Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Executing Skeleton3D.global_pose_z_forward_to_bone_forward crashes Godot #53646

Closed
qarmin opened this issue Oct 10, 2021 · 1 comment
Closed

Comments

@qarmin
Copy link
Contributor

qarmin commented Oct 10, 2021

Godot version

4.0.dev.custom_build. 87de2e7

System information

Ubuntu 21.04 - Nvidia GTX 970, Gnome shell 3.38 X11

Issue description

When executing

func _process(delta) -> void:
	var temp_variable124013 = Skeleton3D.new()
	temp_variable124013.add_bone(".")
	temp_variable124013.set_bone_children(0, PackedInt32Array([0, -1, 1, 2, 1]))
	temp_variable124013.global_pose_z_forward_to_bone_forward(0, Basis(Vector3(0.63615262508392, -0.46425956487656, 0.61625719070435), Vector3(0.73247653245926, 0.61438399553299, -0.2932755947113), Vector3(-0.24246257543564, 0.63796192407608, 0.73090118169785)))

Godot crashes with this backtrace

ERROR: FATAL: Index p_index = -1 is out of bounds (size() = 1).
   at: get (./core/templates/cowdata.h:163)

================================================================
handle_crash: Program crashed with signal 4
Engine version: Godot Engine v4.0.dev.custom_build (2a28df82d4979c3ca77c16ee9ae64c5a4f50a925)
Dumping the backtrace. Please include this when reporting the bug on https://github.com/godotengine/godot/issues
[1] /lib/x86_64-linux-gnu/libc.so.6(+0x41040) [0x7fe0f5a70040] (??:0)
[2] CowData<Skeleton3D::Bone>::get(int) const (??:0)
[3] Vector<Skeleton3D::Bone>::operator[](int) const (??:0)
[4] Skeleton3D::update_bone_rest_forward_vector(int, bool) (??:0)
[5] Skeleton3D::global_pose_z_forward_to_bone_forward(int, Basis) (??:0)
[6] void call_with_variant_args_ret_helper<__UnexistingClass, Basis, int, Basis, 0ul, 1ul>(__UnexistingClass*, Basis (__UnexistingClass::*)(int, Basis), Variant const**, Variant&, Callable::CallError&, IndexSequence<0ul, 1ul>) (??:0)
[7] void call_with_variant_args_ret_dv<__UnexistingClass, Basis, int, Basis>(__UnexistingClass*, Basis (__UnexistingClass::*)(int, Basis), Variant const**, int, Variant&, Callable::CallError&, Vector<Variant> const&) (??:0)
[8] MethodBindTR<Basis, int, Basis>::call(Object*, Variant const**, int, Callable::CallError&) (??:0)
[9] Object::call(StringName const&, Variant const**, int, Callable::CallError&) (??:0)
[10] Variant::call(StringName const&, Variant const**, int, Variant&, Callable::CallError&) (??:0)
[11] GDScriptFunction::call(GDScriptInstance*, Variant const**, int, Callable::CallError&, GDScriptFunction::CallState*) (??:0)
[12] GDScriptInstance::call(StringName const&, Variant const**, int, Callable::CallError&) (??:0)
[13] Node::_gdvirtual__process_call(double) (??:0)
[14] Node::_notification(int) (??:0)
[15] Node::_notificationv(int, bool) (??:0)
[16] CanvasItem::_notificationv(int, bool) (??:0)
[17] Node2D::_notificationv(int, bool) (??:0)
[18] Object::notification(int, bool) (??:0)
[19] SceneTree::_notify_group_pause(StringName const&, int) (??:0)
[20] SceneTree::process(double) (??:0)
[21] Main::iteration() (??:0)
[22] OS_LinuxBSD::run() (??:0)
[23] godot4(main+0x166) [0x55ab3f44410f] (??:0)
[24] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xd5) [0x7fe0f5a57565] (??:0)
[25] godot4(_start+0x2e) [0x55ab3f443eee] (??:0)
-- END OF BACKTRACE --
================================================================


This example was found by fuzzer, so I don't recommend trying understand in what situation such code could be used in real project, because such situation probably doesn't exists.

Steps to reproduce

Above

Minimal reproduction project

No response

@qarmin
Copy link
Contributor Author

qarmin commented Nov 25, 2022

Fixed by #64802 (function removed entirelly from codebase)

@qarmin qarmin closed this as completed Nov 25, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants