cc86 in void std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>::__call<void, Depsgraph*&&, 0ul, 1ul, 2ul>(std::tuple<Depsgraph*&&>&&, std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/9/functional:400 - 19 0x174813c7 in void std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>::operator()<Depsgraph*, void>(Depsgraph*&&) /usr/include/c++/9/functional:484 - 20 0x17476561 in std::_Function_handler<void (Depsgraph*), std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)> >::_M_invoke(std::_Any_data const&, Depsgraph*&&) /usr/include/c++/9/bits/std_function.h:300 - 21 0x173ea428 in std::function<void (Depsgraph*)>::operator()(Depsgraph*) const /usr/include/c++/9/bits/std_function.h:688 - 22 0x173e5997 in evaluate_node /home/dev/01-data/01-git/blender-git/blender/source/blender/depsgraph/intern/eval/deg_eval.cc:113 - 23 0x173e59e6 in deg_task_run_func /home/dev/01-data/01-git/blender-git/blender/source/blender/depsgraph/intern/eval/deg_eval.cc:124 - 24 0x18f86174 in Task::operator()() const::{lambda()#1}::operator()() const /home/dev/01-data/01-git/blender-git/blender/source/blender/blenlib/intern/task_pool.cc:118 - 25 0x18f875e7 in tbb::interface7::internal::delegated_function<Task::operator()() const::{lambda()#1} const, void>::operator()() const /home/dev/01-data/01-git/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task_arena.h:93 - 26 0x4fabf94 in tbb::interface7::internal::isolate_within_arena(tbb::interface7::internal::delegate_base&, long) (/home/dev/01-data/01-git/blender-git/build_linux_debug_full/bin/blender+0x4fabf94) - 27 0x7fffffffb7ff ([stack]+0x1e7ff) SUMMARY: AddressSanitizer: heap-buffer-overflow /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/particle.c:1789 in psys_interpolate_uvs Shadow bytes around the buggy address: 0x100077df02a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x100077df02b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x100077df02c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x100077df02d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x100077df02e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa # >0x100077df02f0: fa fa fa fa fa fa fa fa fa[fa]fa fa fa fa fa fa 0x100077df0300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100077df0310: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100077df0320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100077df0330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100077df0340: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): ``` Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ``` ``` 2.91: ```lines ## 11422==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fedc63af7c8 at pc 0x000003906891 bp 0x7ffdc20a2f20 sp 0x7ffdc20a2f10 READ of size 4 at 0x7fedc63af7c8 thread T0 - 0 0x3906890 in psys_interpolate_uvs /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/particle.c:1505 - 1 0x6e5900f in rna_Particle_uv_on_emitter /home/dev/01-data/01-git/blender-git/blender/source/blender/makesrna/intern/rna_particle.c:424 - 2 0x6e9c2af in Particle_uv_on_emitter_call /home/dev/01-data/01-git/blender-git/build_linux_debug_full/source/blender/makesrna/intern/rna_particle_gen.c:5206 - 3 0x690517a in RNA_function_call /home/dev/01-data/01-git/blender-git/blender/source/blender/makesrna/intern/rna_access.c:7578 - 4 0x7321964 in pyrna_func_call /home/dev/01-data/01-git/blender-git/blender/source/blender/python/intern/bpy_rna.c:6315 - 5 0x16c82c56 in _PyObject_FastCallKeywords Objects/call.c:199 - 6 0x3405682 in call_function Python/ceval.c:4619 - 7 0x340a5b3 in _PyEval_EvalFrameDefault Python/ceval.c:3139 - 8 0x340443a in function_code_fastcall Objects/call.c:283 - 9 0x34056d4 in call_function Python/ceval.c:4616 - 10 0x3409da3 in _PyEval_EvalFrameDefault Python/ceval.c:3124 - 11 0x16d23a0c in _PyEval_EvalCodeWithName Python/ceval.c:3930 - 12 0x16d23c8d in PyEval_EvalCodeEx Python/ceval.c:3959 - 13 0x16d23cba in PyEval_EvalCode Python/ceval.c:524 - 14 0x72e9cb3 in python_script_exec /home/dev/01-data/01-git/blender-git/blender/source/blender/python/intern/bpy_interface_run.c:125 - 15 0x72ea57b in BPY_run_text /home/dev/01-data/01-git/blender-git/blender/source/blender/python/intern/bpy_interface_run.c:221 - 16 0x936aa71 in text_run_script /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_text/text_ops.c:760 - 17 0x936ac8c in text_run_script_exec /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_text/text_ops.c:799 - 18 0x4dd236d in wm_operator_invoke /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1300 - 19 0x4dd3cdc in wm_operator_call_internal /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1500 - 20 0x4dd3f3b in WM_operator_name_call_ptr /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1548 - 21 0x8c3e994 in ui_apply_but_funcs_after /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/interface/interface_handlers.c:935 - 22 0x8cc74e1 in ui_handler_region_menu /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/interface/interface_handlers.c:10776 - 23 0x4dcb470 in wm_handler_ui_call /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:631 - 24 0x4de1444 in wm_handlers_do_intern /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2743 - 25 0x4de2486 in wm_handlers_do /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2851 - 26 0x4de7b98 in wm_event_do_handlers /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:3274 - 27 0x4db5d46 in WM_main /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm.c:476 - 28 0x340ed5a in main /home/dev/01-data/01-git/blender-git/blender/source/creator/creator.c:519 - 29 0x7fedfd11c0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) #30 0x340deed in _start (/home/dev/01-data/01-git/blender-git/build_linux_debug_full_2_91/bin/blender+0x340deed) 0x7fedc63af7c8 is located 56 bytes to the left of 294920-byte region [0x7fedc63af800,0x7fedc63f7808) allocated by thread T0 here: - 0 0x7fedfd963dc6 in calloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10ddc6) - 1 0x186cacb5 in MEM_lockfree_callocN /home/dev/01-data/01-git/blender-git/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:235 - 2 0x186caf97 in MEM_lockfree_calloc_arrayN /home/dev/01-data/01-git/blender-git/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:267 - 3 0x4b50758 in customData_add_layer__internal /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/customdata.c:2520 - 4 0x4b52239 in CustomData_add_layer_named /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/customdata.c:2627 - 5 0x4b59903 in CustomData_from_bmeshpoly /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/customdata.c:3321 - 6 0x3728ce3 in BKE_mesh_tessface_calc_ex /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/mesh_evaluate.c:3231 - 7 0x36f6109 in BKE_mesh_tessface_calc /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/mesh.c:1562 - 8 0x36f62cf in BKE_mesh_tessface_ensure /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/mesh.c:1579 - 9 0x67ebdaa in deformVerts /home/dev/01-data/01-git/blender-git/blender/source/blender/modifiers/intern/MOD_particlesystem.c:173 - 10 0x37969ee in BKE_modifier_deform_verts /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/modifier.c:1010 - 11 0x498bd0f in mesh_calc_modifiers /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/DerivedMesh.c:1101 - 12 0x49936c2 in mesh_build_data /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/DerivedMesh.c:1785 - 13 0x499501d in makeDerivedMesh /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/DerivedMesh.c:1922 - 14 0x38c1296 in BKE_object_handle_data_update /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/object_update.c:192 - 15 0x38c403c in BKE_object_eval_uber_data /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/object_update.c:384 - 16 0x16bbbacf in void std::__invoke_impl<void, void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>(std::__invoke_other, void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*&&, Scene*&, Object*&) /usr/include/c++/9/bits/invoke.h:60 - 17 0x16bb46e1 in std::__invoke_result<void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>::type std::__invoke<void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>(void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*&&, Scene*&, Object*&) /usr/include/c++/9/bits/invoke.h:95 - 18 0x16ba87b4 in void std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>::__call<void, Depsgraph*&&, 0ul, 1ul, 2ul>(std::tuple<Depsgraph*&&>&&, std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/9/functional:400 - 19 0x16b9c8a7 in void std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>::operator()<Depsgraph*, void>(Depsgraph*&&) /usr/include/c++/9/functional:484 - 20 0x16b9177d in std::_Function_handler<void (Depsgraph*), std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)> >::_M_invoke(std::_Any_data const&, Depsgraph*&&) /usr/include/c++/9/bits/std_function.h:300 - 21 0x16b0162a in std::function<void (Depsgraph*)>::operator()(Depsgraph*) const /usr/include/c++/9/bits/std_function.h:688 - 22 0x16afcb99 in evaluate_node /home/dev/01-data/01-git/blender-git/blender/source/blender/depsgraph/intern/eval/deg_eval.cc:114 - 23 0x16afcbe8 in deg_task_run_func /home/dev/01-data/01-git/blender-git/blender/source/blender/depsgraph/intern/eval/deg_eval.cc:125 - 24 0x1868b25c in Task::operator()() const::{lambda()#1}::operator()() const /home/dev/01-data/01-git/blender-git/blender/source/blender/blenlib/intern/task_pool.cc:118 - 25 0x1868c6cf in tbb::interface7::internal::delegated_function<Task::operator()() const::{lambda()#1} const, void>::operator()() const /home/dev/01-data/01-git/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task_arena.h:93 - 26 0x4d9fb64 in tbb::interface7::internal::isolate_within_arena(tbb::interface7::internal::delegate_base&, long) (/home/dev/01-data/01-git/blender-git/build_linux_debug_full_2_91/bin/blender+0x4d9fb64) - 27 0x7ffdc20a26ef ([stack]+0x1d6ef) SUMMARY: AddressSanitizer: heap-buffer-overflow /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/particle.c:1505 in psys_interpolate_uvs Shadow bytes around the buggy address: 0x0ffe38c6dea0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0ffe38c6deb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0ffe38c6dec0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0ffe38c6ded0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0ffe38c6dee0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa # >0x0ffe38c6def0: fa fa fa fa fa fa fa fa fa[fa]fa fa fa fa fa fa 0x0ffe38c6df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ffe38c6df10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ffe38c6df20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ffe38c6df30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ffe38c6df40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): ``` Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ``` ``` 2.83 ```lines ## 11459==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fb5ca5c07c8 at pc 0x0000032b940f bp 0x7ffed1a2f1c0 sp 0x7ffed1a2f1b0 READ of size 4 at 0x7fb5ca5c07c8 thread T0 - 0 0x32b940e in psys_interpolate_uvs /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/particle.c:1439 - 1 0x5a998dc in rna_Particle_uv_on_emitter /home/dev/01-data/01-git/blender-git/blender/source/blender/makesrna/intern/rna_particle.c:347 - 2 0x5adc87f in Particle_uv_on_emitter_call /home/dev/01-data/01-git/blender-git/build_linux_debug_full/source/blender/makesrna/intern/rna_particle_gen.c:5135 - 3 0x557e9d2 in RNA_function_call /home/dev/01-data/01-git/blender-git/blender/source/blender/makesrna/intern/rna_access.c:7606 - 4 0x5eafa27 in pyrna_func_call /home/dev/01-data/01-git/blender-git/blender/source/blender/python/intern/bpy_rna.c:6326 - 5 0x14d4f003 in _PyObject_FastCallKeywords Objects/call.c:199 - 6 0x2da4d44 in call_function Python/ceval.c:4619 - 7 0x2da4d44 in _PyEval_EvalFrameDefault Python/ceval.c:3139 - 8 0x2da0eaf in function_code_fastcall Objects/call.c:283 - 9 0x2daac2d in call_function Python/ceval.c:4616 - 10 0x2daac2d in _PyEval_EvalFrameDefault Python/ceval.c:3124 - 11 0x14e0087b in _PyEval_EvalCodeWithName Python/ceval.c:3930 - 12 0x14e009ad in PyEval_EvalCodeEx Python/ceval.c:3959 - 13 0x14e009da in PyEval_EvalCode Python/ceval.c:524 - 14 0x5e74461 in python_script_exec /home/dev/01-data/01-git/blender-git/blender/source/blender/python/intern/bpy_interface.c:499 - 15 0x5e74d29 in BPY_execute_text /home/dev/01-data/01-git/blender-git/blender/source/blender/python/intern/bpy_interface.c:592 - 16 0x7e14bba in text_run_script /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_text/text_ops.c:755 - 17 0x7e14dd5 in text_run_script_exec /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_text/text_ops.c:794 - 18 0x4233804 in wm_operator_invoke /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1296 - 19 0x4235264 in wm_operator_call_internal /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1498 - 20 0x423554c in WM_operator_name_call_ptr /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1546 - 21 0x77437a8 in ui_apply_but_funcs_after /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/interface/interface_handlers.c:887 - 22 0x77cb654 in ui_handler_region_menu /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/interface/interface_handlers.c:10706 - 23 0x422c75a in wm_handler_ui_call /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:622 - 24 0x4242dfa in wm_handlers_do_intern /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2743 - 25 0x4243ec6 in wm_handlers_do /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2854 - 26 0x4249758 in wm_event_do_handlers /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:3283 - 27 0x4217770 in WM_main /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm.c:450 - 28 0x2dac34b in main /home/dev/01-data/01-git/blender-git/blender/source/creator/creator.c:528 - 29 0x7fb5fe91c0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) #30 0x2dab49d in _start (/home/dev/01-data/01-git/blender-git/build_linux_debug_full_2_83/bin/blender+0x2dab49d) 0x7fb5ca5c07c8 is located 56 bytes to the left of 294920-byte region [0x7fb5ca5c0800,0x7fb5ca608808) allocated by thread #10 here: - 0 0x7fb5ff163dc6 in calloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10ddc6) - 1 0x167c3327 in MEM_lockfree_callocN /home/dev/01-data/01-git/blender-git/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:267 - 2 0x167c3609 in MEM_lockfree_calloc_arrayN /home/dev/01-data/01-git/blender-git/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:299 - 3 0x3f7c6d1 in customData_add_layer__internal /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/customdata.c:2361 - 4 0x3f7e1a5 in CustomData_add_layer_named /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/customdata.c:2466 - 5 0x3f85a0e in CustomData_from_bmeshpoly /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/customdata.c:3164 - 6 0x311e13a in BKE_mesh_tessface_calc_ex /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/mesh_evaluate.c:3175 - 7 0x30d33ed in BKE_mesh_tessface_calc /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/mesh.c:1384 - 8 0x30d35b3 in BKE_mesh_tessface_ensure /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/mesh.c:1401 - 9 0x5464d99 in deformVerts /home/dev/01-data/01-git/blender-git/blender/source/blender/modifiers/intern/MOD_particlesystem.c:158 - 10 0x3154964 in modwrap_deformVerts /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/modifier.c:975 - 11 0x3da01dd in mesh_calc_modifiers /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/DerivedMesh.c:1097 - 12 0x3da89b9 in mesh_build_data /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/DerivedMesh.c:1769 - 13 0x3daa16d in makeDerivedMesh /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/DerivedMesh.c:1902 - 14 0x3275ca8 in BKE_object_handle_data_update /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/object_update.c:192 - 15 0x3278b5f in BKE_object_eval_uber_data /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/object_update.c:384 - 16 0x84bf2cb in void std::__invoke_impl<void, void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>(std::__invoke_other, void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*&&, Scene*&, Object*&) /usr/include/c++/9/bits/invoke.h:60 - 17 0x84b87b3 in std::__invoke_result<void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>::type std::__invoke<void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*, Scene*&, Object*&>(void (*&)(Depsgraph*, Scene*, Object*), Depsgraph*&&, Scene*&, Object*&) /usr/include/c++/9/bits/invoke.h:95 - 18 0x84af02c in void std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>::__call<void, Depsgraph*&&, 0ul, 1ul, 2ul>(std::tuple<Depsgraph*&&>&&, std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/9/functional:400 - 19 0x84a2f76 in void std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)>::operator()<Depsgraph*, void>(Depsgraph*&&) /usr/include/c++/9/functional:484 - 20 0x849698d in std::_Function_handler<void (Depsgraph*), std::_Bind<void (*(std::_Placeholder<1>, Scene*, Object*))(Depsgraph*, Scene*, Object*)> >::_M_invoke(std::_Any_data const&, Depsgraph*&&) /usr/include/c++/9/bits/std_function.h:300 - 21 0x85619ca in std::function<void (Depsgraph*)>::operator()(Depsgraph*) const /usr/include/c++/9/bits/std_function.h:688 - 22 0x855c20c in evaluate_node /home/dev/01-data/01-git/blender-git/blender/source/blender/depsgraph/intern/eval/deg_eval.cc:115 - 23 0x855c25e in deg_task_run_func /home/dev/01-data/01-git/blender-git/blender/source/blender/depsgraph/intern/eval/deg_eval.cc:126 - 24 0x16785e57 in handle_local_queue /home/dev/01-data/01-git/blender-git/blender/source/blender/blenlib/intern/task_pool.cc:422 - 25 0x16785e57 in task_scheduler_thread_run /home/dev/01-data/01-git/blender-git/blender/source/blender/blenlib/intern/task_pool.cc:459 #26 0x7fb5ff037608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477 Thread #10 created by T0 here: - 0 0x7fb5ff090805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805) - 1 0x16786a48 in BLI_task_scheduler_create /home/dev/01-data/01-git/blender-git/blender/source/blender/blenlib/intern/task_pool.cc:520 - 2 0x16799fda in BLI_task_scheduler_get /home/dev/01-data/01-git/blender-git/blender/source/blender/blenlib/intern/threads.c:175 - 3 0x167922ac in BLI_task_parallel_range /home/dev/01-data/01-git/blender-git/blender/source/blender/blenlib/intern/task_iterator.c:328 - 4 0x8570f31 in flush_prepare /home/dev/01-data/01-git/blender-git/blender/source/blender/depsgraph/intern/eval/deg_eval_flush.cc:113 - 5 0x8570f31 in DEG::deg_graph_flush_updates(Main*, DEG::Depsgraph*) /home/dev/01-data/01-git/blender-git/blender/source/blender/depsgraph/intern/eval/deg_eval_flush.cc:354 - 6 0x8400dce in DEG_evaluate_on_refresh /home/dev/01-data/01-git/blender-git/blender/source/blender/depsgraph/intern/depsgraph_eval.cc:63 - 7 0x3465858 in scene_graph_update_tagged /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/scene.c:1327 - 8 0x3465968 in BKE_scene_graph_update_tagged /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/scene.c:1366 - 9 0x4229932 in wm_event_do_depsgraph /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:359 - 10 0x4263cc9 in wm_file_read_post /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_files.c:561 - 11 0x42669c4 in wm_homefile_read /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_files.c:1058 - 12 0x42891f6 in WM_init /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_init_exit.c:295 - 13 0x2dac148 in main /home/dev/01-data/01-git/blender-git/blender/source/creator/creator.c:449 #14 0x7fb5fe91c0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) SUMMARY: AddressSanitizer: heap-buffer-overflow /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/particle.c:1439 in psys_interpolate_uvs Shadow bytes around the buggy address: 0x0ff7394b00a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0ff7394b00b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0ff7394b00c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0ff7394b00d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0ff7394b00e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa # >0x0ff7394b00f0: fa fa fa fa fa fa fa fa fa[fa]fa fa fa fa fa fa 0x0ff7394b0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ff7394b0110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ff7394b0120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ff7394b0130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ff7394b0140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): ``` Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ```
Robert Guetzkow commented 2021-01-11 12:11:09 +01:00
Member
Copy Link

