Crash when manipulating Gradient inside NoiseTexture2D

Godot version

4.0.beta.custom_build. f3e6750a7

System information

Ubuntu 22.04 - Radeon RX 570, Gnome shell 42 X11

Issue description

=================================================================
==79796==ERROR: AddressSanitizer: heap-use-after-free on address 0x60d0029f5c04 at pc 0x000003ed3896 bp 0x7fe795bc93d0 sp 0x7fe795bc93c0
READ of size 4 at 0x60d0029f5c04 thread T56
    #0 0x3ed3895 in Gradient::get_color_at_offset(float) scene/resources/gradient.h:116
    #1 0x846169f in NoiseTexture2D::_modulate_with_gradient(Ref<Image>, Ref<Gradient>) modules/noise/noise_texture_2d.cpp:184
    #2 0x8460679 in NoiseTexture2D::_generate_texture() modules/noise/noise_texture_2d.cpp:163
    #3 0x845e9b4 in NoiseTexture2D::_thread_function(void*) modules/noise/noise_texture_2d.cpp:135
    #4 0x1d3b071d in Thread::callback(Thread*, Thread::Settings const&, void (*)(void*), void*) core/os/thread.cpp:65
    #5 0x1d3b4711 in void std::__invoke_impl<void, void (*)(Thread*, Thread::Settings const&, void (*)(void*), void*), Thread*, Thread::Settings, void (*)(void*), void*>(std::__invoke_other, void (*&&)(Thread*, Thread::Settings const&, void (*)(void*), void*), Thread*&&, Thread::Settings&&, void (*&&)(void*), void*&&) /usr/include/c++/11/bits/invoke.h:61
    #6 0x1d3b4323 in std::__invoke_result<void (*)(Thread*, Thread::Settings const&, void (*)(void*), void*), Thread*, Thread::Settings, void (*)(void*), void*>::type std::__invoke<void (*)(Thread*, Thread::Settings const&, void (*)(void*), void*), Thread*, Thread::Settings, void (*)(void*), void*>(void (*&&)(Thread*, Thread::Settings const&, void (*)(void*), void*), Thread*&&, Thread::Settings&&, void (*&&)(void*), void*&&) /usr/include/c++/11/bits/invoke.h:96
    #7 0x1d3b3d93 in void std::thread::_Invoker<std::tuple<void (*)(Thread*, Thread::Settings const&, void (*)(void*), void*), Thread*, Thread::Settings, void (*)(void*), void*> >::_M_invoke<0ul, 1ul, 2ul, 3ul, 4ul>(std::_Index_tuple<0ul, 1ul, 2ul, 3ul, 4ul>) /usr/include/c++/11/bits/std_thread.h:253
    #8 0x1d3b39ed in std::thread::_Invoker<std::tuple<void (*)(Thread*, Thread::Settings const&, void (*)(void*), void*), Thread*, Thread::Settings, void (*)(void*), void*> >::operator()() /usr/include/c++/11/bits/std_thread.h:260
    #9 0x1d3b39a1 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (*)(Thread*, Thread::Settings const&, void (*)(void*), void*), Thread*, Thread::Settings, void (*)(void*), void*> > >::_M_run() /usr/include/c++/11/bits/std_thread.h:211
    #10 0x205e60e3 in execute_native_thread_routine (/usr/bin/godot4s+0x205e60e3)
    #11 0x7fe808f95b42 in start_thread nptl/pthread_create.c:442
    #12 0x7fe8090279ff  (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)

