Memory corruption when freeing custom bone shape objects
Closed, ResolvedPublic
Actions

Description

System Information
Win7 x64, GTX 560

Blender Version
Broken: git latest (193dd134)
Worked: unknown

There are memory corruption errors when freeing the custom bone object ("smd_bone_vis") in the attached blend file. They doesn't actually crash Blender, but do cause the Windows debug CRT to raise an exception.

Exact steps for others to reproduce the error

Open the attached file with a debug build, or with the MSVC 11 or 12 debugger attached
Unload the blend (e.g. re-open the file)
Observe console warnings and/or CRT breakpoint

Running the script in the blend to remove the bone shapes eliminates the problem.

Revisions and Commits

rB Blender
	D137	rB122e2b4bfa02 Fix T37709: Memory corruption when freeing custom bone shape objects
rBAC Blender Add-ons Contrib
	D137	rBAC122e2b4bfa02 Fix T37709: Memory corruption when freeing custom bone shape objects

Event Timeline

Tom Edwards (artfunkel) created this task.Dec 5 2013, 4:22 PM

Tom Edwards (artfunkel) raised the priority of this task from to 90.

Tom Edwards (artfunkel) updated the task description. (Show Details)

Tom Edwards (artfunkel) added projects: BF Blender, Animation & Rigging.

Tom Edwards (artfunkel) edited a custom field.

Tom Edwards (artfunkel) added a subscriber: Tom Edwards (artfunkel).

Tom Edwards (artfunkel) attached 1 file(s): F36579: bone_shape_crash.blend.Dec 5 2013, 4:43 PM

I don't see any issues with the attached file. Also don't see smd_bone_vis object there. Is it that exact file you've been intending to share? :)

Ah, found the object now. It's in "Blend FIle" of outliner but not in "datablocks", which seems a bit strange for me. Also, what does it exactly means "freeing custom bone object"? Just removing it?

By "freeing custom bone object" I mean that the error occurs while freeing the scene if there are custom bones present. I missed out the all-important repro step #2 of opening a new file, sorry!

Edit: I can't edit the report, even though the error message says that the bug owner always can..?

Weird that it's not in Datablocks too, it's right there for me.

Cant redo the bug, tried running the script in bone_shape_crash.blend then removing the scene. No error printed.

Removing the scene won't repro, you need to unload the whole blend file.

It turns out that the appearance of console errors differs between builds, but the bug remains. Add a breakpoint at action.c:720 (the id_us_min call in BKE_pose_channel_free) and you'll see that pchan->custom has already been freed.

Can indeed see an error in valgrind. We had such kind of issues before, but still not sure what would be the proper way to solve this.

Tom Edwards (artfunkel) updated the task description. (Show Details)Dec 6 2013, 5:20 PM

Ok, I can redo the bug now too,
Simple fix would be for pose-bones not to be object users.

(IIRC they weren't always object users)

Can remember bones's custom shapes became user-counted on purpose. Will look into the reason of this and try to solve wrong memory read..

Sergey Sharybin (sergey) edited this Maniphest Task.Dec 24 2013, 11:06 AM

Sergey Sharybin (sergey) edited this Maniphest Task.Dec 25 2013, 12:53 PM

Closed by commit rB122e2b4bfa02.

Sergey Sharybin (sergey) edited this Maniphest Task.May 12 2014, 4:33 PM

Memory corruption when freeing custom bone shape objectsClosed, ResolvedPublicActions

Description

Revisions and Commits

Event Timeline

Memory corruption when freeing custom bone shape objects
Closed, ResolvedPublic
Actions