search

favreau / bullet

Automatically exported from code.google.com/p/bullet
0 stars 0 forks source link

SpuGatheringCollisionDispatcher Crash with empty Scene #579

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Use SpuGatheringCollisionDispatcher 
2. Use an empty Scene

What is the expected output? What do you see instead?

Crash on Line 209 in SpuGatheringCollisionDispatcher.cpp because the pairCache 
is empty and the getOverlappingPairArrayPtr() Function is called. It is likely 
that a simple if statement will correct this crash.

What version of the product are you using? On what operating system?
SVN-2466, Windows 7

Original issue reported on code.google.com by knox31...@googlemail.com on 14 Dec 2011 at 9:37

GoogleCodeExporter commented 9 years ago 
We can make the getOverlappingPairArrayPtr() functions safe, returning a 0 
pointer.
Then the called needs to check of course, but usually you will iterate over the 
number of overlapping objects, so for 0 overlaps it is safe.

Original comment by erwin.coumans on 11 Jan 2012 at 8:30

GoogleCodeExporter commented 9 years ago 
Securing the Function isn't the right way. This will be slow...

The Problem is this: 

SpuGatheringCollisionDispatcher.cpp Line 209:
        //send one big batch
        int numTotalPairs = pairCache->getNumOverlappingPairs();

--> Error   btBroadphasePair* pairPtr = pairCache->getOverlappingPairArrayPtr();
        int i;

This Error is there, because getOverlappingPairArrayPtr() accesses a null 
Pointer in the pairCache (numTotalPairs is 0). A simple if-Statement will 
correct this here. (Don't call getOverlappingPairArrayPtr() if 
getNumOverlappingPairs() is 0).

Explanation:
getOverlappingPairArrayPtr() accesses a btBroadphasePairArray which is a 
btAlignedObjectArray via the statement "return &m_overlappingPairArray[0];". So 
far so good. But overlappingPairArray[0] accesses the Pointer m_data[0] which 
crashed because m_data is NULL if the size is 0.

Hope you correct this Error. It's really confusing for simple initialisation 
tests...

Original comment by knox31...@googlemail.com on 11 Jan 2012 at 9:52

GoogleCodeExporter commented 9 years ago 
This issue was closed by revision r2483.

Original comment by erwin.coumans on 23 Jan 2012 at 10:04

GoogleCodeExporter commented 9 years ago 
Calls to getOverlappingPairArrayPtr likely happen very infrequent, so just a 
single 0 pointer check shouldn't be slow.

Anyway, I committed the fix as you suggested. Please reply if you still hit an 
error.

Original comment by erwin.coumans on 23 Jan 2012 at 10:05

GoogleCodeExporter commented 9 years ago 
Tested and Fixed. thx

Original comment by knox31...@googlemail.com on 25 Jan 2012 at 1:35