Crash and file corruption after calc_normals_split, calc_tessface execution. #44461

New Issue

Alexander Romanov · 2015-04-20T17:30:53+02:00

Alexander Romanov commented

2015-04-20 17:30:53 +02:00

System Information
Ubuntu 12.04 and Debian Squeeze

Blender Version
Broken: 2.74 official release build

Short description of error
UVMap disappears; sometime Blender crashes

Exact steps for others to reproduce the error
I did not succeed to reproduce the full algorithm of the blend file creation, but attached a prepared one. It has been created and edited in previous Blender versions, but strange behavior appeared in 2.74, when I tried to use python API for split normals.
The file attached here has script for reproducing this behavior.
Tested official blender-2.74-linux-glibc211-x86_64 on Ubuntu 14.04.2 LTS and Debian squeeze

If I call calc_normals_split on active object, something happens with UVMap_0: it dissapears from "UV Maps" panel when mouse cursor drag over it. Sometimes Blender crashes.
If I call calc_tessface, blender crashes.

If after point 1) you save the file and reopen it, the names of UVMaps will change.

Alexander (Blend4Web Team)
crash.blend

**System Information** Ubuntu 12.04 and Debian Squeeze **Blender Version** Broken: 2.74 official release build **Short description of error** UVMap disappears; sometime Blender crashes **Exact steps for others to reproduce the error** I did not succeed to reproduce the full algorithm of the blend file creation, but attached a prepared one. It has been created and edited in previous Blender versions, but strange behavior appeared in 2.74, when I tried to use python API for split normals. The file attached here has script for reproducing this behavior. Tested official blender-2.74-linux-glibc211-x86_64 on Ubuntu 14.04.2 LTS and Debian squeeze 1) If I call calc_normals_split on active object, something happens with UVMap_0: it dissapears from "UV Maps" panel when mouse cursor drag over it. Sometimes Blender crashes. 2) If I call calc_tessface, blender crashes. If after point 1) you save the file and reopen it, the names of UVMaps will change. Alexander (Blend4Web Team) [crash.blend](https://archive.blender.org/developer/F164635/crash.blend)

Alexander Romanov commented

2015-04-20 17:30:53 +02:00

Changed status to: 'Open'

Bastien Montagne was assigned by Alexander Romanov

2015-04-20 17:30:53 +02:00

Alexander Romanov commented

2015-04-20 17:30:53 +02:00

Added subscriber: @AlexanderRomanov

Bastien Montagne commented

2015-04-20 19:28:53 +02:00

Hrrrrrm… With this file and a release build, I have no issue at all, cannot reproduce your crash. However, when trying to open it in a debug build with asan enabled, it crashes on reading. This means that the file itself is corrupted. And we cannot do much with a corrupted file, what we need in those cases is a way to reproduce such corruption - bug is here, not in a later crash.

So I need steps to reproduce that file.

Hrrrrrm… With this file and a release build, I have no issue at all, cannot reproduce your crash. However, when trying to open it in a debug build with asan enabled, it crashes on reading. This means that the file itself is corrupted. And we cannot do much with a corrupted file, what we need in those cases is a way to reproduce such corruption - bug is here, not in a later crash. So I need steps to reproduce that file.

EvgenyRodygin commented

2015-04-21 00:16:48 +02:00

Added subscriber: @EvgenyRodygin

EvgenyRodygin commented

2015-04-21 00:16:48 +02:00

This bug is reproduced only on Linux. It was tested on Ubuntu, Debian, Arch. The interesting thing is that if we build Blender by our own, crash disappears. Probably, some issues with Linux libraries?

Bastien Montagne commented

2015-04-21 07:20:37 +02:00

I’m on linux too… But again, the issue is not in the crash itself - a corrupted file is likely to crash sooner or later. I need to know how to generate such a corrupted file, otherwise there’s nothing we can do.

I’m on linux too… But again, the issue is not in the crash itself - a corrupted file is likely to crash sooner or later. I need to know how to **generate** such a corrupted file, otherwise there’s nothing we can do.

Alexander Kovelenov commented

2015-04-21 09:25:11 +02:00

Added subscriber: @AlexKowel

Alexander Kovelenov commented

2015-04-21 09:25:11 +02:00

Thanks for your answer. Unfortunately the problem is not just with the single corrupted file. Some of Blend4Web demos are affected too. In Blend4Web SDK we have hundreds of files, so it would be very helpful to have some method to know if the file is corrupted or not, and another method to fix the issue. Our guys will look at this in details, but I fear some really bad things just have happened.

Bastien Montagne commented

2015-04-21 11:52:00 +02:00

Knowing if the file is corrupted is pretty simple (assuming it has similar corruption to the one you posted here): just build a debug version of Blender with asan enabled (on linux or OSX, using gcc or clang, see http://wiki.blender.org/index.php/Dev:Doc/Tools/Debugging/GCC_Address_Sanitizer), it will crash on loading the file (complaining about reading past allocated memory or so iirc).

Alexander Kovelenov commented

2015-04-21 22:41:14 +02:00

Thank you for your help. By using custom Blender build and simple script we have discovered approx. 10 corrupted scenes. Now we are looking for solution to fix them. Anyway, is it possible to perform (implement) an automatic validation for loaded/saved data in the future?

Bastien Montagne commented

2015-04-22 08:01:25 +02:00

The thing is, such corruption should never happens, we cannot check for validity (as in, length of data arrays etc.) of data chunks in .blend file when loading, would be heavy and not much helpful.

The bug here is the generation of such corrupted file - if you cannot give us a way to reproduce that, afraid we can’t do anything… :/

The thing is, such corruption should *never* happens, we cannot check for validity (as in, length of data arrays etc.) of data chunks in .blend file when loading, would be heavy and not much helpful. The bug here is the generation of such corrupted file - if you cannot give us a way to reproduce that, afraid we can’t do anything… :/

Alexander Romanov commented

2015-04-22 17:33:24 +02:00

The new attached file has no asan messages when opened. After the steps bellow, asan shows heap-buffer-overflow.

open .blend
run the script
save the file
reopen the file
run the script again
save the file again
Try to reopen. I have heap-buffer-overflow

script:

import bpy

d = bpy.data.objects['sunglasses'].data
d.calc_normals_split()

sunglasses_asan.blend

The new attached file has no asan messages when opened. After the steps bellow, asan shows heap-buffer-overflow. 1) open .blend 2) run the script 3) save the file 4) reopen the file 5) run the script again 6) save the file again 7) Try to reopen. I have heap-buffer-overflow script: ``` import bpy d = bpy.data.objects['sunglasses'].data d.calc_normals_split() ``` [sunglasses_asan.blend](https://archive.blender.org/developer/F165737/sunglasses_asan.blend)

Bastien Montagne commented

2015-04-22 20:27:20 +02:00

Thanks, will check later.

Bastien Montagne commented

2015-04-23 20:47:09 +02:00

Has been hard, but found the issue. It’s not really related to lnors actually, it was a bug hidden deep in how cd layers are saved (written) - basically, when temp/nofree layers were removed for saving, mesh would still write org number of layers, instead of updated (reduced) new one…

Note that fix will solve corruption of data itself, but cannot do anything for files already broken. :|

Anyway, thanks a bunch for the report!

Has been hard, but found the issue. It’s not really related to lnors actually, it was a bug hidden deep in how cd layers are saved (written) - basically, when temp/nofree layers were removed for saving, mesh would still write org number of layers, instead of updated (reduced) new one… Note that fix will solve corruption of data itself, but cannot do anything for files already broken. :| Anyway, thanks a bunch for the report!

blender-admin commented

2015-04-23 20:53:12 +02:00

This issue was referenced by f75c89b3f4

This issue was referenced by f75c89b3f42ffac51603e6e53459f9d94a8782cc

Bastien Montagne commented

2015-04-23 20:54:59 +02:00

Changed status from 'Open' to: 'Resolved'

Bastien Montagne closed this issue

2015-04-23 20:54:59 +02:00

Bastien Montagne commented

2015-04-23 20:54:59 +02:00

Closed by commit f75c89b3f4.

Closed by commit f75c89b3f4.

Alexander Romanov commented

2015-04-24 09:25:26 +02:00

It works! Thank you!

Angus Hollands commented

2015-04-28 00:12:20 +02:00

Added subscriber: @AngusHollands-4

Angus Hollands commented

2015-04-28 00:12:20 +02:00

In the interests of partial recovery of corrupted files, is it possible to abort loading of corrupted data blocks, such that only unmodified assets are loaded?

Alexander Romanov commented

2015-04-28 09:42:18 +02:00

As I understand, aborting of any block loading is impossible because you can't know the offset of the next block without reading of previous block. And even if it is possible, generally, there is a non trivial issue to avoid broken links.

Sign in to join this conversation.

No Label

Download

What's New

Blender Studio

Manual

Developers Blog

Documentation

Benchmark

Blender Conference

Development Fund

One-time Donations

Crash and file corruption after calc_normals_split, calc_tessface execution. #44461