SegFault in StringName

[meghprkh]

Tested versions

Tested in 4.3 and a debug build of 4.3 fetched from https://github.com/Calinou/godot-debug-builds/releases

System information

Linux Build

Issue description

I cant consistently reproduce the issue, but the outline of the bug is something like this:

• I create an animation with a new unique name and add it to an existing animation library
• I try to play the the animation with <library_name>/<animation_name> with the string concatenated in gdscript
• If I do this fastly enough, I get a segault

Click for Stack Trace

``` StringName::StringName (this=0x7fffffff9648, p_name=..., p_static=false) at ./core/string/ustring.h:278 warning: 278 ./core/string/ustring.h: No such file or directory Missing separate debuginfos, use: dnf debuginfo-install alsa-lib-1.2.12-1.fc40.x86_64 bzip2-libs-1.0.8-18.fc40.x86_64 dbus-libs-1.14.10-3.fc40.x86_64 elfutils-libelf-0.191-4.fc40.x86_64 expat-2.6.2-1.fc40.x86_64 flac-libs-1.4.3-4.fc40.x86_64 fontconfig-2.15.0-6.fc40.x86_64 freetype-2.13.2-5.fc40.x86_64 glib2-2.80.3-1.fc40.x86_64 glibc-2.39-22.fc40.x86_64 graphite2-1.3.14-15.fc40.x86_64 gsm-1.0.22-6.fc40.x86_64 harfbuzz-8.5.0-1.fc40.x86_64 lame-libs-3.100-17.fc40.x86_64 libX11-1.8.10-2.fc40.x86_64 libX11-xcb-1.8.10-2.fc40.x86_64 libXau-1.0.11-6.fc40.x86_64 libXcursor-1.2.1-7.fc40.x86_64 libXext-1.3.6-1.fc40.x86_64 libXfixes-6.0.1-3.fc40.x86_64 libXi-1.8.1-5.fc40.x86_64 libXinerama-1.1.5-6.fc40.x86_64 libXrender-0.9.11-6.fc40.x86_64 libXxf86vm-1.1.5-6.fc40.x86_64 libbrotli-1.1.0-3.fc40.x86_64 libcap-2.69-8.fc40.x86_64 libdrm-2.4.123-1.fc40.x86_64 libffi-3.4.4-7.fc40.x86_64 libgcc-14.2.1-1.fc40.x86_64 libglvnd-1.7.0-4.fc40.x86_64 libglvnd-glx-1.7.0-4.fc40.x86_64 libpng-1.6.40-3.fc40.x86_64 libsndfile-1.2.2-2.fc40.x86_64 libstdc++-14.2.1-1.fc40.x86_64 libvorbis-1.3.7-10.fc40.x86_64 libxcb-1.17.0-1.fc40.x86_64 libxkbcommon-1.6.0-2.fc40.x86_64 libxml2-2.12.8-1.fc40.x86_64 libzstd-1.5.6-1.fc40.x86_64 llvm-libs-18.1.6-2.fc40.x86_64 lm_sensors-libs-3.6.0-18.fc40.x86_64 lz4-libs-1.9.4-6.fc40.x86_64 mesa-libglapi-24.1.6-1.fc40.x86_64 mpg123-libs-1.31.3-4.fc40.x86_64 ncurses-libs-6.4-12.20240127.fc40.x86_64 opus-1.5.1-1.fc40.x86_64 pcre2-10.44-1.fc40.x86_64 systemd-libs-255.10-3.fc40.x86_64 xz-libs-5.4.6-3.fc40.x86_64 zlib-ng-compat-2.1.7-1.fc40.x86_64 (gdb) where #0 StringName::StringName (this=0x7fffffff9648, p_name=..., p_static=false) at ./core/string/ustring.h:278 #1 0x0000555557434852 in AnimationPlayer::_play (this=0x55555c446940, p_name=..., p_custom_blend=-1, p_custom_scale=1, p_from_end=) at scene/animation/animation_player.cpp:404 #2 0x00005555574412df in call_with_variant_args_helper<__UnexistingClass, StringName const&, double, float, bool, 0ul, 1ul, 2ul, 3ul> (r_error=..., p_args=0x7fffffff9720, p_method=, p_instance=) at ./core/variant/binder_common.h:304 #3 call_with_variant_args_dv<__UnexistingClass, StringName const&, double, float, bool> (default_values=..., r_error=..., p_argcount=, p_args=, p_method=, p_instance=) at ./core/variant/binder_common.h:451 #4 MethodBindT::call (this=, p_object=, p_args=, p_arg_count=, r_error=...) at ./core/object/method_bind.h:345 #5 0x0000555555c5304a in GDScriptFunction::call (this=, p_instance=, p_instance@entry=0x55555c30f960, p_args=p_args@entry=0x7fffffff9f50, p_argcount=p_argcount@entry=1, r_err=..., p_state=) at modules/gdscript/gdscript_vm.cpp:1876 #6 0x0000555555b01398 in GDScriptInstance::callp (this=0x55555c30f960, p_method=..., p_args=0x7fffffff9f50, p_argcount=1, r_error=...) at modules/gdscript/gdscript.cpp:2032 #7 0x0000555558d8f733 in Object::callp (this=0x55555c35d8a0, p_method=..., p_args=0x7fffffff9f50, p_argcount=1, r_error=...) at core/object/object.cpp:786 #8 0x0000555558b409c0 in Variant::callp (this=this@entry=0x7fffffff9e60, p_method=..., p_args=p_args@entry=0x7fffffff9f50, p_argcount=p_argcount@entry=1, r_ret=..., r_error=...) at core/variant/variant_call.cpp:1211 #9 0x0000555555c5709a in GDScriptFunction::call (this=, p_instance=, p_instance@entry=0x55555c30f960, p_args=p_args@entry=0x7fffffffa358, --Type for more, q to quit, c to continue without paging-- p_argcount=p_argcount@entry=1, r_err=..., p_state=) at modules/gdscript/gdscript_vm.cpp:1780 #10 0x0000555555b01398 in GDScriptInstance::callp (this=0x55555c30f960, p_method=..., p_args=0x7fffffffa358, p_argcount=1, r_error=...) at modules/gdscript/gdscript.cpp:2032 #11 0x0000555556a2b12c in Node::_gdvirtual__input_call (arg1=..., this=0x55555c35d8a0) at scene/main/node.h:358 #12 Node::_call_input (this=this@entry=0x55555c35d8a0, p_event=...) at scene/main/node.cpp:3346 #13 0x0000555556a793dd in SceneTree::_call_input_pause (this=this@entry=0x55555c238540, p_group=..., p_call_type=p_call_type@entry=SceneTree::CALL_INPUT_TYPE_INPUT, p_input=..., p_viewport=p_viewport@entry=0x55555c2389f0) at scene/main/scene_tree.cpp:1209 #14 0x0000555556acd7c5 in Viewport::push_input (this=this@entry=0x55555c2389f0, p_event=..., p_local_coords=p_local_coords@entry=false) at scene/main/viewport.cpp:3253 #15 0x0000555556b0c28a in Window::_window_input (this=0x55555c2389f0, p_ev=...) at scene/main/window.cpp:1680 #16 0x0000555556b266b0 in call_with_variant_args_helper const&, 0ul> (r_error=..., p_args=0x7fffffffc670, p_method=, p_instance=) at ./core/variant/binder_common.h:304 #17 call_with_variant_args const&> (r_error=..., p_argcount=, p_args=0x7fffffffc670, p_method=, p_instance=) at ./core/variant/binder_common.h:418 #18 CallableCustomMethodPointer const&>::call (this=, p_arguments=0x7fffffffc670, p_argcount=, r_return_value=..., r_call_error=...) at ./core/object/callable_method_pointer.h:103 #19 0x0000555558aef765 in Callable::callp (this=this@entry=0x7fffffffc720, p_arguments=p_arguments@entry=0x7fffffffc670, p_argcount=p_argcount@entry=1, r_return_value=..., r_call_error=...) at core/variant/callable.cpp:57 #20 0x000055555594392d in Callable::call > (this=this@entry=0x7fffffffc720) at ./core/variant/variant.h:875 #21 0x00005555559399d4 in DisplayServerX11::_dispatch_input_event (this=0x55555ab862b0, p_event=...) at platform/linuxbsd/x11/display_server_x11.cpp:4063 #22 0x0000555558a81a07 in Input::_parse_input_event_impl (this=this@entry=0x55555a38ad20, p_event=..., p_is_emulated=p_is_emulated@entry=false) at core/input/input.cpp:774 #23 0x0000555558a84fbd in Input::flush_buffered_events (this=0x55555a38ad20) at core/input/input.cpp:1055 #24 0x000055555593a555 in DisplayServerX11::process_events (this=0x55555ab862b0) at platform/linuxbsd/x11/display_server_x11.cpp:5199 #25 0x0000555555909eb0 in OS_LinuxBSD::run (this=this@entry=0x7fffffffcda0) at platform/linuxbsd/os_linuxbsd.cpp:958 #26 0x00005555558fbbbc in main (argc=, argv=0x7fffffffd3f8) at platform/linuxbsd/godot_linuxbsd.cpp:85 ```

Steps to reproduce

Run minimal project (without gdb)

Press space a few times fashtly

Click to expand trace

