search

godotengine / godot

Godot Engine – Multi-platform 2D and 3D game engine
https://godotengine.org
MIT License
90.82k stars 21.13k forks source link

Crash when overriding _set (?) #40393

Open IceflowRE opened 4 years ago

IceflowRE commented 4 years ago

Godot version: v3.2.2.stable.official / Steam

OS/device including version: Windows 10 / 2004

Issue description: Godot crashs, it is almost reproduceable everytime. It crashs when executing the example project. I override _set(property, value), which may lead to that crash.

Error message:

ERROR: get: FATAL: Index p_index = 7 is out of bounds (size() = 7).
   At: ./core/cowdata.h:152

Steps to reproduce: Execute the main scene.

Minimal reproduction project: gd_crash.zip

Another example replace the _read(): function with this

func _ready():
    #self.my_dict["_"] = MyType.new("1", 1)
    self._non_existent

Will lead to a crash too.

Lefl1 commented 4 years ago

Can confirm this on Manjaro Linux (5.6.16-1-MANJARO)

Godot Engine v3.2.2.stable.custom_build - https://godotengine.org
OpenGL ES 3.0 Renderer: AMD Radeon R7 200 Series (BONAIRE, DRM 3.36.0, 5.6.16-1-MANJARO, LLVM 10.0.0)
ALSA lib pcm.c:8526:(snd_pcm_recover) underrun occurred
ALSA lib pcm.c:8526:(snd_pcm_recover) underrun occurred

ERROR: get: FATAL: Index p_index = 7 is out of bounds (size() = 7).
   At: ./core/cowdata.h:152.
handle_crash: Program crashed with signal 4
Dumping the backtrace. Please include this when reporting the bug on https://github.com/godotengine/godot/issues
[1] /usr/lib/libc.so.6(+0x3c3e0) [0x7f6d760643e0] (??:0)
[2] /usr/bin/godot() [0x2a62d69] (??:?)
[3] /usr/bin/godot() [0x151223a] (??:?)
[4] /usr/bin/godot() [0x1518007] (??:?)
[5] /usr/bin/godot() [0x2aed704] (??:?)
[6] /usr/bin/godot() [0x1bfd91a] (??:?)
[7] /usr/bin/godot() [0x1c07d80] (??:?)
[8] /usr/bin/godot() [0x77dafa] (??:0)
[9] /usr/bin/godot() [0x765291] (??:0)
[10] /usr/bin/godot() [0x7544cd] (??:0)
[11] /usr/lib/libc.so.6(__libc_start_main+0xf2) [0x7f6d7604f002] (??:0)
[12] /usr/bin/godot() [0x756b8e] (??:0)
-- END OF BACKTRACE --
qarmin commented 4 years ago

This only happens when running project inside editor

Backtrace with symbols

ERROR: get: FATAL: Index p_index = 7 is out of bounds (size() = 7).
   At: ./core/cowdata.h:152.
handle_crash: Program crashed with signal 4
Dumping the backtrace. Please include this when reporting the bug on https://github.com/godotengine/godot/issues
[1] /lib/x86_64-linux-gnu/libc.so.6(+0x46210) [0x7fbfd2801210] (??:0)
[2] CowData<Variant>::get(int) const (/mnt/Miecz/godot3.2/./core/cowdata.h:152 (discriminator 7))
[3] Vector<Variant>::operator[](int) const (/mnt/Miecz/godot3.2/./core/vector.h:85)
[4] Array::operator[](int) const (/mnt/Miecz/godot3.2/core/array.cpp:81)
[5] ScriptEditorDebugger::_parse_message(String const&, Array const&) (/mnt/Miecz/godot3.2/editor/script_editor_debugger.cpp:806)
[6] ScriptEditorDebugger::_notification(int) (/mnt/Miecz/godot3.2/editor/script_editor_debugger.cpp:1508)
[7] ScriptEditorDebugger::_notificationv(int, bool) (/mnt/Miecz/godot3.2/editor/script_editor_debugger.h:60 (discriminator 14))
[8] Object::notification(int, bool) (/mnt/Miecz/godot3.2/core/object.cpp:934)
[9] SceneTree::_notify_group_pause(StringName const&, int) (/mnt/Miecz/godot3.2/scene/main/scene_tree.cpp:985)
[10] SceneTree::idle(float) (/mnt/Miecz/godot3.2/scene/main/scene_tree.cpp:525 (discriminator 3))
[11] Main::iteration() (/mnt/Miecz/godot3.2/main/main.cpp:2105)
[12] OS_X11::run() (/mnt/Miecz/godot3.2/platform/x11/os_x11.cpp:3233)
[13] godot(main+0x125) [0x141dbab] (/mnt/Miecz/godot3.2/platform/x11/godot_x11.cpp:57)
[14] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf3) [0x7fbfd27e20b3] (??:0)
[15] godot(_start+0x2e) [0x141d9ce] (??:?)
-- END OF BACKTRACE --
Przerwane (zrzut pamięci)
IceflowRE commented 4 years ago

Add another approach to crash it.

Accessing an underscore member which does not exist.

bsil78 commented 2 years ago

A project just with the following does not crash Godot in 3.4.

func _ready():
    self._non_existent

However given full example makes Godot 3.4 to crash.

After some investigations, it seems that access a Dictionary with unknown or null key makes it crash (should return null instead).

In fact _get property of MyDict (which is, by inheritence, a Variant) is accessed with an argument name "script" (from debugger reading my_dict on error below) ; which then is passed to a Dictionnary which is the root cause of crash as said in previous paragraph.

Moreover MyDict is not a dictionary ; using [""] as an accessor simply seek for property "" of MyDict, which firstly is not a legal property name and secondly does not exist in MyDict then goes to error in debugger.

bsil78 commented 2 years ago

After further investigations in order to try to reproduce with just a Dictionary in a _ready() function, it appears that an unknown key index access raises an error in Godot. Thus in example, being in debugger and getting the unkown key error when it evaluates my_dict variable for its variable panel makes Godot to crash (variables panel bug, not GD bug).

bsil78 commented 2 years ago

It seems to be related to #35011 and #34180.

IceflowRE commented 1 year ago

May we get a milestone assigned?

AThousandShips commented 1 year ago

Has any progress been made on figuring it out? It's hard to assign one of there's no real idea of how to solve it

Can you confirm this on 3.5.3? Or on the latest 3.6 beta?

IceflowRE commented 1 year ago

Editor still crashes with v3.6.beta2.official [68c507f59]