(An Untitled Masterwork)
ActivePublic
Actions

Authored by Jacques Lucke (JacquesLucke) on Feb 8 2022, 1:16 PM.

Tags

None

Subscribers

None

	==170059==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffa8606b60 at pc 0x000021355c7f bp 0x7fffa8606520 sp 0x7fffa8606510
	READ of size 8 at 0x7fffa8606b60 thread T77
	#0 0x21355c7e in fast_expansion_sum_zeroelim /home/jacques/blender-git/blender/source/blender/blenlib/intern/math_boolean.cc:522
	#1 0x2137052b in incircleadapt /home/jacques/blender-git/blender/source/blender/blenlib/intern/math_boolean.cc:1669
	#2 0x21374600 in blender::robust_pred::incircle(double const, double const, double const, double const) /home/jacques/blender-git/blender/source/blender/blenlib/intern/math_boolean.cc:1870
	#3 0x2138b509 in blender::incircle(blender::vec_base<double, 2> const&, blender::vec_base<double, 2> const&, blender::vec_base<double, 2> const&, blender::vec_base<double, 2> const&) /home/jacques/blender-git/blender/source/blender/blenlib/intern/math_boolean.cc:2483
	#4 0x211b56b9 in filtered_incircle<double> /home/jacques/blender-git/blender/source/blender/blenlib/intern/delaunay_2d.cc:754
	#5 0x211c2d2c in re_delaunay_triangulate<double> /home/jacques/blender-git/blender/source/blender/blenlib/intern/delaunay_2d.cc:1539
	#6 0x211f0798 in void blender::meshintersect::add_edge_constraint<double>(blender::meshintersect::CDT_state<double>, blender::meshintersect::CDTVert<double>, blender::meshintersect::CDTVert<double>, int, LinkNode*) /home/jacques/blender-git/blender/source/blender/blenlib/intern/delaunay_2d.cc:2102
	#7 0x211d5063 in void blender::meshintersect::add_face_constraints<double>(blender::meshintersect::CDT_state<double>*, blender::meshintersect::CDT_input<double> const&, CDT_output_type) /home/jacques/blender-git/blender/source/blender/blenlib/intern/delaunay_2d.cc:2254
	#8 0x211cd07f in blender::meshintersect::CDT_result<double> blender::meshintersect::delaunay_calc<double>(blender::meshintersect::CDT_input<double> const&, CDT_output_type) /home/jacques/blender-git/blender/source/blender/blenlib/intern/delaunay_2d.cc:2794
	#9 0x211ba686 in blender::meshintersect::delaunay_2d_calc(blender::meshintersect::CDT_input<double> const&, CDT_output_type) /home/jacques/blender-git/blender/source/blender/blenlib/intern/delaunay_2d.cc:2801
	#10 0x9d89928 in do_cdt /home/jacques/blender-git/blender/source/blender/nodes/geometry/nodes/node_geo_curve_fill.cc:82
	#11 0x9d8d23f in curve_fill_calculate /home/jacques/blender-git/blender/source/blender/nodes/geometry/nodes/node_geo_curve_fill.cc:144
	#12 0x9d8d5b5 in operator() /home/jacques/blender-git/blender/source/blender/nodes/geometry/nodes/node_geo_curve_fill.cc:159
	#13 0x9de2ee5 in callback_fn<blender::nodes::node_geo_curve_fill_cc::node_geo_exec(blender::nodes::GeoNodeExecParams)::<lambda(GeometrySet&)> > /home/jacques/blender-git/blender/source/blender/blenlib/BLI_function_ref.hh:109
	#14 0x4eb460f in blender::FunctionRef<void (GeometrySet&)>::operator()(GeometrySet&) const /home/jacques/blender-git/blender/source/blender/blenlib/BLI_function_ref.hh:146
	#15 0x4ea6caa in operator() /home/jacques/blender-git/blender/source/blender/blenkernel/intern/geometry_set.cc:567