Changed status from 'Needs Triage' to: 'Confirmed'

Changed status from 'Needs Triage' to: 'Confirmed'
Robert Guetzkow commented 2021-01-11 13:09:31 +01:00
Member
Copy Link

It appears that rna_Particle_uv_on_emitter use of mtface += num; makes it point to an incorrect memory address. In this particular case num from particle->num_dmcache is -2(DMCACHE_ISCHILD).

It appears that `rna_Particle_uv_on_emitter` use of `mtface += num;` makes it point to an incorrect memory address. In this particular case `num` from `particle->num_dmcache` is `-2`(`DMCACHE_ISCHILD`).
Robert Guetzkow commented 2021-01-11 14:06:37 +01:00
Member
Copy Link

It seems to me that rna_Particle_uv_on_emitter only handles the cases where num_dmcache is either DMCACHE_NOTFOUND or POINTER_AS_INT(...), but not DMCACHE_ISCHILD. Subtracting from the mtface pointer doesn't make sense as an offset in this context, as far as I can see.

For instance psys_thread_create_path, particle_calculate_parent_uvs, psys_face_mat, get_particle_uv and others check if num_dmcache is DMCACHE_NOTFOUND or DMCACHE_ISCHILD and then use num instead of num_dmcache if that is the case.

It seems to me that `rna_Particle_uv_on_emitter` only handles the cases where `num_dmcache` is either `DMCACHE_NOTFOUND` or `POINTER_AS_INT(...)`, but not `DMCACHE_ISCHILD`. Subtracting from the `mtface` pointer doesn't make sense as an offset in this context, as far as I can see. For instance `psys_thread_create_path`, `particle_calculate_parent_uvs`, `psys_face_mat`, `get_particle_uv` and others check if `num_dmcache` is `DMCACHE_NOTFOUND` *or* `DMCACHE_ISCHILD` and then use `num` instead of `num_dmcache` if that is the case.
Robert Guetzkow self-assigned this 2021-01-11 14:06:43 +01:00
blender-admin commented 2021-01-12 12:12:33 +01:00
Copy Link

This issue was referenced by f5c0ef52cf

This issue was referenced by f5c0ef52cf2f4ae333269eec33e5bd7a89a00a23
Robert Guetzkow commented 2021-01-12 12:19:10 +01:00
Member
Copy Link

Changed status from 'Confirmed' to: 'Resolved'

Changed status from 'Confirmed' to: 'Resolved'
Roman Markov commented 2021-01-16 23:40:24 +01:00
Author
Copy Link

@rjg What about the second crash?

@rjg What about the second crash?
Robert Guetzkow commented 2021-01-17 00:17:34 +01:00
Member
Copy Link

Changed status from 'Resolved' to: 'Confirmed'

Changed status from 'Resolved' to: 'Confirmed'
Robert Guetzkow commented 2021-01-17 00:17:34 +01:00
Member
Copy Link

@unwave Thank you for reminding me, the ticket was automatically closed by the commit that fixed the first issue. It's on the ToDo list for Monday.

