Page MenuHome

Mesh related crash in add-on
Confirmed, NormalPublic

Description

System Information
Operating system: Windows-10-10.0.19041-SP0 64 Bits
Graphics card: NVIDIA GeForce GTX 780 Ti/PCIe/SSE2 NVIDIA Corporation 4.5.0 NVIDIA 466.27

Blender Version
Broken: version: 3.0.0 Alpha, branch: master, commit date: 2021-06-18 21:33, hash: rBf9aea19d9890

Short description of error
Using an the operation connect spread in an addon is causing an EXCEPTION_ACCESS_VIOLATION.

Stack trace:
blender.exe         :0x00007FF7A109EC60  blender::deg::deg_graph_flush_updates
blender.exe         :0x00007FF7A1084AA0  DEG_evaluate_on_refresh
blender.exe         :0x00007FF79C983790  scene_graph_update_tagged
blender.exe         :0x00007FF79CB61510  wm_event_do_notifiers
blender.exe         :0x00007FF79CB4B550  WM_main
blender.exe         :0x00007FF79C7E2ED0  main
blender.exe         :0x00007FF7A16421A8  __scrt_common_main_seh
KERNEL32.DLL        :0x00007FFEEB937020  BaseThreadInitThunk
ntdll.dll           :0x00007FFEECA62630  RtlUserThreadStart

Exact steps for others to reproduce the error
Download Forgotten Tools use Connect spread on 2+ edges go to operation popup menu increase the cuts.

Event Timeline

Lamia created this task.Jun 19 2021, 4:31 PM
Fen (chemicalcrux) changed the task status from Needs Triage to Confirmed.EditedJun 19 2021, 7:30 PM

Running this with a debug build fails an assertion:

BLI_assert failed: D:\blender-git\blender\source\blender\blenkernel\intern\editmesh.c:182, BKE_editmesh_looptri_calc_with_partial_ex(), at 'em->tottri == poly_to_tri_count(em->bm->totface, em->bm->totloop)'

If I get rid of the asserts, a heap overflow occurs.

SUMMARY: AddressSanitizer: heap-buffer-overflow D:\blender-git\blender\source\blender\bmesh\intern\bmesh_mesh_tessellate.c:145 in bmesh_calc_tessellation_for_face_impl
Shadow bytes around the buggy address:
  0x051d4f4d1f10: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x051d4f4d1f20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x051d4f4d1f30: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa
  0x051d4f4d1f40: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x051d4f4d1f50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x051d4f4d1f60: 00 00 00 00 00 00 00 00 00 00 00 00 00[fa]fa fa
  0x051d4f4d1f70: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x051d4f4d1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x051d4f4d1f90: 00 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa
  0x051d4f4d1fa0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x051d4f4d1fb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Fen (chemicalcrux) added a comment.EditedJun 19 2021, 7:47 PM

This was introduced in rBc2fa36999ff25ce2d011971a460d7efa11705e57. The commit before it, rB00073651d420c852b271127fe453d2170471321a, does not cause an assertion failure or a crash.

It is possible that this is just a problem with the add-on, of course -- it could be holding onto old, invalid data.

Robert Guetzkow (rjg) renamed this task from EXCEPTION_ACCESS_VIOLATION from addon. to BMesh tesselate related crash in add-on.Jun 19 2021, 8:08 PM
Robert Guetzkow (rjg) renamed this task from BMesh tesselate related crash in add-on to Mesh related crash in add-on.