	#16 0x4eae10a in operator() /home/jacques/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/parallel_for_each.h:51
	#17 0x4eadc74 in run_body /home/jacques/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/parallel_for.h:115
	#18 0x4eac540 in work_balance<tbb::interface9::internal::start_for<tbb::blocked_range<GeometrySet*>, tbb::internal::parallel_for_each_body_for<GeometrySet::modify_geometry_sets(GeometrySet::ForeachSubGeometryCallback)::<lambda(GeometrySet)>, GeometrySet>, const tbb::auto_partitioner>, tbb::blocked_range<GeometrySet> > /home/jacques/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/partitioner.h:423
	#19 0x4eabf49 in execute<tbb::interface9::internal::start_for<tbb::blocked_range<GeometrySet*>, tbb::internal::parallel_for_each_body_for<GeometrySet::modify_geometry_sets(GeometrySet::ForeachSubGeometryCallback)::<lambda(GeometrySet)>, GeometrySet>, const tbb::auto_partitioner>, tbb::blocked_range<GeometrySet> > /home/jacques/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/partitioner.h:256
	#20 0x4eab840 in execute /home/jacques/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/parallel_for.h:142
	#21 0x51e2994 in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::process_bypass_loop(tbb::internal::context_guard_helper<false>&, tbb::task*, long) (/home/jacques/blender-git/build_linux/bin/blender+0x51e2994)
	#22 0x51e2c4a in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::local_wait_for_all(tbb::task&, tbb::task*) (/home/jacques/blender-git/build_linux/bin/blender+0x51e2c4a)
	#23 0x51e04ef in tbb::internal::generic_scheduler::local_spawn_root_and_wait(tbb::task, tbb::task&) (/home/jacques/blender-git/build_linux/bin/blender+0x51e04ef)
	#24 0x360aee1 in tbb::task::spawn_root_and_wait(tbb::task&) (/home/jacques/blender-git/build_linux/bin/blender+0x360aee1)
	#25 0x4eaa90f in run /home/jacques/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/parallel_for.h:95
	#26 0x4eaa51a in parallel_for<tbb::blocked_range<GeometrySet*>, tbb::internal::parallel_for_each_body_for<GeometrySet::modify_geometry_sets(GeometrySet::ForeachSubGeometryCallback)::<lambda(GeometrySet)>, GeometrySet**> > /home/jacques/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/parallel_for.h:201
	#27 0x4eaa29c in doit /home/jacques/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/parallel_for_each.h:79
	#28 0x4eaa129 in parallel_for_each<GeometrySet*, GeometrySet::modify_geometry_sets(GeometrySet::ForeachSubGeometryCallback)::<lambda(GeometrySet)> > /home/jacques/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/parallel_for_each.h:114
	#29 0x4ea9701 in parallel_for_each<blender::Vector<GeometrySet>, GeometrySet::modify_geometry_sets(GeometrySet::ForeachSubGeometryCallback)::<lambda(GeometrySet)> > /home/jacques/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/parallel_for_each.h:120
	#30 0x4ea90d0 in parallel_for_each<blender::Vector<GeometrySet>, GeometrySet::modify_geometry_sets(GeometrySet::ForeachSubGeometryCallback)::<lambda(GeometrySet)> > /home/jacques/blender-git/blender/source/blender/blenlib/BLI_task.hh:55
