blender
/
blender
133
398
Fork 577
Code Issues 6.3k Pull Requests 744 Projects 19 Wiki Activity

Use-after-free when expanding hierarchy in Outliner after deleting NLA track #84586

New Issue
Closed
opened 2021-01-11 09:31:34 +01:00 by Robert Guetzkow · 7 comments
Robert Guetzkow commented 2021-01-11 09:31:34 +01:00
Member
Copy Link

System Information
Operating system: Linux-5.8.0-36-generic-x86_64-with-debian-bullseye-sid 64 Bits
Graphics card: SVGA3D; build: RELEASE; LLVM; VMware, Inc. 3.3 (Core Profile) Mesa 20.0.8

Blender Version
Broken: version:

  • 2.92.0 Alpha, branch: master, commit date: 2021-01-08 10:20, hash: 03f1d8acab
  • 2.91.0
    Worked: 2.83.x

Short description of error
When an NLA track is deleted and the NLA tracks entry in the Outliner is expanded to show the hierarchy below, ASAN detects a use-after-free.

Exact steps for others to reproduce the error

  • Open the attached file.
  • Delete NlaTrack in the Nonlinear Animation editor.

Expand the Scene Collection > Collection > Cube > Animation > NLA tracks entry.

#84586.blend

Alternatively:

  • Create a keyframe animation.
  • Open the Nonlinear Animation editor.
  • Use Push Down Action.
  • Delete the track.

In the Outliner find the NLA tracks entry and try to expand the hierarchy below it by clicking on the triangle icon.

## 3185==ERROR: AddressSanitizer: heap-use-after-free on address 0x60b0005ced50 at pc 0x00001704cf5f bp 0x7fffffffa460 sp 0x7fffffffa450
READ of size 1 at 0x60b0005ced50 thread T0
    - 0 0x1704cf5e in BLF_draw /home/dev/01-data/01-git/blender-git/blender/source/blender/blenfont/intern/blf.c:544
    - 1 0x9353246 in UI_fontstyle_draw_simple /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/interface/interface_style.c:311
    - 2 0x982ce06 in outliner_draw_tree_element /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_outliner/outliner_draw.c:3114
    - 3 0x982dc0f in outliner_draw_tree_element /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_outliner/outliner_draw.c:3162
    - 4 0x982dc0f in outliner_draw_tree_element /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_outliner/outliner_draw.c:3162
    - 5 0x982dc0f in outliner_draw_tree_element /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_outliner/outliner_draw.c:3162
    - 6 0x982dc0f in outliner_draw_tree_element /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_outliner/outliner_draw.c:3162
    - 7 0x982dc0f in outliner_draw_tree_element /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_outliner/outliner_draw.c:3162
    - 8 0x982dc0f in outliner_draw_tree_element /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_outliner/outliner_draw.c:3162
    - 9 0x9833197 in outliner_draw_tree /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_outliner/outliner_draw.c:3508
    - 10 0x9834a1b in draw_outliner /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_outliner/outliner_draw.c:3637
    - 11 0x98843db in outliner_main_region_draw /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_outliner/space_outliner.c:92
    - 12 0x7909e1c in ED_region_do_draw /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/screen/area.c:546
    - 13 0x4fd2335 in wm_draw_window_offscreen /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_draw.c:731
    - 14 0x4fd3557 in wm_draw_window /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_draw.c:872
    - 15 0x4fd49c7 in wm_draw_update /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_draw.c:1073
    - 16 0x4fc4fa7 in WM_main /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm.c:641
    - 17 0x3523a3a in main /home/dev/01-data/01-git/blender-git/blender/source/creator/creator.c:522
    - 18 0x7ffff6e490b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    - 19 0x3522bed in _start (/home/dev/01-data/01-git/blender-git/build_linux_debug_full/bin/blender+0x3522bed)

0x60b0005ced50 is located 48 bytes inside of 112-byte region [0x60b0005ced20,0x60b0005ced90)
freed by thread T0 here:
    - 0 0x7ffff76907cf in __interceptor_free (/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf)
    - 1 0x18fba180 in MEM_lockfree_freeN /home/dev/01-data/01-git/blender-git/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:129
    - 2 0x18c3d585 in BLI_freelinkN /home/dev/01-data/01-git/blender-git/blender/source/blender/blenlib/intern/listbase.c:290
    - 3 0x392af3c in BKE_nlatrack_free /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/nla.c:131
    - 4 0x973eeaf in nlaedit_delete_tracks_exec /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_nla/nla_channels.c:814
    - 5 0x4fe1cf2 in wm_operator_invoke /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1312
    - 6 0x4fe9aec in wm_handler_operator_call /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2141
    - 7 0x4fed63b in wm_handlers_do_keymap_with_keymap_handler /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2466
    - 8 0x4ff0dee in wm_handlers_do_intern /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2762
    - 9 0x4ff207c in wm_handlers_do /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2886
    - 10 0x4ff83f3 in wm_event_do_handlers /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:3382
    - 11 0x4fc4f8f in WM_main /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm.c:635
    - 12 0x3523a3a in main /home/dev/01-data/01-git/blender-git/blender/source/creator/creator.c:522
    - 13 0x7ffff6e490b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)

