search

godotengine / godot

Godot Engine – Multi-platform 2D and 3D game engine
https://godotengine.org
MIT License
91.17k stars 21.2k forks source link

Executing `RenderSceneBuffersRD.new` function crashes Godot in its destructor, using OpenGL #90478

Open qarmin opened 7 months ago

qarmin commented 7 months ago

Tested versions

4.3.dev.custom_build https://github.com/godotengine/godot/commit/6c579280630715ff7da8310d405ef34194847294 (I found that now godot --version not prints git version of app - it is possible to restore this?)

System information

Ubuntu 22.04 CI

Issue description

When executing (this code was automatically minimized, so it is possible, that an even more "minimal" project can be created)

extends Node
func _process(delta):
    var temp_variable66 = AStar3D.new()
    temp_variable66.get_meta(StringName("5555"), Array([Array([]), Array([]), 0, 69, Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), 95, Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), Array([]), Array([])]))
    temp_variable66.is_queued_for_deletion()
    temp_variable66.get_available_point_id()
    var temp_variable71 = AStar3D.new()
    temp_variable71.has_user_signal(StringName("127.0.0.1"))
    temp_variable71.set_indexed(NodePath("127.0.0.1"), RenderSceneBuffersRD.new())

Godot crashes:

Godot Engine v4.3.dev.custom_build - https://godotengine.org
MESA: error: ZINK: failed to choose pdev
glx: failed to create drisw screen
failed to load driver: zink
WARNING: Could not set V-Sync mode. V-Sync is not supported.
     at: set_use_vsync (platform/linuxbsd/x11/gl_manager_x11.cpp:374)
OpenGL API 4.5 (Core Profile) Mesa 23.3.6 - kisak-mesa PPA - Compatibility - Using Device: Mesa - llvmpipe (LLVM 15.0.7, 256 bits)
######################## Ending test ########################
servers/rendering/renderer_rd/storage_rd/render_scene_buffers_rd.cpp:46:64: runtime error: member call on null pointer of type 'struct MaterialStorage'
servers/rendering/renderer_rd/storage_rd/render_scene_buffers_rd.cpp:46:64: runtime error: member access within null pointer of type 'struct MaterialStorage'
================================================================
handle_crash: Program crashed with signal 11
Engine version: Godot Engine v4.3.dev.custom_build
Dumping the backtrace. Please include this when reporting the bug to the project developer.
[1] ./godot.linuxbsd.editor.dev.x86_64.san(+0x3fda69d3) [0x55e1401f89d3] (/home/runner/work/Qarminer/Qarminer/godot/platform/linuxbsd/crash_handler_linuxbsd.cpp:61)
[2] /lib/x86_64-linux-gnu/libc.so.6(+0x42520) [0x7feef8042520] (??:0)
[3] RenderSceneBuffersRD::~RenderSceneBuffersRD() (/home/runner/work/Qarminer/Qarminer/godot/servers/rendering/renderer_rd/storage_rd/render_scene_buffers_rd.cpp:46)
[4] void memdelete<RefCounted>(RefCounted*) (/home/runner/work/Qarminer/Qarminer/godot/./core/os/memory.h:119)
[5] Variant::_clear_internal() (/home/runner/work/Qarminer/Qarminer/godot/core/variant/variant.cpp:1363)
[6] Variant::clear() (/home/runner/work/Qarminer/Qarminer/godot/./core/variant/variant.h:305)
[7] Variant::reference(Variant const&) (/home/runner/work/Qarminer/Qarminer/godot/core/variant/variant.cpp:1067)
[8] Variant::operator=(Variant const&) (/home/runner/work/Qarminer/Qarminer/godot/core/variant/variant.cpp:2714)
[9] GDScriptFunction::call(GDScriptInstance*, Variant const**, int, Callable::CallError&, GDScriptFunction::CallState*) (/home/runner/work/Qarminer/Qarminer/godot/modules/gdscript/gdscript_vm.cpp:1273)
[10] GDScriptInstance::callp(StringName const&, Variant const**, int, Callable::CallError&) (/home/runner/work/Qarminer/Qarminer/godot/modules/gdscript/gdscript.cpp:1970)
[11] bool Node::_gdvirtual__process_call<false>(double) (/home/runner/work/Qarminer/Qarminer/godot/scene/main/node.h:355 (discriminator 1))
[12] Node::_notification(int) (/home/runner/work/Qarminer/Qarminer/godot/scene/main/node.cpp:59)
[13] Node::_notificationv(int, bool) (/home/runner/work/Qarminer/Qarminer/godot/./scene/main/node.h:49 (discriminator 14))
[14] Object::notification(int, bool) (/home/runner/work/Qarminer/Qarminer/godot/core/object/object.cpp:902)
[15] SceneTree::_process_group(SceneTree::ProcessGroup*, bool) (/home/runner/work/Qarminer/Qarminer/godot/scene/main/scene_tree.cpp:979)
[16] SceneTree::_process(bool) (/home/runner/work/Qarminer/Qarminer/godot/scene/main/scene_tree.cpp:1051 (discriminator 2))
[17] SceneTree::process(double) (/home/runner/work/Qarminer/Qarminer/godot/scene/main/scene_tree.cpp:536)
[18] Main::iteration() (/home/runner/work/Qarminer/Qarminer/godot/main/main.cpp:4016)
[19] OS_LinuxBSD::run() (/home/runner/work/Qarminer/Qarminer/godot/platform/linuxbsd/os_linuxbsd.cpp:962)
[20] ./godot.linuxbsd.editor.dev.x86_64.san(main+0x4bb) [0x55e1401f8374] (/home/runner/work/Qarminer/Qarminer/godot/platform/linuxbsd/godot_linuxbsd.cpp:85)
[21] /lib/x86_64-linux-gnu/libc.so.6(+0x29d90) [0x7feef8029d90] (??:0)
[22] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x80) [0x7feef8029e40] (??:0)
[23] ./godot.linuxbsd.editor.dev.x86_64.san(_start+0x25) [0x55e1401f7df5] (??:?)
-- END OF BACKTRACE --
================================================================
Aborted (core dumped)

This example was found by Godot fuzzer - Qarminer, so it is quite unlikelly that this code could be used in real project, but still this should be handled gracefully.

Memory leaks or asan backtraces are visible when using Godot build with sanitizers support - https://github.com/qarmin/GodotBuilds/actions (linux -> linux-editor-sanitizers)

Steps to reproduce

Above

Minimal reproduction project (MRP)

Above

akien-mga commented 7 months ago

RenderSceneBuffersRD probably can't be used with a non-RD renderer like GL Compatibility.

It should probably be disabled when using the GL renderer, but the destructor can also be fixed so it doesn't index RendererRD::MaterialStorage::get_singleton()->samplers_rd_free(samplers); without checking that RendererRD::MaterialStorage exists.

CC @clayjohn @BastiaanOlij

akien-mga commented 7 months ago

4.3.dev.custom_build 6c57928 (I found that now godot --version not prints git version of app - it is possible to restore this?)

It still does for me:

$ godot-git --version
4.3.dev.custom_build.6c5792806

Maybe you're not compiling from an actual Git checkout, but only an extracted tarball? If so there's no Git commit info.

qarmin commented 7 months ago

CI has been failing lately due to too much disk space usage, so to reduce the size I started downloading zip files in CI instead of doing a git clone and I didn't think I would lose access to the easy way to get Godot version.