rna_ParticleSystem_tessfaceidx_on_emitter(ParticleSystem * particlesystem, ParticleSystemModifierData * modifier, ParticleData * particle, int particle_no, float (**)- [x] r_fuv) (/home/dev/01-data/01-git/blender-git/blender/source/blender/makesrna/intern/rna_particle.c:573)
rna_ParticleSystem_uv_on_emitter(ParticleSystem * particlesystem, ReportList * reports, ParticleSystemModifierData * modifier, ParticleData * particle, int particle_no, int uv_no, float * r_uv) (/home/dev/01-data/01-git/blender-git/blender/source/blender/makesrna/intern/rna_particle.c:669)
ParticleSystem_uv_on_emitter_call(bContext * C, ReportList * reports, PointerRNA * _ptr, ParameterList * _parms) (/home/dev/01-data/01-git/blender-git/build_linux_debug_full/source/blender/makesrna/intern/rna_particle_gen.c:5269)
RNA_function_call(bContext * C, ReportList * reports, PointerRNA * ptr, FunctionRNA * func, ParameterList * parms) (/home/dev/01-data/01-git/blender-git/blender/source/blender/makesrna/intern/rna_access.c:7556)
pyrna_func_call(BPy_FunctionRNA * self, PyObject * args, PyObject * kw) (/home/dev/01-data/01-git/blender-git/blender/source/blender/python/intern/bpy_rna.c:6315)
_PyObject_FastCallKeywords(PyObject * callable, PyObject * const * stack, Py_ssize_t nargs, PyObject * kwnames) (/home/blender/Developer/build_linux/deps/build/python/src/external_python/Objects/call.c:199)
call_function(PyObject *** pp_stack, Py_ssize_t oparg, PyObject * kwnames) (/home/blender/Developer/build_linux/deps/build/python/src/external_python/Python/ceval.c:4619)
_PyEval_EvalFrameDefault(PyFrameObject * f, int throwflag) (/home/blender/Developer/build_linux/deps/build/python/src/external_python/Python/ceval.c:3139)
_PyEval_EvalCodeWithName(PyObject * _co, PyObject * globals, PyObject * locals, PyObject * const * args, Py_ssize_t argcount, PyObject * const * kwnames, PyObject * const * kwargs, Py_ssize_t kwcount, int kwstep, PyObject * const * defs, Py_ssize_t defcount, PyObject * kwdefs, PyObject * closure, PyObject * name, PyObject * qualname) (/home/blender/Developer/build_linux/deps/build/python/src/external_python/Python/ceval.c:3930)
PyEval_EvalCodeEx(PyObject * _co, PyObject * globals, PyObject * locals, PyObject * const * args, int argcount, PyObject * const * kws, int kwcount, PyObject * const * defs, int defcount, PyObject * kwdefs, PyObject * closure) (/home/blender/Developer/build_linux/deps/build/python/src/external_python/Python/ceval.c:3959)
PyEval_EvalCode(PyObject * co, PyObject * globals, PyObject * locals) (/home/blender/Developer/build_linux/deps/build/python/src/external_python/Python/ceval.c:524)
python_script_exec(bContext * C, const char * fn, struct Text * text, struct ReportList * reports, const _Bool do_jump) (/home/dev/01-data/01-git/blender-git/blender/source/blender/python/intern/bpy_interface_run.c:125)
BPY_run_text(bContext * C, struct Text * text, struct ReportList * reports, const _Bool do_jump) (/home/dev/01-data/01-git/blender-git/blender/source/blender/python/intern/bpy_interface_run.c:221)
text_run_script(bContext * C, ReportList * reports) (/home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_text/text_ops.c:771)
text_run_script_exec(bContext * C, wmOperator * op) (/home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_text/text_ops.c:810)
wm_operator_invoke(bContext * C, wmOperatorType * ot, wmEvent * event, PointerRNA * properties, ReportList * reports, const _Bool poll_only, _Bool use_last_properties) (/home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1312)
wm_operator_call_internal(bContext * C, wmOperatorType * ot, PointerRNA * properties, ReportList * reports, const short context, const _Bool poll_only, wmEvent * event) (/home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1507)
WM_operator_name_call_ptr(bContext * C, wmOperatorType * ot, short context, PointerRNA * properties) (/home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1555)
ui_apply_but_funcs_after(bContext * C) (/home/dev/01-data/01-git/blender-git/blender/source/blender/editors/interface/interface_handlers.c:936)
ui_handler_region_menu(bContext * C, const wmEvent * event, void * UNUSED_userdata) (/home/dev/01-data/01-git/blender-git/blender/source/blender/editors/interface/interface_handlers.c:10824)