0x60d0029f5c04 is located 116 bytes inside of 144-byte region [0x60d0029f5b90,0x60d0029f5c20)
freed by thread T0 here:
    #0 0x7fe8098f9c18 in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:164
    #1 0x1d39eaa9 in Memory::realloc_static(void*, unsigned long, bool) core/os/memory.cpp:129
    #2 0x40f3b54 in Error CowData<Gradient::Point>::resize<false>(int) core/templates/cowdata.h:296
    #3 0x40a5fe1 in Vector<Gradient::Point>::resize(int) core/templates/vector.h:91
    #4 0x174fa9b7 in Gradient::set_offsets(Vector<float> const&) scene/resources/gradient.cpp:111
    #5 0x17514bff in void call_with_variant_args_helper<__UnexistingClass, Vector<float> const&, 0ul>(__UnexistingClass*, void (__UnexistingClass::*)(Vector<float> const&), Variant const**, Callable::CallError&, IndexSequence<0ul>) core/variant/binder_common.h:262
    #6 0x1751166a in void call_with_variant_args_dv<__UnexistingClass, Vector<float> const&>(__UnexistingClass*, void (__UnexistingClass::*)(Vector<float> const&), Variant const**, int, Callable::CallError&, Vector<Variant> const&) core/variant/binder_common.h:409
    #7 0x1750e2a8 in MethodBindT<Vector<float> const&>::call(Object*, Variant const**, int, Callable::CallError&) const core/object/method_bind.h:320
    #8 0x1eba130a in Object::callp(StringName const&, Variant const**, int, Callable::CallError&) core/object/object.cpp:733
    #9 0x1dfaa195 in Callable::callp(Variant const**, int, Variant&, Callable::CallError&) const core/variant/callable.cpp:62
    #10 0x1dfba75c in CallableCustomBind::call(Variant const**, int, Variant&, Callable::CallError&) const core/variant/callable_bind.cpp:99
    #11 0x1dfa975c in Callable::callp(Variant const**, int, Variant&, Callable::CallError&) const core/variant/callable.cpp:50
    #12 0x1eca5c1b in UndoRedo::_process_operation_list(List<UndoRedo::Operation, DefaultAllocator>::Element*) core/object/undo_redo.cpp:318
    #13 0x1ec9ad5f in UndoRedo::_redo(bool) core/object/undo_redo.cpp:75
    #14 0x1eca4aee in UndoRedo::commit_action(bool) core/object/undo_redo.cpp:297
    #15 0xe0bbb18 in EditorUndoRedoManager::commit_action(bool) editor/editor_undo_redo_manager.cpp:234
    #16 0x12b5efd3 in GradientEditor::_ramp_changed() editor/plugins/gradient_editor.cpp:110
    #17 0x12b85c50 in void call_with_variant_args_helper<GradientEditor>(GradientEditor*, void (GradientEditor::*)(), Variant const**, Callable::CallError&, IndexSequence<>) core/variant/binder_common.h:262
    #18 0x12b851f5 in void call_with_variant_args<GradientEditor>(GradientEditor*, void (GradientEditor::*)(), Variant const**, int, Callable::CallError&) core/variant/binder_common.h:376
    #19 0x12b84af2 in CallableCustomMethodPointer<GradientEditor>::call(Variant const**, int, Variant&, Callable::CallError&) const core/object/callable_method_pointer.h:104
    #20 0x1dfa975c in Callable::callp(Variant const**, int, Variant&, Callable::CallError&) const core/variant/callable.cpp:50
    #21 0x1ebacf1c in Object::emit_signalp(StringName const&, Variant const**, int) core/object/object.cpp:1046
    #22 0x7f86a0e in Error Object::emit_signal<>(StringName const&) core/object/object.h:868
    #23 0x12b69128 in GradientEditor::gui_input(Ref<InputEvent> const&) editor/plugins/gradient_editor.cpp:310
    #24 0x140bbe3d in Control::_call_gui_input(Ref<InputEvent> const&) scene/gui/control.cpp:1713
    #25 0x13a95d3c in Viewport::_gui_call_input(Control*, Ref<InputEvent> const&) scene/main/viewport.cpp:1326
    #26 0x13a9f598 in Viewport::_gui_input_event(Ref<InputEvent>) scene/main/viewport.cpp:1559
    #27 0x13adc38a in Viewport::push_input(Ref<InputEvent> const&, bool) scene/main/viewport.cpp:2796
    #28 0x13c5d46a in Window::_window_input(Ref<InputEvent> const&) scene/main/window.cpp:1089
    #29 0x13d3afda in void call_with_variant_args_helper<Window, Ref<InputEvent> const&, 0ul>(Window*, void (Window::*)(Ref<InputEvent> const&), Variant const**, Callable::CallError&, IndexSequence<0ul>) core/variant/binder_common.h:262

