Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Executing RigidBody3D.get_inverse_inertia_tensor() crashes Godot #46282

Closed
Tracked by #45333
qarmin opened this issue Feb 21, 2021 · 3 comments · Fixed by #48860
Closed
Tracked by #45333

Executing RigidBody3D.get_inverse_inertia_tensor() crashes Godot #46282

qarmin opened this issue Feb 21, 2021 · 3 comments · Fixed by #48860
Labels
bug crash topic:physics
Milestone
4.0

Comments

@qarmin
Copy link
Contributor

qarmin commented Feb 21, 2021

Godot version:
4.0.dev.custom_build. 3bb628d

OS
Ubuntu 20.04 - Ubuntu 3.36 X11

Issue description:
Executing

var q_RigidBody3D : RigidBody3D = RigidBody3D.new()

func _ready() -> void:
	add_child(q_RigidBody3D)

func _process(_delta : float) -> void:
	if randi() % 10 == 0:
		q_RigidBody3D.queue_free()
		q_RigidBody3D = RigidBody3D.new()
		add_child(q_RigidBody3D)

	if randi() % 2 == 0:
		q_RigidBody3D.get_inverse_inertia_tensor()

shows this address sanitizer log

Executing RigidBody3D.get_inverse_inertia_tensor
core/variant/method_ptrcall.h:127:1: runtime error: store to misaligned address 0x7ffd89510401 for type 'struct Basis', which requires 4 byte alignment
0x7ffd89510401: note: pointer points here
 60 00 00  20 04 51 89 fd 7f 00 00  67 4b e8 01 00 00 00 00  f0 04 51 89 fd 7f 00 00  80 33 0c 00 70
              ^ 
=================================================================
==253104==ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address 0x7ffd89510401 at pc 0x00000df24aa5 bp 0x7ffd89510190 sp 0x7ffd89510180
WRITE of size 36 at 0x7ffd89510401 thread T0
    #0 0xdf24aa4 in PtrToArg<Basis>::encode(Basis const&, void*) core/variant/method_ptrcall.h:127
    #1 0xdf95993 in void call_with_ptr_args_ret_helper<__UnexistingClass, Basis>(__UnexistingClass*, Basis (__UnexistingClass::*)(), void const**, void*, IndexSequence<>) core/variant/binder_common.h:227
    #2 0xdf87557 in void call_with_ptr_args_ret<__UnexistingClass, Basis>(__UnexistingClass*, Basis (__UnexistingClass::*)(), void const**, void*) core/variant/binder_common.h:445
    #3 0xdf76425 in MethodBindTR<Basis>::ptrcall(Object*, void const**, void*) core/object/method_bind.h:460
    #4 0x5b2e7a9 in GDScriptFunction::call(GDScriptInstance*, Variant const**, int, Callable::CallError&, GDScriptFunction::CallState*) modules/gdscript/gdscript_vm.cpp:1590
    #5 0x562a0c3 in GDScriptInstance::call(StringName const&, Variant const**, int, Callable::CallError&) modules/gdscript/gdscript.cpp:1544
    #6 0x13a0fa23 in ScriptInstance::call(StringName const&, Variant const&, Variant const&, Variant const&, Variant const&, Variant const&) core/object/script_language.cpp:322
    #7 0xc64557d in Node::_notification(int) scene/main/node.cpp:58
    #8 0x336c589 in Node::_notificationv(int, bool) scene/main/node.h:45
    #9 0x336ee58 in CanvasItem::_notificationv(int, bool) scene/main/canvas_item.h:164
    #10 0xe3425ba in Node2D::_notificationv(int, bool) scene/2d/node_2d.h:37
    #11 0x139a46e2 in Object::notification(int, bool) core/object/object.cpp:793
    #12 0xc74ab21 in SceneTree::_notify_group_pause(StringName const&, int) scene/main/scene_tree.cpp:812
    #13 0xc73dc2d in SceneTree::process(float) scene/main/scene_tree.cpp:441
    #14 0x1fc51e2 in Main::iteration() main/main.cpp:2471
    #15 0x1e6c83e in OS_LinuxBSD::run() platform/linuxbsd/os_linuxbsd.cpp:261
    #16 0x1e5f040 in main platform/linuxbsd/godot_linuxbsd.cpp:58
    #17 0x7f38f58f30b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    #18 0x1e5eb7d in _start (/usr/bin/godot4s+0x1e5eb7d)

Address 0x7ffd89510401 is located in stack of thread T0 at offset 209 in frame
    #0 0xdf8748c in void call_with_ptr_args_ret<__UnexistingClass, Basis>(__UnexistingClass*, Basis (__UnexistingClass::*)(), void const**, void*) core/variant/binder_common.h:444

  This frame has 1 object(s):
    [32, 33) '<unknown>' <== Memory access at offset 209 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: dynamic-stack-buffer-overflow core/variant/method_ptrcall.h:127 in PtrToArg<Basis>::encode(Basis const&, void*)
@pouleyKetchoupp pouleyKetchoupp mentioned this issue Feb 21, 2021
Open
@vinperdom
Copy link

I'd like to take a look at it, may I?

@qarmin
Copy link
Contributor Author

qarmin commented Feb 27, 2021

In this repository, you do not need to ask permission to fix a bug.

When you start working on a larger bug, it is a good idea to let others know about it in the comments.

@dflowcodes
Copy link

Looks like this is still open, will look at this as well

@JohnM666 JohnM666 mentioned this issue May 19, 2021
Merged
@akien-mga akien-mga added this to the 4.0 milestone May 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug crash topic:physics
Projects
None yet
Milestone
4.0
Development

Successfully merging a pull request may close this issue.

Fix RigidBody3D.get_inverse_inertia_tensor() crash
5 participants
@Calinou @akien-mga @vinperdom @qarmin @dflowcodes