@unwave Thank you for reminding me, the ticket was automatically closed by the commit that fixed the first issue. It's on the ToDo list for Monday. ```lines rna_ParticleSystem_tessfaceidx_on_emitter(ParticleSystem * particlesystem, ParticleSystemModifierData * modifier, ParticleData * particle, int particle_no, float (**)- [x] r_fuv) (/home/dev/01-data/01-git/blender-git/blender/source/blender/makesrna/intern/rna_particle.c:573) rna_ParticleSystem_uv_on_emitter(ParticleSystem * particlesystem, ReportList * reports, ParticleSystemModifierData * modifier, ParticleData * particle, int particle_no, int uv_no, float * r_uv) (/home/dev/01-data/01-git/blender-git/blender/source/blender/makesrna/intern/rna_particle.c:669) ParticleSystem_uv_on_emitter_call(bContext * C, ReportList * reports, PointerRNA * _ptr, ParameterList * _parms) (/home/dev/01-data/01-git/blender-git/build_linux_debug_full/source/blender/makesrna/intern/rna_particle_gen.c:5269) RNA_function_call(bContext * C, ReportList * reports, PointerRNA * ptr, FunctionRNA * func, ParameterList * parms) (/home/dev/01-data/01-git/blender-git/blender/source/blender/makesrna/intern/rna_access.c:7556) pyrna_func_call(BPy_FunctionRNA * self, PyObject * args, PyObject * kw) (/home/dev/01-data/01-git/blender-git/blender/source/blender/python/intern/bpy_rna.c:6315) _PyObject_FastCallKeywords(PyObject * callable, PyObject * const * stack, Py_ssize_t nargs, PyObject * kwnames) (/home/blender/Developer/build_linux/deps/build/python/src/external_python/Objects/call.c:199) call_function(PyObject *** pp_stack, Py_ssize_t oparg, PyObject * kwnames) (/home/blender/Developer/build_linux/deps/build/python/src/external_python/Python/ceval.c:4619) _PyEval_EvalFrameDefault(PyFrameObject * f, int throwflag) (/home/blender/Developer/build_linux/deps/build/python/src/external_python/Python/ceval.c:3139) _PyEval_EvalCodeWithName(PyObject * _co, PyObject * globals, PyObject * locals, PyObject * const * args, Py_ssize_t argcount, PyObject * const * kwnames, PyObject * const * kwargs, Py_ssize_t kwcount, int kwstep, PyObject * const * defs, Py_ssize_t defcount, PyObject * kwdefs, PyObject * closure, PyObject * name, PyObject * qualname) (/home/blender/Developer/build_linux/deps/build/python/src/external_python/Python/ceval.c:3930) PyEval_EvalCodeEx(PyObject * _co, PyObject * globals, PyObject * locals, PyObject * const * args, int argcount, PyObject * const * kws, int kwcount, PyObject * const * defs, int defcount, PyObject * kwdefs, PyObject * closure) (/home/blender/Developer/build_linux/deps/build/python/src/external_python/Python/ceval.c:3959) PyEval_EvalCode(PyObject * co, PyObject * globals, PyObject * locals) (/home/blender/Developer/build_linux/deps/build/python/src/external_python/Python/ceval.c:524) python_script_exec(bContext * C, const char * fn, struct Text * text, struct ReportList * reports, const _Bool do_jump) (/home/dev/01-data/01-git/blender-git/blender/source/blender/python/intern/bpy_interface_run.c:125) BPY_run_text(bContext * C, struct Text * text, struct ReportList * reports, const _Bool do_jump) (/home/dev/01-data/01-git/blender-git/blender/source/blender/python/intern/bpy_interface_run.c:221) text_run_script(bContext * C, ReportList * reports) (/home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_text/text_ops.c:771) text_run_script_exec(bContext * C, wmOperator * op) (/home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_text/text_ops.c:810) wm_operator_invoke(bContext * C, wmOperatorType * ot, wmEvent * event, PointerRNA * properties, ReportList * reports, const _Bool poll_only, _Bool use_last_properties) (/home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1312) wm_operator_call_internal(bContext * C, wmOperatorType * ot, PointerRNA * properties, ReportList * reports, const short context, const _Bool poll_only, wmEvent * event) (/home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1507) WM_operator_name_call_ptr(bContext * C, wmOperatorType * ot, short context, PointerRNA * properties) (/home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1555) ui_apply_but_funcs_after(bContext * C) (/home/dev/01-data/01-git/blender-git/blender/source/blender/editors/interface/interface_handlers.c:936) ui_handler_region_menu(bContext * C, const wmEvent * event, void * UNUSED_userdata) (/home/dev/01-data/01-git/blender-git/blender/source/blender/editors/interface/interface_handlers.c:10824) ```
Robert Guetzkow commented 2021-01-29 11:25:43 +01:00
Member
Copy Link

The parameter particle was not intended to be optional, there was a mistake in the definition of the function.

The parameter `particle` was not intended to be optional, there was a mistake in the definition of the function.
blender-admin commented 2021-01-29 13:09:29 +01:00
Copy Link

This issue was referenced by 821df20797

This issue was referenced by 821df20797be514b8aee81b8ae73d3efe486bd29
Robert Guetzkow commented 2021-01-29 13:16:13 +01:00
Member
Copy Link

Changed status from 'Confirmed' to: 'Resolved'

Changed status from 'Confirmed' to: 'Resolved'
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
brush-assets-project
blender-v4.1-release
blender-v3.3-release
blender-v3.6-release
universal-scene-description
blender-v3.6-temp_wmoss_animrig_public
temp-sculpt-dyntopo
gpencil-next
anim/animation-id-113594
blender-v4.0-release
blender-projects-basics
bridge-curves
sculpt-blender
asset-browser-frontend-split
asset-shelf
tmp-usd-python-mtl
tmp-usd-3.6
blender-v3.5-release
blender-v2.93-release
realtime-clock
sculpt-dev
bevelv2
xr-dev
v4.1.1
v3.6.11
v3.3.18
v4.1.0
v3.3.17
v3.6.10
v3.6.9
v3.3.16
v3.6.8
v3.6.7
v3.3.14
v4.0.2
v4.0.1
v4.0.0
v3.6.5
v3.3.12
v3.6.4
v3.6.3
v3.3.11
v3.6.2
v3.3.10
v3.6.1
v3.3.9
v3.6.0
v3.3.8
v3.3.7
v2.93.18
v3.5.1
v3.3.6
v2.93.17
v3.5.0
v2.93.16
v3.3.5
v3.3.4
v2.93.15
v2.93.14
v3.3.3
v2.93.13
v2.93.12
v3.4.1
v3.3.2
v3.4.0
v3.3.1
v2.93.11
v3.3.0
v3.2.2
v2.93.10
v3.2.1
v3.2.0
v2.83.20
v2.93.9
v3.1.2
v3.1.1
v3.1.0
v2.83.19
v2.93.8
v3.0.1
v2.93.7
v3.0.0
v2.93.6
v2.93.5
v2.83.18
v2.93.4
v2.93.3
v2.83.17
v2.93.2
v2.93.1
v2.83.16
v2.93.0
v2.83.15
v2.83.14
v2.83.13
v2.92.0
v2.83.12
v2.91.2
v2.83.10
v2.91.0
v2.83.9
v2.83.8
v2.83.7
v2.90.1
v2.83.6.1
v2.83.6
v2.90.0
v2.83.5
v2.83.4
v2.83.3
v2.83.2
v2.83.1
v2.83
v2.82a
v2.82
v2.81a
v2.81
v2.80
v2.80-rc3
v2.80-rc2
v2.80-rc1
v2.79b
v2.79a
v2.79
v2.79-rc2
v2.79-rc1
v2.78c
v2.78b
v2.78a
v2.78
v2.78-rc2
v2.78-rc1
v2.77a
v2.77
v2.77-rc2
v2.77-rc1
v2.76b
v2.76a
v2.76
v2.76-rc3
v2.76-rc2
v2.76-rc1
v2.75a
v2.75
v2.75-rc2
v2.75-rc1
v2.74
v2.74-rc4
v2.74-rc3
v2.74-rc2
v2.74-rc1
v2.73a
v2.73
v2.73-rc1
v2.72b
2.72b
v2.72a
v2.72
v2.72-rc1
v2.71
v2.71-rc2
v2.71-rc1
v2.70a
v2.70
v2.70-rc2
v2.70-rc
v2.69
v2.68a
v2.68
v2.67b
v2.67a
v2.67
v2.66a
v2.66
v2.65a
v2.65
v2.64a
v2.64
v2.63a
v2.63
v2.61
v2.60a
v2.60
v2.59
v2.58a
v2.58
v2.57b
v2.57a
v2.57
v2.56a
v2.56
v2.55
v2.54
v2.53
v2.52
v2.51
v2.50
v2.49b
v2.49a
v2.49
v2.48a
v2.48
v2.47
v2.46
v2.45
v2.44
v2.43
v2.42a
v2.42
v2.41
v2.40
v2.37a
v2.37
v2.36
v2.35a
v2.35
v2.34
v2.33a
v2.33
v2.32
v2.31a
v2.31
v2.30
v2.28c
v2.28a
v2.28
v2.27
v2.26
v2.25
Labels
Clear labels   
Interest
Alembic

  
Interest
Animation & Rigging

  
Interest
Asset Browser

  
Interest
Asset Browser Project Overview

  
Interest
Audio

  
Interest
Automated Testing

  
Interest
Blender Asset Bundle

  
Interest
BlendFile

  
Interest
Collada

  
Interest
Compatibility
This issue affects/is about backward or forward compatibility