previously allocated by thread T0 here:
    #0 0x7fe8098f9c18 in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:164
    #1 0x1d39eaa9 in Memory::realloc_static(void*, unsigned long, bool) core/os/memory.cpp:129
    #2 0x40f412f in Error CowData<Gradient::Point>::resize<false>(int) core/templates/cowdata.h:326
    #3 0x40a5fe1 in Vector<Gradient::Point>::resize(int) core/templates/vector.h:91
    #4 0x174fa9b7 in Gradient::set_offsets(Vector<float> const&) scene/resources/gradient.cpp:111
    #5 0x17514bff in void call_with_variant_args_helper<__UnexistingClass, Vector<float> const&, 0ul>(__UnexistingClass*, void (__UnexistingClass::*)(Vector<float> const&), Variant const**, Callable::CallError&, IndexSequence<0ul>) core/variant/binder_common.h:262
    #6 0x1751166a in void call_with_variant_args_dv<__UnexistingClass, Vector<float> const&>(__UnexistingClass*, void (__UnexistingClass::*)(Vector<float> const&), Variant const**, int, Callable::CallError&, Vector<Variant> const&) core/variant/binder_common.h:409
    #7 0x1750e2a8 in MethodBindT<Vector<float> const&>::call(Object*, Variant const**, int, Callable::CallError&) const core/object/method_bind.h:320
    #8 0x1eba130a in Object::callp(StringName const&, Variant const**, int, Callable::CallError&) core/object/object.cpp:733
    #9 0x1dfaa195 in Callable::callp(Variant const**, int, Variant&, Callable::CallError&) const core/variant/callable.cpp:62
    #10 0x1dfba75c in CallableCustomBind::call(Variant const**, int, Variant&, Callable::CallError&) const core/variant/callable_bind.cpp:99
    #11 0x1dfa975c in Callable::callp(Variant const**, int, Variant&, Callable::CallError&) const core/variant/callable.cpp:50
    #12 0x1eca5c1b in UndoRedo::_process_operation_list(List<UndoRedo::Operation, DefaultAllocator>::Element*) core/object/undo_redo.cpp:318
    #13 0x1ec9ad5f in UndoRedo::_redo(bool) core/object/undo_redo.cpp:75
    #14 0x1eca4aee in UndoRedo::commit_action(bool) core/object/undo_redo.cpp:297
    #15 0xe0bbb18 in EditorUndoRedoManager::commit_action(bool) editor/editor_undo_redo_manager.cpp:234
    #16 0x12b5efd3 in GradientEditor::_ramp_changed() editor/plugins/gradient_editor.cpp:110
    #17 0x12b85c50 in void call_with_variant_args_helper<GradientEditor>(GradientEditor*, void (GradientEditor::*)(), Variant const**, Callable::CallError&, IndexSequence<>) core/variant/binder_common.h:262
    #18 0x12b851f5 in void call_with_variant_args<GradientEditor>(GradientEditor*, void (GradientEditor::*)(), Variant const**, int, Callable::CallError&) core/variant/binder_common.h:376
    #19 0x12b84af2 in CallableCustomMethodPointer<GradientEditor>::call(Variant const**, int, Variant&, Callable::CallError&) const core/object/callable_method_pointer.h:104
    #20 0x1dfa975c in Callable::callp(Variant const**, int, Variant&, Callable::CallError&) const core/variant/callable.cpp:50
    #21 0x1ebacf1c in Object::emit_signalp(StringName const&, Variant const**, int) core/object/object.cpp:1046
    #22 0x7f86a0e in Error Object::emit_signal<>(StringName const&) core/object/object.h:868
    #23 0x12b6491f in GradientEditor::gui_input(Ref<InputEvent> const&) editor/plugins/gradient_editor.cpp:217
    #24 0x140bbe3d in Control::_call_gui_input(Ref<InputEvent> const&) scene/gui/control.cpp:1713
    #25 0x13a95d3c in Viewport::_gui_call_input(Control*, Ref<InputEvent> const&) scene/main/viewport.cpp:1326
    #26 0x13a9f598 in Viewport::_gui_input_event(Ref<InputEvent>) scene/main/viewport.cpp:1559
    #27 0x13adc38a in Viewport::push_input(Ref<InputEvent> const&, bool) scene/main/viewport.cpp:2796
    #28 0x13c5d46a in Window::_window_input(Ref<InputEvent> const&) scene/main/window.cpp:1089
    #29 0x13d3afda in void call_with_variant_args_helper<Window, Ref<InputEvent> const&, 0ul>(Window*, void (Window::*)(Ref<InputEvent> const&), Variant const**, Callable::CallError&, IndexSequence<0ul>) core/variant/binder_common.h:262

Thread T56 created by T0 here:
    #0 0x7fe80989d685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216
    #1 0x205e61b8 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/usr/bin/godot4s+0x205e61b8)
    #2 0x1d3b0c39 in Thread::start(void (*)(void*), void*, Thread::Settings const&) core/os/thread.cpp:82
    #3 0x845e4b7 in NoiseTexture2D::_thread_done(Ref<Image> const&) modules/noise/noise_texture_2d.cpp:128
    #4 0x848d17c in void call_with_variant_args_helper<__UnexistingClass, Ref<Image> const&, 0ul>(__UnexistingClass*, void (__UnexistingClass::*)(Ref<Image> const&), Variant const**, Callable::CallError&, IndexSequence<0ul>) core/variant/binder_common.h:262
    #5 0x8488e63 in void call_with_variant_args_dv<__UnexistingClass, Ref<Image> const&>(__UnexistingClass*, void (__UnexistingClass::*)(Ref<Image> const&), Variant const**, int, Callable::CallError&, Vector<Variant> const&) core/variant/binder_common.h:409
    #6 0x848300a in MethodBindT<Ref<Image> const&>::call(Object*, Variant const**, int, Callable::CallError&) const core/object/method_bind.h:320
    #7 0x1eba130a in Object::callp(StringName const&, Variant const**, int, Callable::CallError&) core/object/object.cpp:733
    #8 0x1dfaa195 in Callable::callp(Variant const**, int, Variant&, Callable::CallError&) const core/variant/callable.cpp:62
    #9 0x1eb7a3ff in MessageQueue::_call_function(Callable const&, Variant const*, int, bool) core/object/message_queue.cpp:229
    #10 0x1eb7b4f2 in MessageQueue::flush() core/object/message_queue.cpp:275
    #11 0x13976142 in SceneTree::process(double) scene/main/scene_tree.cpp:461
    #12 0x2935dc2 in Main::iteration() main/main.cpp:3196
    #13 0x2714b89 in OS_LinuxBSD::run() platform/linuxbsd/os_linuxbsd.cpp:878
    #14 0x26f1b44 in main platform/linuxbsd/godot_linuxbsd.cpp:73
    #15 0x7fe808f2ad8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

SUMMARY: AddressSanitizer: heap-use-after-free scene/resources/gradient.h:116 in Gradient::get_color_at_offset(float)

Steps to reproduce

https://user-images.githubusercontent.com/41945903/205903226-4b0786ee-40b6-4149-96fd-5d968fbc28a8.mp4

Minimal reproduction project

N/A

This took me some time, but I was able to reproduce it

==325900==ERROR: AddressSanitizer: heap-use-after-free on address 0x616000e9da08 at pc 0x000006c238b7 bp 0x7f4f1923b650 sp 0x7f4f1923b640
READ of size 4 at 0x616000e9da08 thread T233
    #0 0x6c238b6 in Gradient::get_color_at_offset(float) scene/resources/gradient.h:116
    #1 0x6c1bfe7 in NoiseTexture2D::_modulate_with_gradient(Ref<Image>, Ref<Gradient>) modules/noise/noise_texture_2d.cpp:185
    #2 0x6c1afcb in NoiseTexture2D::_generate_texture() modules/noise/noise_texture_2d.cpp:164
    #3 0x6c192e1 in NoiseTexture2D::_thread_function(void*) modules/noise/noise_texture_2d.cpp:136
    #4 0x1beb1ccf in Thread::callback(Thread*, Thread::Settings const&, void (*)(void*), void*) core/os/thread.cpp:65
    #5 0x1beb5c6d in void std::__invoke_impl<void, void (*)(Thread*, Thread::Settings const&, void (*)(void*), void*), Thread*, Thread::Settings, void (*)(void*), void*>(std::__invoke_other, void (*&&)(Thread*, Thread::Settings const&, void (*)(void*), void*), Thread*&&, Thread::Settings&&, void (*&&)(void*), void*&&) /usr/include/c++/12/bits/invoke.h:61
    #6 0x1beb587f in std::__invoke_result<void (*)(Thread*, Thread::Settings const&, void (*)(void*), void*), Thread*, Thread::Settings, void (*)(void*), void*>::type std::__invoke<void (*)(Thread*, Thread::Settings const&, void (*)(void*), void*), Thread*, Thread::Settings, void (*)(void*), void*>(void (*&&)(Thread*, Thread::Settings const&, void (*)(void*), void*), Thread*&&, Thread::Settings&&, void (*&&)(void*), void*&&) /usr/include/c++/12/bits/invoke.h:96
    #7 0x1beb52ef in void std::thread::_Invoker<std::tuple<void (*)(Thread*, Thread::Settings const&, void (*)(void*), void*), Thread*, Thread::Settings, void (*)(void*), void*> >::_M_invoke<0ul, 1ul, 2ul, 3ul, 4ul>(std::_Index_tuple<0ul, 1ul, 2ul, 3ul, 4ul>) /usr/include/c++/12/bits/std_thread.h:252
    #8 0x1beb4f49 in std::thread::_Invoker<std::tuple<void (*)(Thread*, Thread::Settings const&, void (*)(void*), void*), Thread*, Thread::Settings, void (*)(void*), void*> >::operator()() /usr/include/c++/12/bits/std_thread.h:259
    #9 0x1beb4efd in std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (*)(Thread*, Thread::Settings const&, void (*)(void*), void*), Thread*, Thread::Settings, void (*)(void*), void*> > >::_M_run() /usr/include/c++/12/bits/std_thread.h:210
    #10 0x1f193082 in execute_native_thread_routine (/home/rafal/Downloads/godot-grid-ient/bin/godot.linuxbsd.editor.dev.x86_64.san+0x1f193082)
    #11 0x7f4f8d490401 in start_thread nptl/pthread_create.c:442
    #12 0x7f4f8d51f58f in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

