-
-
Notifications
You must be signed in to change notification settings - Fork 21.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix physics platform behaviour regression #97315
Fix physics platform behaviour regression #97315
Conversation
f2b119e
to
7826daa
Compare
Any commentary for testing this or should be merge as is? |
It's a fairly simple change, aside from the comments, it's just changing:
to
This means it passes through and ignores the lifetime check for the physics objects that are not derived from This is simply returning to the previous behaviour before #74732 (for physics objects), so should be pretty safe to merge. There should be no real need to "test" as the logic is super simple, and it's reverting to previous behaviour (which has been tested for years). It's essentially reverting #74732 except for objects derived from Original BugTo remind, the original bug is that physics is keeping a RID (essentially glorified pointer) to an object which may have been deleted. This is one of the most common bugs in programming (and the solutions). See the linked issue for discussion of various ways to address this. For now I just used |
Lifetime checks for stored `RIDs` for collision objects assumed they had valid `object_ids`. It turns out that some are not derived from `Object` and thus checking `ObjectDB` returns false for some valid `RIDs`. To account for this we only perform lifetime checks on valid `object_ids`.
7826daa
to
6764338
Compare
Thanks! |
Reminder there's a similar 3.x PR too which needs approval to merge: |
Lifetime checks for stored
RIDs
for collision objects assumed they had validobject_ids
. It turns out that some are not derived fromObject
and thus checkingObjectDB
returns false for some validRIDs
. To account for this we only perform lifetime checks on validobject_ids
.Fixes #97293
Discussion
Although the original MRP in #74732 had valid object ids, it turns out that physics also stores
RIDs
for objects which are not inObjectDB
. This means we can't lifetime check them withObjectDB
, and the same vulnerability exists for accessing danglingRIDs
that caused the original issue.This should ideally be closed as the current design is unsafe, although there are no reports afaik of this occurring in the wild (although such errors may not result in crash and may only be seen in e.g. asan build).
Making completely safe in this situation is out of scope for this PR, and as stated in the original issue, would involve e.g.