Closed cz-kaga closed 5 months ago
Bevy's dynamic plugin interface is almost certainly unsound, and I think this may be one such case. You may find #11969 interesting in this regard. Other bits of code that are related include dynamically_load_plugin
, the CreatePlugin
type, and the DynamicPlugin
derive.
Bevy version
0.13.2
[Optional] Relevant system information
OS: Windows 11 Pro for Workstations - 23H2 - 22631.3447 CPU: AMD Ryzen 7 4800H with Radeon Graphics 2.90 GHz GPU: NVIDIA GeForce GTX 1650Ti for Laptop RAM: 64GB Rust Version: rustc 1.77.2 (25ef9e3d8 2024-04-09) Cargo Version: cargo 1.77.2 (e52e36006 2024-03-26)
What you did
I am tring to test whether Bevy can share component type throuth different dynamic plugins(i.e. System in one dylib can detect component spawned by System in another dylib). So I create three crates inside the main project. One defines Components, Others depend this static lib and run Systems. In main.rs of this project, I enable bevy's "bevy_dynamic_plugin" feature then invoke load_plugin()
What went wrong
Whether test success or fail, dynamic_plugin should built successfully, but I encountered
Exception: Exception 0xc0000005 encountered at address 0x000000: User-mode data execution prevention (DEP) violation at location 0x00000000
and then bevy crashed.Additional information
I debug the application several times. I'm sure that dlls are successfully loaded. The last step before exception is as follows: then, it crashes: The top of trace stack is:
It appears that the address of
self
is 0x0 or 0x4 or many other address nearby 0x0, but actuallyself
has its own address. What happend when app callsplugin.build(self)
? I switched lib type to cdylib, but it makes nonsense. The content of dll is quite simple(This problem exists whether these lines are commented or not ):same to main.rs
My friend helped me checked dll content with IDA, he says the dll files I used are completely normal. Debugger of RustRover gives me assembly code, I don't know whether it can help.
As I reruned the app, I found that addresses in vtable of dyn Plugin changed unnormally.