0x616000e9da08 is located 136 bytes inside of 528-byte region [0x616000e9d980,0x616000e9db90)
freed by thread T0 here:
    #0 0x7f4f8e0be720 in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:85
    #1 0x1be9fdbd in Memory::realloc_static(void*, unsigned long, bool) core/os/memory.cpp:129
    #2 0x15f475cf in Error CowData<Gradient::Point>::resize<false>(int) core/templates/cowdata.h:326
    #3 0x15f4b58c in CowData<Gradient::Point>::remove_at(int) core/templates/cowdata.h:171
    #4 0x15f465b9 in Vector<Gradient::Point>::remove_at(int) core/templates/vector.h:73
    #5 0x15f3b16f in Gradient::remove_point(int) scene/resources/gradient.cpp:147
    #6 0xe4ec1db in GradientEditorRect::gui_input(Ref<InputEvent> const&) editor/plugins/gradient_editor_plugin.cpp:342
    #7 0x12b00500 in Control::_call_gui_input(Ref<InputEvent> const&) scene/gui/control.cpp:1727
    #8 0x124a995a in Viewport::_gui_call_input(Control*, Ref<InputEvent> const&) scene/main/viewport.cpp:1331
    #9 0x124b536f in Viewport::_gui_input_event(Ref<InputEvent>) scene/main/viewport.cpp:1608
    #10 0x124f0ee4 in Viewport::push_input(Ref<InputEvent> const&, bool) scene/main/viewport.cpp:2801
    #11 0x1267a855 in Window::_window_input(Ref<InputEvent> const&) scene/main/window.cpp:1307
    #12 0x1277bf47 in void call_with_variant_args_helper<Window, Ref<InputEvent> const&, 0ul>(Window*, void (Window::*)(Ref<InputEvent> const&), Variant const**, Callable::CallError&, IndexSequence<0ul>) core/variant/binder_common.h:262
    #13 0x12768310 in void call_with_variant_args<Window, Ref<InputEvent> const&>(Window*, void (Window::*)(Ref<InputEvent> const&), Variant const**, int, Callable::CallError&) core/variant/binder_common.h:376
    #14 0x1274f3f7 in CallableCustomMethodPointer<Window, Ref<InputEvent> const&>::call(Variant const**, int, Variant&, Callable::CallError&) const core/object/callable_method_pointer.h:104
    #15 0x1cab8f55 in Callable::callp(Variant const**, int, Variant&, Callable::CallError&) const core/variant/callable.cpp:50
    #16 0x276d005 in DisplayServerX11::_dispatch_input_event(Ref<InputEvent> const&) platform/linuxbsd/x11/display_server_x11.cpp:3307
    #17 0x276c2b6 in DisplayServerX11::_dispatch_input_events(Ref<InputEvent> const&) platform/linuxbsd/x11/display_server_x11.cpp:3278
    #18 0x1c8c9359 in Input::_parse_input_event_impl(Ref<InputEvent> const&, bool) core/input/input.cpp:669
    #19 0x1c8d2a5a in Input::flush_buffered_events() core/input/input.cpp:891
    #20 0x2795f32 in DisplayServerX11::process_events() platform/linuxbsd/x11/display_server_x11.cpp:4316
    #21 0x26d1580 in OS_LinuxBSD::run() platform/linuxbsd/os_linuxbsd.cpp:874
    #22 0x26aea6a in main platform/linuxbsd/godot_linuxbsd.cpp:73
    #23 0x7f4f8d42350f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

previously allocated by thread T0 here:
    #0 0x7f4f8e0be720 in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:85
    #1 0x1be9fdbd in Memory::realloc_static(void*, unsigned long, bool) core/os/memory.cpp:129
    #2 0x15f46f61 in Error CowData<Gradient::Point>::resize<false>(int) core/templates/cowdata.h:296
    #3 0x15f42d49 in Vector<Gradient::Point>::resize(int) core/templates/vector.h:91
    #4 0x15f463aa in Vector<Gradient::Point>::push_back(Gradient::Point) core/templates/vector.h:313
    #5 0x15f3ac37 in Gradient::add_point(float, Color const&) scene/resources/gradient.cpp:139
    #6 0xe4ea62b in GradientEditorRect::gui_input(Ref<InputEvent> const&) editor/plugins/gradient_editor_plugin.cpp:326
    #7 0x12b00500 in Control::_call_gui_input(Ref<InputEvent> const&) scene/gui/control.cpp:1727
    #8 0x124a995a in Viewport::_gui_call_input(Control*, Ref<InputEvent> const&) scene/main/viewport.cpp:1331
    #9 0x124b31e9 in Viewport::_gui_input_event(Ref<InputEvent>) scene/main/viewport.cpp:1564
    #10 0x124f0ee4 in Viewport::push_input(Ref<InputEvent> const&, bool) scene/main/viewport.cpp:2801
    #11 0x1267a855 in Window::_window_input(Ref<InputEvent> const&) scene/main/window.cpp:1307
    #12 0x1277bf47 in void call_with_variant_args_helper<Window, Ref<InputEvent> const&, 0ul>(Window*, void (Window::*)(Ref<InputEvent> const&), Variant const**, Callable::CallError&, IndexSequence<0ul>) core/variant/binder_common.h:262
    #13 0x12768310 in void call_with_variant_args<Window, Ref<InputEvent> const&>(Window*, void (Window::*)(Ref<InputEvent> const&), Variant const**, int, Callable::CallError&) core/variant/binder_common.h:376
    #14 0x1274f3f7 in CallableCustomMethodPointer<Window, Ref<InputEvent> const&>::call(Variant const**, int, Variant&, Callable::CallError&) const core/object/callable_method_pointer.h:104
    #15 0x1cab8f55 in Callable::callp(Variant const**, int, Variant&, Callable::CallError&) const core/variant/callable.cpp:50
    #16 0x276d005 in DisplayServerX11::_dispatch_input_event(Ref<InputEvent> const&) platform/linuxbsd/x11/display_server_x11.cpp:3307
    #17 0x276c2b6 in DisplayServerX11::_dispatch_input_events(Ref<InputEvent> const&) platform/linuxbsd/x11/display_server_x11.cpp:3278
    #18 0x1c8c9359 in Input::_parse_input_event_impl(Ref<InputEvent> const&, bool) core/input/input.cpp:669
    #19 0x1c8d2a5a in Input::flush_buffered_events() core/input/input.cpp:891
    #20 0x2795f32 in DisplayServerX11::process_events() platform/linuxbsd/x11/display_server_x11.cpp:4316
    #21 0x26d1580 in OS_LinuxBSD::run() platform/linuxbsd/os_linuxbsd.cpp:874
    #22 0x26aea6a in main platform/linuxbsd/godot_linuxbsd.cpp:73
    #23 0x7f4f8d42350f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