  
Interest
Compositing

  
Interest
Core

  
Interest
Cycles

  
Interest
Dependency Graph

  
Interest
Development Management

  
Interest
EEVEE

  
Interest
EEVEE & Viewport

  
Interest
Freestyle

  
Interest
Geometry Nodes

  
Interest
Grease Pencil

  
Interest
ID Management

  
Interest
Images & Movies

  
Interest
Import Export

  
Interest
Line Art

  
Interest
Masking

  
Interest
Metal

  
Interest
Modeling

  
Interest
Modifiers

  
Interest
Motion Tracking

  
Interest
Nodes & Physics

  
Interest
OpenGL

  
Interest
Overlay

  
Interest
Overrides

  
Interest
Performance

  
Interest
Physics

  
Interest
Pipeline, Assets & IO

  
Interest
Platforms, Builds & Tests

  
Interest
Python API

  
Interest
Render & Cycles

  
Interest
Render Pipeline

  
Interest
Sculpt, Paint & Texture

  
Interest
Text Editor

  
Interest
Translations

  
Interest
Triaging

  
Interest
Undo

  
Interest
USD

  
Interest
User Interface

  
Interest
UV Editing

  
Interest
VFX & Video

  
Interest
Video Sequencer

  
Interest
Virtual Reality

  
Interest
Vulkan

  
Interest
Wayland
Issues relating to Wayland windowing support.

  
Interest
Workbench

  
Interest: X11

Issues relating to Xorg/X11 support.

  
Legacy
Blender 2.8 Project

  
Legacy
Milestone 1: Basic, Local Asset Browser

  
Legacy
OpenGL Error

  
Meta
Good First Issue

  
Meta
Papercut

  
Meta
Retrospective

  
Meta
Security
Issues relating to security: https://wiki.blender.org/wiki/Process/Vulnerability_Reports

  
Module
Animation & Rigging

  
Module
Core

  
Module
Development Management

  
Module
EEVEE & Viewport

  
Module
Grease Pencil

  
Module
Modeling

  
Module
Nodes & Physics

  
Module
Pipeline, Assets & IO

  
Module
Platforms, Builds & Tests

  
Module
Python API

  
Module
Render & Cycles

  
Module
Sculpt, Paint & Texture

  
Module
Triaging

  
Module
User Interface

  
Module
VFX & Video

  
Platform
FreeBSD

  
Platform
Linux

  
Platform
macOS

  
Platform
Windows

  
Priority
High

  
Priority
Low

  
Priority
Normal

  
Priority
Unbreak Now!

  
Status
Archived

  
Status
Confirmed

  
Status
Duplicate

  
Status
Needs Info from Developers

  
Status
Needs Information from User

  
Status
Needs Triage

  
Status
Resolved

  
Type
Bug

  
Type
Design

  
Type
Known Issue

  
Type
Patch

  
Type
Report

  
Type
To Do

No Label
Interest
Alembic
Interest
Animation & Rigging
Interest
Asset Browser
Interest
Asset Browser Project Overview
Interest
Audio
Interest
Automated Testing
Interest
Blender Asset Bundle
Interest
BlendFile
Interest
Collada
Interest
Compatibility
Interest
Compositing
Interest
Core
Interest
Cycles
Interest
Dependency Graph
Interest
Development Management
Interest
EEVEE
Interest
EEVEE & Viewport
Interest
Freestyle
Interest
Geometry Nodes
Interest
Grease Pencil
Interest
ID Management
Interest
Images & Movies
Interest
Import Export
Interest
Line Art
Interest
Masking
Interest
Metal
Interest
Modeling
Interest
Modifiers
Interest
Motion Tracking
Interest
Nodes & Physics
Interest
OpenGL
Interest
Overlay
Interest
Overrides
Interest
Performance
Interest
Physics
Interest
Pipeline, Assets & IO
Interest
Platforms, Builds & Tests
Interest
Python API
Interest
Render & Cycles
Interest
Render Pipeline
Interest
Sculpt, Paint & Texture
Interest
Text Editor
Interest
Translations
Interest
Triaging
Interest
Undo
Interest
USD
Interest
User Interface
Interest
UV Editing
Interest
VFX & Video
Interest
Video Sequencer
Interest
Virtual Reality
Interest
Vulkan
Interest
Wayland
Interest
Workbench
Interest: X11
Legacy
Blender 2.8 Project
Legacy
Milestone 1: Basic, Local Asset Browser
Legacy
OpenGL Error
Meta
Good First Issue
Meta
Papercut
Meta
Retrospective
Meta
Security
Module
Animation & Rigging
Module
Core
Module
Development Management
Module
EEVEE & Viewport
Module
Grease Pencil
Module
Modeling
Module
Nodes & Physics
Module
Pipeline, Assets & IO
Module
Platforms, Builds & Tests
Module
Python API
Module
Render & Cycles
Module
Sculpt, Paint & Texture
Module
Triaging
Module
User Interface
Module
VFX & Video
Platform
FreeBSD
Platform
Linux
Platform
macOS
Platform
Windows
Priority
High
Priority
Low
Priority
Normal
Priority
Unbreak Now!
Status
Archived
Status
Confirmed
Status
Duplicate
Status
Needs Info from Developers
Status
Needs Information from User
Status
Needs Triage
Status
Resolved
Type
Bug
Type
Design
Type
Known Issue
Type
Patch
Type
Report
Type
To Do
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
Robert Guetzkow
3 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: blender/blender#84588
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?