	#31 0x4ea6ec2 in GeometrySet::modify_geometry_sets(blender::FunctionRef<void (GeometrySet&)>) /home/jacques/blender-git/blender/source/blender/blenkernel/intern/geometry_set.cc:566
	#32 0x9d8da2b in node_geo_exec /home/jacques/blender-git/blender/source/blender/nodes/geometry/nodes/node_geo_curve_fill.cc:158
	#33 0x6ddd191 in blender::modifiers::geometry_nodes::GeometryNodesEvaluator::execute_geometry_node(blender::nodes::DNode, blender::modifiers::geometry_nodes::NodeState&, blender::modifiers::geometry_nodes::NodeTaskRunState*) (/home/jacques/blender-git/build_linux/bin/blender+0x6ddd191)
	#34 0x6ddbeb0 in blender::modifiers::geometry_nodes::GeometryNodesEvaluator::execute_node(blender::nodes::DNode, blender::modifiers::geometry_nodes::NodeState&, blender::modifiers::geometry_nodes::NodeTaskRunState*) /home/jacques/blender-git/blender/source/blender/modifiers/intern/MOD_nodes_evaluator.cc:981
	#35 0x6dd7047 in blender::modifiers::geometry_nodes::GeometryNodesEvaluator::node_task_run(blender::nodes::DNode, blender::modifiers::geometry_nodes::NodeTaskRunState*) /home/jacques/blender-git/blender/source/blender/modifiers/intern/MOD_nodes_evaluator.cc:787
	#36 0x6dd6a98 in blender::modifiers::geometry_nodes::GeometryNodesEvaluator::run_node_from_task_pool(TaskPool, void) /home/jacques/blender-git/blender/source/blender/modifiers/intern/MOD_nodes_evaluator.cc:767
	#37 0x21972f9a in Task::operator()() const /home/jacques/blender-git/blender/source/blender/blenlib/intern/task_pool.cc:178
	#38 0x2197860e in tbb::internal::function_task<Task>::execute() /home/jacques/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task.h:1059
	#39 0x51e2994 in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::process_bypass_loop(tbb::internal::context_guard_helper<false>&, tbb::task*, long) (/home/jacques/blender-git/build_linux/bin/blender+0x51e2994)
	#40 0x51e2c4a in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::local_wait_for_all(tbb::task&, tbb::task*) (/home/jacques/blender-git/build_linux/bin/blender+0x51e2c4a)
	#41 0x1a4f3743 in tbb::task::wait_for_all() /home/jacques/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task.h:820
	#42 0x1a4f4b2f in tbb::internal::task_group_base::wait() /home/jacques/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task_group.h:168
	#43 0x21973f89 in tbb_task_pool_work_and_wait /home/jacques/blender-git/blender/source/blender/blenlib/intern/task_pool.cc:251
	#44 0x219761e1 in BLI_task_pool_work_and_wait /home/jacques/blender-git/blender/source/blender/blenlib/intern/task_pool.cc:500
	#45 0x6dcb7fb in blender::modifiers::geometry_nodes::GeometryNodesEvaluator::execute() (/home/jacques/blender-git/build_linux/bin/blender+0x6dcb7fb)
	#46 0x6dbed83 in blender::modifiers::geometry_nodes::evaluate_geometry_nodes(blender::modifiers::geometry_nodes::GeometryNodesEvaluationParams&) /home/jacques/blender-git/blender/source/blender/modifiers/intern/MOD_nodes_evaluator.cc:1956
	#47 0x6d24897 in compute_geometry /home/jacques/blender-git/blender/source/blender/modifiers/intern/MOD_nodes.cc:1107
	#48 0x6d276bb in modifyGeometry /home/jacques/blender-git/blender/source/blender/modifiers/intern/MOD_nodes.cc:1218