Thread T233 created by T0 here:
    #0 0x7f4f8e04af75 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:207
    #1 0x1f193158 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/home/rafal/Downloads/godot-grid-ient/bin/godot.linuxbsd.editor.dev.x86_64.san+0x1f193158)
    #2 0x1beb21eb in Thread::start(void (*)(void*), void*, Thread::Settings const&) core/os/thread.cpp:82
    #3 0x6c18ddf in NoiseTexture2D::_thread_done(Ref<Image> const&) modules/noise/noise_texture_2d.cpp:129
    #4 0x6c514cb in void call_with_variant_args_helper<__UnexistingClass, Ref<Image> const&, 0ul>(__UnexistingClass*, void (__UnexistingClass::*)(Ref<Image> const&), Variant const**, Callable::CallError&, IndexSequence<0ul>) core/variant/binder_common.h:262
    #5 0x6c4d2bc in void call_with_variant_args_dv<__UnexistingClass, Ref<Image> const&>(__UnexistingClass*, void (__UnexistingClass::*)(Ref<Image> const&), Variant const**, int, Callable::CallError&, Vector<Variant> const&) core/variant/binder_common.h:409
    #6 0x6c471e6 in MethodBindT<Ref<Image> const&>::call(Object*, Variant const**, int, Callable::CallError&) const core/object/method_bind.h:320
    #7 0x1d74c4e7 in Object::callp(StringName const&, Variant const**, int, Callable::CallError&) core/object/object.cpp:733
    #8 0x1cab9b14 in Callable::callp(Variant const**, int, Variant&, Callable::CallError&) const core/variant/callable.cpp:62
    #9 0x1d7257cd in MessageQueue::_call_function(Callable const&, Variant const*, int, bool) core/object/message_queue.cpp:229
    #10 0x1d72688a in MessageQueue::flush() core/object/message_queue.cpp:275
    #11 0x123852c7 in SceneTree::process(double) scene/main/scene_tree.cpp:461
    #12 0x28f4586 in Main::iteration() main/main.cpp:3193
    #13 0x26d1713 in OS_LinuxBSD::run() platform/linuxbsd/os_linuxbsd.cpp:878
    #14 0x26aea6a in main platform/linuxbsd/godot_linuxbsd.cpp:73
    #15 0x7f4f8d42350f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

SUMMARY: AddressSanitizer: heap-use-after-free scene/resources/gradient.h:116 in Gradient::get_color_at_offset(float)

godotengine / godot

Crash when manipulating Gradient inside NoiseTexture2D #69656

Godot version

System information

Issue description

Steps to reproduce

Minimal reproduction project