Page MenuHome
Differential D3672

Multi-Objects: MESH_OT_select_similar_region
Needs ReviewPublic
Actions

Authored by Dalai Felinto (dfelinto) on Sep 3 2018, 5:52 PM.

Details

Reviewers
Campbell Barton (campbellbarton)
Maniphest Tasks
T54643: Multi-Object-Mode: EditMesh Tools
Summary

It works in some cases, but in others it crashes.
I suspect it has to do with mixing regions from different objects.

More specifically in BM_mesh_region_match, where I'm passing bm_iter from one
object, and fg from a different one.

Diff Detail

Repository
rB Blender
Branch
temp-multi-similar-region (branched from blender2.8)
Build Status
Buildable 2010
Build 2010: arc lint + arc unit

Event Timeline

Dalai Felinto (dfelinto) created this revision.Sep 3 2018, 5:52 PM
Dalai Felinto (dfelinto) added a comment.Sep 3 2018, 6:02 PM

How to reproduce a crash:

regions_28.blend277 KBDownload

  • [Select Similar] Shift + G > Face Regions

SUMMARY: AddressSanitizer: heap-use-after-free //bmesh/tools/bmesh_region_match.c:1342 in bm_vert_fasthash_edge_order

#0 0x5618ebe50252 in bm_vert_fasthash_edge_order /home/dfelinto/src/blender/blender/source/blender/bmesh/tools/bmesh_region_match.c:1342     
#1 0x5618ebe504da in bm_vert_fasthash_edge_is_match /home/dfelinto/src/blender/blender/source/blender/bmesh/tools/bmesh_region_match.c:1356
#2 0x5618ebe52a2e in BM_mesh_region_match /home/dfelinto/src/blender/blender/source/blender/bmesh/tools/bmesh_region_match.c:1467       
#3 0x5618ead4dae5 in edbm_select_similar_region_exec /home/dfelinto/src/blender/blender/source/blender/editors/mesh/editmesh_select.c:1465

I even tried to ensure more data was valid for all the bmeshes (P777)

Dalai Felinto (dfelinto) added a task: T54643: Multi-Object-Mode: EditMesh Tools.Sep 3 2018, 6:05 PM
Dalai Felinto (dfelinto) added a comment.Sep 28 2018, 8:05 PM

valgrind gives the following:

==10406== Conditional jump or move depends on uninitialised value(s)
==10406==    at 0x178DCCE: bm_face_len_cmp (bmesh_region_match.c:586)
==10406==    by 0x6CC41F1: msort_with_tmp.part.0 (msort.c:83)
==10406==    by 0x6CC4595: msort_with_tmp (msort.c:45)
==10406==    by 0x6CC4595: qsort_r (msort.c:297)
==10406==    by 0x178DE79: bm_uuidwalk_init_from_edge (bmesh_region_match.c:608)
==10406==    by 0x178E48E: bm_mesh_region_match_pair (bmesh_region_match.c:774)
==10406==    by 0x17975D4: BM_mesh_region_match (bmesh_region_match.c:1476)
==10406==    by 0x10C2465: edbm_select_similar_region_exec (editmesh_select.c:1422)
==10406==    by 0xCCCA35: wm_operator_invoke (wm_event_system.c:1331)
==10406==    by 0xCCD0B9: wm_operator_call_internal (wm_event_system.c:1516)
==10406==    by 0xCCD2D7: WM_operator_name_call_ptr (wm_event_system.c:1564)
==10406==    by 0x102259D: ui_apply_but_funcs_after (interface_handlers.c:767)
==10406==    by 0x103B3FC: ui_popup_handler (interface_handlers.c:9860)
==10406==  Uninitialised value was created by a stack allocation
==10406==    at 0x178DD2E: bm_uuidwalk_init_from_edge (bmesh_region_match.c:595)

But it also produces no crash (unlike without valgrind).

Dalai Felinto (dfelinto) updated this revision to Diff 12002.Sep 28 2018, 8:06 PM

Updating to latest blender2.8, same issues are still there

Brecht Van Lommel (brecht) mentioned this in T54643: Multi-Object-Mode: EditMesh Tools.May 22 2019, 9:44 AM
Campbell Barton (campbellbarton) mentioned this in T63731: Modeling Module.Jan 27 2020, 4:22 AM
Bastien Montagne (mont29) added projects: Modeling, BF Blender.Aug 14 2020, 10:16 AM

Revision Contents
Changeset List

PathSize
source/
blender/
editors/
mesh/
159 lines

Diff 11768

View Options

source/blender/editors/mesh/editmesh_select.c

Loading...