	#49 0x6d28152 in modifyGeometrySet /home/jacques/blender-git/blender/source/blender/modifiers/intern/MOD_nodes.cc:1239
	#50 0x456fb46 in modifier_modify_mesh_and_geometry_set /home/jacques/blender-git/blender/source/blender/blenkernel/intern/DerivedMesh.cc:864
	#51 0x457526f in mesh_calc_modifiers /home/jacques/blender-git/blender/source/blender/blenkernel/intern/DerivedMesh.cc:1199
	#52 0x457ffab in mesh_build_data /home/jacques/blender-git/blender/source/blender/blenkernel/intern/DerivedMesh.cc:1776
	#53 0x4583118 in makeDerivedMesh /home/jacques/blender-git/blender/source/blender/blenkernel/intern/DerivedMesh.cc:1948
	#54 0x3d53231 in BKE_object_handle_data_update /home/jacques/blender-git/blender/source/blender/blenkernel/intern/object_update.c:189
	#55 0x3d57419 in BKE_object_eval_uber_data /home/jacques/blender-git/blender/source/blender/blenkernel/intern/object_update.c:386
	#56 0x63b732f in operator() /home/jacques/blender-git/blender/source/blender/depsgraph/intern/builder/deg_builder_nodes.cc:1502
	#57 0x640039b in __invoke_impl<void, blender::deg::DepsgraphNodeBuilder::build_object_data_geometry(Object)::<lambda(Depsgraph)>&, Depsgraph*> /usr/include/c++/11.1.0/bits/invoke.h:61
	#58 0x63f31b0 in __invoke_r<void, blender::deg::DepsgraphNodeBuilder::build_object_data_geometry(Object)::<lambda(Depsgraph)>&, Depsgraph*> /usr/include/c++/11.1.0/bits/invoke.h:111
	#59 0x63e66ef in _M_invoke /usr/include/c++/11.1.0/bits/std_function.h:291
	#60 0x62c50f4 in std::function<void (Depsgraph)>::operator()(Depsgraph) const (/home/jacques/blender-git/build_linux/bin/blender+0x62c50f4)
	#61 0x62be14f in evaluate_node /home/jacques/blender-git/blender/source/blender/depsgraph/intern/eval/deg_eval.cc:118
	#62 0x62be1cf in deg_task_run_func /home/jacques/blender-git/blender/source/blender/depsgraph/intern/eval/deg_eval.cc:129
	#63 0x21972f9a in Task::operator()() const /home/jacques/blender-git/blender/source/blender/blenlib/intern/task_pool.cc:178
	#64 0x2197860e in tbb::internal::function_task<Task>::execute() /home/jacques/blender-git/lib/linux_centos7_x86_64/tbb/include/tbb/task.h:1059
	#65 0x51e2994 in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::process_bypass_loop(tbb::internal::context_guard_helper<false>&, tbb::task*, long) (/home/jacques/blender-git/build_linux/bin/blender+0x51e2994)
	#66 0x51e2c4a in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::local_wait_for_all(tbb::task&, tbb::task*) (/home/jacques/blender-git/build_linux/bin/blender+0x51e2c4a)
	#67 0x51d1886 in tbb::internal::arena::process(tbb::internal::generic_scheduler&) (/home/jacques/blender-git/build_linux/bin/blender+0x51d1886)
	#68 0x51dc69f in tbb::internal::market::process(rml::job&) (/home/jacques/blender-git/build_linux/bin/blender+0x51dc69f)
	#69 0x51de6cb in tbb::internal::rml::private_worker::run() (/home/jacques/blender-git/build_linux/bin/blender+0x51de6cb)
	#70 0x51de8c8 in tbb::internal::rml::private_worker::thread_routine(void*) (/home/jacques/blender-git/build_linux/bin/blender+0x51de8c8)
	#71 0x7ffff7593258 in start_thread (/usr/lib/libpthread.so.0+0x9258)
	#72 0x7ffff70cd5e2 in __GI___clone (/usr/lib/libc.so.6+0xfe5e2)

