Program crash (core dumped)

FlySkyPie commented 2 years ago

version: 0.10.8 release-linux OS:Ubuntu 20.04.4 LTS

condition:

Selected "Tools" -> "Move"
Save file

pegvin commented 2 years ago

Any other logs?

guillaumechereau commented 2 years ago

I couldn't reproduce on ubuntu 22.04

@FlySkyPie

Did you work with a compiled version or the last release?
Does it crash all the time, or only with specific models maybe?

FlySkyPie commented 2 years ago

I build a debugversion from v0.10.8, here is out:

 ./goxel
0.000: render init                                                  render_init (src/render.c:307)
15.206: Save to /home/flyskypie/Downloads/goxel/untitled-4.gox       save_to_file (src/formats/gox.c:258)
15.228: Saved /home/flyskypie/Downloads/goxel/untitled-4.gox         sys_on_saved (src/system.c:295)
=================================================================
==138062==ERROR: AddressSanitizer: heap-use-after-free on address 0x616000b75a88 at pc 0x55e6b5b46bf4 bp 0x7ffd83047970 sp 0x7ffd83047960
READ of size 8 at 0x616000b75a88 thread T0
    #0 0x55e6b5b46bf3 in render_mesh src/render.c:729
    #1 0x55e6b56fe74b in goxel_render_view src/goxel.c:899
    #2 0x55e6b5726028 in render_view src/gui/app.c:127
    #3 0x55e6b5721db6 in gui_canvas_ src/gui.cpp:1712
    #4 0x55e6b5709551 in ImImpl_RenderDrawLists src/gui.cpp:376
    #5 0x55e6b5713bed in gui_render src/gui.cpp:772
    #6 0x55e6b56f8b27 in goxel_render src/goxel.c:707
    #7 0x55e6b59e8114 in loop_function src/main.c:193
    #8 0x55e6b59e81fe in start_main_loop src/main.c:205
    #9 0x55e6b59e91ed in main src/main.c:317
    #10 0x7f185793d082 in __libc_start_main ../csu/libc-start.c:308
    #11 0x55e6b55b72fd in _start (/home/flyskypie/Downloads/goxel/goxel+0x10d22fd)

0x616000b75a88 is located 8 bytes inside of 608-byte region [0x616000b75a80,0x616000b75ce0)
freed by thread T0 here:
    #0 0x7f185992940f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:122
    #1 0x55e6b5b530e9 in render_submit src/render.c:1076
    #2 0x55e6b570156b in goxel_render_to_buf src/goxel.c:1076
    #3 0x55e6b5686713 in save_to_file src/formats/gox.c:286
    #4 0x55e6b569cf8b in a_save src/formats/gox.c:749
    #5 0x55e6b55b82c1 in action_exec src/action.c:95
    #6 0x55e6b570d311 in check_action_shortcut src/gui.cpp:596
    #7 0x55e6b55b7f72 in actions_iter src/action.c:76
    #8 0x55e6b5713aa7 in gui_iter src/gui.cpp:761
    #9 0x55e6b56f477a in goxel_iter src/goxel.c:457
    #10 0x55e6b59e810f in loop_function src/main.c:192
    #11 0x55e6b59e81fe in start_main_loop src/main.c:205
    #12 0x55e6b59e91ed in main src/main.c:317
    #13 0x7f185793d082 in __libc_start_main ../csu/libc-start.c:308

previously allocated by thread T0 here:
    #0 0x7f1859929a06 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:153
    #1 0x55e6b5b4cd09 in render_box src/render.c:887
    #2 0x55e6b55ce589 in box_edit src/box_edit.c:175
    #3 0x55e6b5b95f87 in iter src/tools/move.c:59
    #4 0x55e6b5b5deab in tool_iter src/tools.c:86
    #5 0x55e6b56f7d8b in goxel_mouse_in_view src/goxel.c:653
    #6 0x55e6b5727307 in gui_app src/gui/app.c:209
    #7 0x55e6b571365b in gui_iter src/gui.cpp:746
    #8 0x55e6b56f477a in goxel_iter src/goxel.c:457
    #9 0x55e6b59e810f in loop_function src/main.c:192
    #10 0x55e6b59e81fe in start_main_loop src/main.c:205
    #11 0x55e6b59e91ed in main src/main.c:317
    #12 0x7f185793d082 in __libc_start_main ../csu/libc-start.c:308

SUMMARY: AddressSanitizer: heap-use-after-free src/render.c:729 in render_mesh
Shadow bytes around the buggy address:
  0x0c2c80166b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2c80166b10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2c80166b20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2c80166b30: 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa fa
  0x0c2c80166b40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c2c80166b50: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c80166b60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c80166b70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c80166b80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c80166b90: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
  0x0c2c80166ba0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==138062==ABORTING

Selected "Tools" -> "Move"
Press Ctrl+S to save file
The location browser popup, press "Save"

guillaumechereau commented 2 years ago

I just pushed a fix for this bug. Should work in the next release.

guillaumechereau / goxel

Program crash (core dumped) #292