Page MenuHome
Create Task
Maniphest T102238

Geometry Node: Memory leak -> EXCEPTION_ACCESS_VIOLATION -> EXCEPTION_INT_DIVIDE_BY_ZERO.
Closed, ResolvedPublicBUG
Actions

Description

System Information
Operating system: Windows-10-10.0.19043-SP0 64 Bits
Graphics card: NVIDIA GeForce GTX 1070/PCIe/SSE2 NVIDIA Corporation 4.5.0 NVIDIA 512.15

Blender Version
Broken: version: 3.4.0 Alpha, branch: master, commit date: 2022-10-03 00:19, hash: rBd4d40f3b69d8

Short description of error

rBacf083a5bfc8 and previousrB0a85288462derB0348bc88e4c1 and next
Error: Not freed memory blocks: 2, total unfreed memory 0.000015 MBError : EXCEPTION_ACCESS_VIOLATIONError : EXCEPTION_INT_DIVIDE_BY_ZERO
xgbntg.blend809 KBDownload
bug 133.blend1 MBDownload
Error: Not freed memory blocks: 2, total unfreed memory 0.000015 MBError: Not freed memory blocks: 4294967293, total unfreed memory 0.000000 MBError : EXCEPTION_ACCESS_VIOLATION / EXCEPTION_INT_DIVIDE_BY_ZERO or Error: Not freed memory blocks: 4294967291, total unfreed memory 17592180772377.822266 MB

In recent versions, it all depends on whether the attempt to free memory will be in the available area (overflowed int megabytes freed?) or in the system area (deny access) or division by 0 (size of freed memory)

Message in the console after crashing

1:
Error: Not freed memory blocks: 2, total unfreed memory 0.000015 MB

2:
Error: Not freed memory blocks: 4294967293, total unfreed memory 0.000000 MB

3:
Error : EXCEPTION_ACCESS_VIOLATION

User message:
Error : EXCEPTION_INT_DIVIDE_BY_ZERO

Exact steps for others to reproduce the error
In the attached .blend

  • change the value in the value node a couple of times.

bug.blend1 MBDownload

On the default cube

  1. Add a geometry node modifier and create a new group.
  2. Add a delete geometry node between the input and output.
  3. Connect the delete node's selection input to an input socket.
  4. Add a value node and connect it to an output socket.
  5. In the modifier panel, assign a name to the output attribute.
  6. Change the value node's value a couple of times and it will crash.

crash_example.mkv3 MBDownload

Revisions and Commits

rB Blender
rBe031a45d6026 Fix T102238: double free when storing attribute on empty geometry

Related Objects

Event Timeline

Daniel Hickox (DanielJH) created this task.Nov 2 2022, 7:39 PM
Iliya Katueshenock (Moder) added a subscriber: Iliya Katueshenock (Moder).Nov 2 2022, 7:54 PM

Thanks for the report. I can confirm. But the problem is, based on my investigation, I need to edit your report a bit. This will be information about how this bug changed.

Daniel Hickox (DanielJH) added a comment.Nov 2 2022, 8:02 PM

Thanks, feel free to edit in more info/corrections, that was just my best guess based on how I was able to reproduce it.

Iliya Katueshenock (Moder) renamed this task from Div by zero crash on geometry nodetrees that produce empty geometry with output attributes. to Geometry Node: Memory leak -> EXCEPTION_ACCESS_VIOLATION -> EXCEPTION_INT_DIVIDE_BY_ZERO..Nov 2 2022, 8:15 PM
Iliya Katueshenock (Moder) changed the task status from Needs Triage to Confirmed.
Iliya Katueshenock (Moder) triaged this task as High priority.
Iliya Katueshenock (Moder) updated the task description. (Show Details)
Iliya Katueshenock (Moder) added projects: Geometry Nodes, Nodes & Physics.
Iliya Katueshenock (Moder) updated the task description. (Show Details)
Iliya Katueshenock (Moder) updated the task description. (Show Details)
Iliya Katueshenock (Moder) updated the task description. (Show Details)
Jacques Lucke (JacquesLucke) added subscribers: Hans Goudey (HooglyBoogly), Jacques Lucke (JacquesLucke).Nov 6 2022, 3:29 PM

@Hans Goudey (HooglyBoogly) Currently it is not very well defined whether customData_add_layer__internal takes ownership of the layerdata or not. Especially when totelem == 0 it's tricky, because the function just frees the pointer which is not possible to detect from the outside. Do you have an idea for how the situation could be improved? We could pass in void **layerdata, then the caller could check whether that has been set to null, indicating that the function took ownership.

Hans Goudey (HooglyBoogly) added a comment.Nov 6 2022, 3:39 PM

Currently it is not very well defined whether customData_add_layer__internal takes ownership of the layerdata or not

Hmm, I'm not sure I agree. With CD_ASSIGN, the function takes ownership of the array. For all other modes, no ownership is transferred.
I think that's relatively straightforward, but I didn't look into this bug specifically yet so I don't know the full problem.

Jacques Lucke (JacquesLucke) added a comment.Nov 6 2022, 10:25 PM

Not quite true, the function has an early return. If the function always takes ownership then the MEM_freeN in the MoveArray case in add_builtin_type_custom_data_layer_from_init does not make sense.

Hans Goudey (HooglyBoogly) changed the subtype of this task from "Report" to "Bug".Nov 7 2022, 9:30 AM

Okay, I see. Anyway, that's the design we should move to I think.

Jacques Lucke (JacquesLucke) closed this task as Resolved by committing rBe031a45d6026: Fix T102238: double free when storing attribute on empty geometry.Nov 7 2022, 11:42 AM
Jacques Lucke (JacquesLucke) claimed this task.
Jacques Lucke (JacquesLucke) added a commit: rBe031a45d6026: Fix T102238: double free when storing attribute on empty geometry.