	Address 0x7fffa8606b60 is located in stack of thread T77 at offset 512 in frame
	#0 0x213683c7 in incircleadapt /home/jacques/blender-git/blender/source/blender/blenlib/intern/math_boolean.cc:1313

	This frame has 70 object(s):
	[32, 64) 'bc' (line 1319)
	[96, 128) 'ca' (line 1319)
	[160, 192) 'ab' (line 1319)
	[224, 256) 'aa' (line 1336)
	[288, 320) 'bb' (line 1336)
	[352, 384) 'cc' (line 1336)
	[416, 448) 'u' (line 1340)
	[480, 512) 'v' (line 1340) <== Memory access at offset 512 overflows this variable
	[544, 576) 'abtt' (line 1361)
	[608, 640) 'bctt' (line 1361)
	[672, 704) 'catt' (line 1361)
	[736, 800) 'axbc' (line 1321)
	[832, 896) 'aybc' (line 1321)
	[928, 992) 'bxca' (line 1323)
	[1024, 1088) 'byca' (line 1323)
	[1120, 1184) 'cxab' (line 1325)
	[1216, 1280) 'cyab' (line 1325)
	[1312, 1376) 'temp8' (line 1342)
	[1408, 1472) 'axtbb' (line 1346)
	[1504, 1568) 'axtcc' (line 1346)
	[1600, 1664) 'aytbb' (line 1346)
	[1696, 1760) 'aytcc' (line 1346)
	[1792, 1856) 'bxtaa' (line 1348)
	[1888, 1952) 'bxtcc' (line 1348)
	[1984, 2048) 'bytaa' (line 1348)
	[2080, 2144) 'bytcc' (line 1348)
	[2176, 2240) 'cxtaa' (line 1350)
	[2272, 2336) 'cxtbb' (line 1350)
	[2368, 2432) 'cytaa' (line 1350)
	[2464, 2528) 'cytbb' (line 1350)
	[2560, 2624) 'axtbc' (line 1352)
	[2656, 2720) 'aytbc' (line 1352)
	[2752, 2816) 'bxtca' (line 1352)
	[2848, 2912) 'bytca' (line 1352)
	[2944, 3008) 'cxtab' (line 1352)
	[3040, 3104) 'cytab' (line 1352)
	[3136, 3200) 'axtbctt' (line 1356)
	[3232, 3296) 'aytbctt' (line 1356)
	[3328, 3392) 'bxtcatt' (line 1356)
	[3424, 3488) 'bytcatt' (line 1357)
	[3520, 3584) 'cxtabtt' (line 1357)
	[3616, 3680) 'cytabtt' (line 1357)
	[3712, 3776) 'abt' (line 1359)
	[3808, 3872) 'bct' (line 1359)
	[3904, 3968) 'cat' (line 1359)
	[4000, 4128) 'axxbc' (line 1321)
	[4160, 4288) 'ayybc' (line 1321)
	[4320, 4448) 'bxxca' (line 1323)
	[4480, 4608) 'byyca' (line 1323)
	[4640, 4768) 'cxxab' (line 1325)
	[4800, 4928) 'cyyab' (line 1325)
	[4960, 5088) 'temp16a' (line 1342)
	[5120, 5248) 'temp16b' (line 1342)
	[5280, 5408) 'temp16c' (line 1342)
	[5440, 5568) 'axtbct' (line 1354)
	[5600, 5728) 'aytbct' (line 1354)
	[5760, 5888) 'bxtcat' (line 1354)
	[5920, 6048) 'bytcat' (line 1354)
	[6080, 6208) 'cxtabt' (line 1354)
	[6240, 6368) 'cytabt' (line 1354)
	[6400, 6656) 'adet' (line 1321)
	[6720, 6976) 'bdet' (line 1323)
	[7040, 7296) 'cdet' (line 1325)
	[7360, 7616) 'temp32a' (line 1343)
	[7680, 7936) 'temp32b' (line 1343)
	[8000, 8384) 'temp48' (line 1343)
	[8448, 8960) 'abdet' (line 1327)
	[9024, 9536) 'temp64' (line 1343)
	[9600, 18816) 'fin1' (line 1329)
	[19072, 28288) 'fin2' (line 1329)
	HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
	(longjmp and C++ exceptions are supported)
	Thread T77 created by T64 here:
	#0 0x7ffff7608fa7 in __interceptor_pthread_create /build/gcc/src/gcc/libsanitizer/asan/asan_interceptors.cpp:216
	#1 0x51de5b8 in tbb::internal::rml::private_server::wake_some(int) (/home/jacques/blender-git/build_linux/bin/blender+0x51de5b8)
	#2 0x62d0000899ff (<unknown module>)