``` ./segault_stringname.x86_64 Godot Engine v4.3.stable.custom_build.77dcf97d8 (2024-08-14 23:00:16 UTC) - https://godotengine.org OpenGL API 4.6 (Core Profile) Mesa 24.1.6 - Compatibility - Using Device: AMD - AMD Radeon Graphics (radeonsi, renoir, LLVM 18.1.6, DRM 3.57, 6.10.6-200.fc40.x86_64) HANDLED ================================================================ handle_crash: Program crashed with signal 11 Engine version: Godot Engine v4.3.stable.custom_build (77dcf97d82cbfe4e4615475fa52ca03da645dbd8) Dumping the backtrace. Please include this when reporting the bug to the project developer. [1] /lib64/libc.so.6(+0x40d00) [0x7efc29048d00] (??:0) [2] ./segault_stringname.x86_64(+0x38989c5) [0x55a30a2f69c5] (/opt/godot/core/string/string_name.cpp:334) [3] ./segault_stringname.x86_64(+0x1ee0852) [0x55a30893e852] (/opt/godot/scene/animation/animation_player.cpp:404) [4] ./segault_stringname.x86_64(+0x1eed2df) [0x55a30894b2df] (/opt/godot/./core/string/string_name.h:187) [5] ./segault_stringname.x86_64(+0x6ff04a) [0x55a30715d04a] (/opt/godot/./core/variant/variant.h:308) [6] ./segault_stringname.x86_64(+0x5ad398) [0x55a30700b398] (/opt/godot/modules/gdscript/gdscript.cpp:2032) [7] ./segault_stringname.x86_64(+0x383b733) [0x55a30a299733] (/opt/godot/core/object/object.cpp:786) [8] ./segault_stringname.x86_64(+0x35ec9c0) [0x55a30a04a9c0] (/opt/godot/core/variant/variant_call.cpp:1211 (discriminator 6)) [9] ./segault_stringname.x86_64(+0x70309a) [0x55a30716109a] (/opt/godot/./core/variant/variant.h:308) [10] ./segault_stringname.x86_64(+0x5ad398) [0x55a30700b398] (/opt/godot/modules/gdscript/gdscript.cpp:2032) [11] ./segault_stringname.x86_64(+0x14d712c) [0x55a307f3512c] (/opt/godot/./core/variant/variant.h:308) [12] ./segault_stringname.x86_64(+0x15253dd) [0x55a307f833dd] (/opt/godot/scene/main/scene_tree.cpp:1193) [13] ./segault_stringname.x86_64(+0x15797c5) [0x55a307fd77c5] (/opt/godot/scene/main/viewport.cpp:3256) [14] ./segault_stringname.x86_64(+0x15b828a) [0x55a30801628a] (/opt/godot/scene/main/window.cpp:1680) [15] ./segault_stringname.x86_64(+0x15d26b0) [0x55a3080306b0] (/opt/godot/./core/object/ref_counted.h:209) [16] ./segault_stringname.x86_64(+0x359b765) [0x55a309ff9765] (/opt/godot/core/variant/callable.cpp:57) [17] ./segault_stringname.x86_64(+0x3ef92d) [0x55a306e4d92d] (/opt/godot/./core/variant/variant.h:308) [18] ./segault_stringname.x86_64(+0x3e59d4) [0x55a306e439d4] (/opt/godot/./core/variant/variant.h:308) [19] ./segault_stringname.x86_64(+0x352da07) [0x55a309f8ba07] (/usr/include/x86_64-linux-gnu/c++/9/bits/gthr-default.h:748) [20] ./segault_stringname.x86_64(+0x3530fbd) [0x55a309f8efbd] (/opt/godot/./core/object/ref_counted.h:209) [21] ./segault_stringname.x86_64(+0x3e6555) [0x55a306e44555] (/opt/godot/./core/templates/local_vector.h:339) [22] ./segault_stringname.x86_64(+0x3b5eb0) [0x55a306e13eb0] (/opt/godot/platform/linuxbsd/os_linuxbsd.cpp:960) [23] ./segault_stringname.x86_64(+0x3a7bbc) [0x55a306e05bbc] (/opt/godot/platform/linuxbsd/godot_linuxbsd.cpp:85) [24] /lib64/libc.so.6(+0x2a088) [0x7efc29032088] (??:0) [25] /lib64/libc.so.6(__libc_start_main+0x8b) [0x7efc2903214b] (??:0) [26] ./segault_stringname.x86_64(+0x3b341e) [0x55a306e1141e] (??:?) -- END OF BACKTRACE -- ================================================================ [1] 196445 IOT instruction (core dumped) ./segault_stringname.x86_64 ```

Minimal reproduction project (MRP)

segault_issue.zip

[meghprkh]

Looking at the code, maybe the mutex needs to be above the method call? https://github.com/godotengine/godot/blob/4.3/core/string/string_name.cpp#L334-L338