Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Executing VisualShader.new()._input_type_changed(10,10) crashes Godot #46011

Closed
qarmin opened this issue Feb 14, 2021 · 0 comments · Fixed by #46021
Closed

Executing VisualShader.new()._input_type_changed(10,10) crashes Godot #46011

qarmin opened this issue Feb 14, 2021 · 0 comments · Fixed by #46021
Labels
bug crash topic:shaders
Milestone
4.0

Comments

@qarmin
Copy link
Contributor

qarmin commented Feb 14, 2021

Godot version:
Godot 3.2.4 rc 2

Issue description:
Executing

VisualShader.new()._input_type_changed(10,10)

crashes with backtrace

scene/resources/visual_shader.cpp:1450:26: runtime error: index 10 out of bounds for type 'Graph [3]'
=================================================================
==151813==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61700009ae48 at pc 0x00000b046649 bp 0x7ffeb9aef120 sp 0x7ffeb9aef110
READ of size 8 at 0x61700009ae48 thread T0
    #0 0xb046648 in List<VisualShader::Connection, DefaultAllocator>::front() core/list.h:196
    #1 0xf2b65af in VisualShader::_input_type_changed(VisualShader::Type, int) scene/resources/visual_shader.cpp:1452
    #2 0xf3543f6 in MethodBind2<VisualShader::Type, int>::call(Object*, Variant const**, int, Variant::CallError&) core/method_bind.gen.inc:1523
    #3 0x1130f551 in Object::call(StringName const&, Variant const**, int, Variant::CallError&) core/object.cpp:919
    #4 0x1130d30c in Object::callv(StringName const&, Array const&) core/object.cpp:825
    #5 0x11374bfd in MethodBind2R<Variant, StringName const&, Array const&>::call(Object*, Variant const**, int, Variant::CallError&) core/method_bind.gen.inc:1717
    #6 0x1130f551 in Object::call(StringName const&, Variant const**, int, Variant::CallError&) core/object.cpp:919
    #7 0x1159052d in Variant::call_ptr(StringName const&, Variant const**, int, Variant*, Variant::CallError&) core/variant_call.cpp:1129
    #8 0x1d4c957 in GDScriptFunction::call(GDScriptInstance*, Variant const**, int, Variant::CallError&, GDScriptFunction::CallState*) modules/gdscript/gdscript_function.cpp:1086
    #9 0x1b7c6af in GDScriptInstance::call(StringName const&, Variant const**, int, Variant::CallError&) modules/gdscript/gdscript.cpp:1238
    #10 0x1130f0c1 in Object::call(StringName const&, Variant const**, int, Variant::CallError&) core/object.cpp:898
    #11 0x1159052d in Variant::call_ptr(StringName const&, Variant const**, int, Variant*, Variant::CallError&) core/variant_call.cpp:1129
    #12 0x1d4c957 in GDScriptFunction::call(GDScriptInstance*, Variant const**, int, Variant::CallError&, GDScriptFunction::CallState*) modules/gdscript/gdscript_function.cpp:1086
    #13 0x1b7d3f9 in GDScriptInstance::_ml_call_reversed(GDScript*, StringName const&, Variant const**, int) modules/gdscript/gdscript.cpp:1269
    #14 0x1b7d6ac in GDScriptInstance::call_multilevel_reversed(StringName const&, Variant const**, int) modules/gdscript/gdscript.cpp:1276
    #15 0xbeee194 in Node::_notification(int) scene/main/node.cpp:149
    #16 0x1a29b69 in Node::_notificationv(int, bool) scene/main/node.h:46
    #17 0x1a2bfde in CanvasItem::_notificationv(int, bool) scene/2d/canvas_item.h:166
    #18 0xd9bcc3a in Node2D::_notificationv(int, bool) scene/2d/node_2d.h:38
    #19 0x1130f9eb in Object::notification(int, bool) core/object.cpp:929
    #20 0xbef0111 in Node::_propagate_ready() scene/main/node.cpp:196
    #21 0xbeef977 in Node::_propagate_ready() scene/main/node.cpp:188
    #22 0xbf3c708 in Node::_set_tree(SceneTree*) scene/main/node.cpp:2557
    #23 0xbfff630 in SceneTree::init() scene/main/scene_tree.cpp:463
    #24 0x178042f in OS_X11::run() platform/x11/os_x11.cpp:3621
    #25 0x16ee466 in main platform/x11/godot_x11.cpp:56
    #26 0x7f67aa0270b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    #27 0x16ee07d in _start (/usr/bin/godots+0x16ee07d)

Address 0x61700009ae48 is a wild pointer.
SUMMARY: AddressSanitizer: heap-buffer-overflow core/list.h:196 in List<VisualShader::Connection, DefaultAllocator>::front()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug crash topic:shaders
Projects
None yet
Milestone
4.0
Development

Successfully merging a pull request may close this issue.

VisualShader::_input_type_changed Fix index out of bounds crash. kleonc/godot
3 participants
@Calinou @akien-mga @qarmin