	Thread T64 created by T60 here:
	#0 0x7ffff7608fa7 in __interceptor_pthread_create /build/gcc/src/gcc/libsanitizer/asan/asan_interceptors.cpp:216
	#1 0x51de5b8 in tbb::internal::rml::private_server::wake_some(int) (/home/jacques/blender-git/build_linux/bin/blender+0x51de5b8)
	#2 0x60c000175fbf (<unknown module>)

	Thread T60 created by T59 here:
	#0 0x7ffff7608fa7 in __interceptor_pthread_create /build/gcc/src/gcc/libsanitizer/asan/asan_interceptors.cpp:216
	#1 0x51de5b8 in tbb::internal::rml::private_server::wake_some(int) (/home/jacques/blender-git/build_linux/bin/blender+0x51de5b8)
	#2 0x60c00016bfff (<unknown module>)

	Thread T59 created by T57 here:
	#0 0x7ffff7608fa7 in __interceptor_pthread_create /build/gcc/src/gcc/libsanitizer/asan/asan_interceptors.cpp:216
	#1 0x51de5b8 in tbb::internal::rml::private_server::wake_some(int) (/home/jacques/blender-git/build_linux/bin/blender+0x51de5b8)
	#2 0x60c00015ffff (<unknown module>)

	Thread T57 created by T0 here:
	#0 0x7ffff7608fa7 in __interceptor_pthread_create /build/gcc/src/gcc/libsanitizer/asan/asan_interceptors.cpp:216
	#1 0x51de5b8 in tbb::internal::rml::private_server::wake_some(int) (/home/jacques/blender-git/build_linux/bin/blender+0x51de5b8)
	#2 0x60c00015957f (<unknown module>)

	SUMMARY: AddressSanitizer: stack-buffer-overflow /home/jacques/blender-git/blender/source/blender/blenlib/intern/math_boolean.cc:522 in fast_expansion_sum_zeroelim
	Shadow bytes around the buggy address:
	0x1000750b8d10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
	0x1000750b8d20: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
	0x1000750b8d30: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2
	0x1000750b8d40: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2
	0x1000750b8d50: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2
	=>0x1000750b8d60: 00 00 00 00 f2 f2 f2 f2 00 00 00 00[f2]f2 f2 f2
	0x1000750b8d70: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2
	0x1000750b8d80: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 00 00 00 00
	0x1000750b8d90: f2 f2 f2 f2 00 00 00 00 00 00 00 00 f2 f2 f2 f2
	0x1000750b8da0: 00 00 00 00 00 00 00 00 f2 f2 f2 f2 00 00 00 00
	0x1000750b8db0: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 00 00 00 00
	Shadow byte legend (one shadow byte represents 8 application bytes):
	Addressable: 00
	Partially addressable: 01 02 03 04 05 06 07
	Heap left redzone: fa
	Freed heap region: fd
	Stack left redzone: f1
	Stack mid redzone: f2
	Stack right redzone: f3
	Stack after return: f5
	Stack use after scope: f8
	Global redzone: f9
	Global init order: f6
	Poisoned by user: f7
	Container overflow: fc
	Array cookie: ac
	Intra object redzone: bb
	ASan internal: fe
	Left alloca redzone: ca
	Right alloca redzone: cb
	Shadow gap: cc
	==170059==ABORTING

Event Timeline

Jacques Lucke (JacquesLucke) created this paste.Feb 8 2022, 1:16 PM

Jacques Lucke (JacquesLucke) mentioned this in T95518: Glitches with Curve Fill Node.

(An Untitled Masterwork)ActivePublicActions

Event Timeline

(An Untitled Masterwork)
ActivePublic
Actions