previously allocated by thread T0 here:
    - 0 0x7ffff7690bc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
    - 1 0x18fbabe0 in MEM_lockfree_mallocN /home/dev/01-data/01-git/blender-git/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:276
    - 2 0x18fba2ea in MEM_lockfree_dupallocN /home/dev/01-data/01-git/blender-git/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:145
    - 3 0x392b8ab in BKE_nlatrack_copy /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/nla.c:237
    - 4 0x6e52b9b in rna_NLA_tracks_override_apply /home/dev/01-data/01-git/blender-git/blender/source/blender/makesrna/intern/rna_animation.c:780
    - 5 0x6dfd3a4 in rna_property_override_operation_apply /home/dev/01-data/01-git/blender-git/blender/source/blender/makesrna/intern/rna_access_compare_override.c:616
    - 6 0x6e01497 in rna_property_override_apply_ex /home/dev/01-data/01-git/blender-git/blender/source/blender/makesrna/intern/rna_access_compare_override.c:1098
    - 7 0x6e01d70 in RNA_struct_override_apply /home/dev/01-data/01-git/blender-git/blender/source/blender/makesrna/intern/rna_access_compare_override.c:1155
    - 8 0x3789d1d in BKE_lib_override_library_update /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/lib_override.c:1818
    - 9 0x378ae17 in BKE_lib_override_library_main_update /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/lib_override.c:1885
    - 10 0x5140288 in blo_read_file_internal /home/dev/01-data/01-git/blender-git/blender/source/blender/blenloader/intern/readfile.c:4133
    - 11 0x51139b0 in BLO_read_from_file /home/dev/01-data/01-git/blender-git/blender/source/blender/blenloader/intern/readblenentry.c:368
    - 12 0x9dfd740 in BKE_blendfile_read_ex /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/blendfile.c:446
    - 13 0x9dfd8ea in BKE_blendfile_read /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/blendfile.c:468
    - 14 0x5012456 in WM_file_read /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_files.c:717
    - 15 0x501d5a6 in wm_file_read_opwrap /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_files.c:2185
    - 16 0x501e82a in wm_open_mainfile__open /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_files.c:2325
    - 17 0x501d911 in operator_state_dispatch /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_files.c:2221
    - 18 0x501ea9f in wm_open_mainfile_dispatch /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_files.c:2349
    - 19 0x501de16 in wm_open_mainfile__discard_changes /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_files.c:2266
    - 20 0x501d911 in operator_state_dispatch /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_files.c:2221
    - 21 0x501ea9f in wm_open_mainfile_dispatch /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_files.c:2349
    - 22 0x501eacc in wm_open_mainfile_invoke /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_files.c:2354
    - 23 0x4fe1725 in wm_operator_invoke /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1300
    - 24 0x4fe37c3 in wm_operator_call_internal /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1541
    - 25 0x4fe38bc in WM_operator_name_call_ptr /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1555
    - 26 0x91ce62a in ui_apply_but_funcs_after /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/interface/interface_handlers.c:939
    - 27 0x9259475 in ui_popup_handler /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/interface/interface_handlers.c:10937
    - 28 0x4fdaec6 in wm_handler_ui_call /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:643
    - 29 0x4ff103a in wm_handlers_do_intern /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2778

SUMMARY: AddressSanitizer: heap-use-after-free /home/dev/01-data/01-git/blender-git/blender/source/blender/blenfont/intern/blf.c:544 in BLF_draw
Shadow bytes around the buggy address:
  0x0c16800b1d50: 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa
  0x0c16800b1d60: fa fa 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c16800b1d70: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c16800b1d80: 00 00 00 00 00 00 fa fa fa fa fa fa fa fa 00 00
  0x0c16800b1d90: 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa
# >0x0c16800b1da0: fa fa fa fa fd fd fd fd fd fd[fd]fd fd fd fd fd
  0x0c16800b1db0: fd fd fa fa fa fa fa fa fa fa 00 00 00 00 00 00
  0x0c16800b1dc0: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
  0x0c16800b1dd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa fa
  0x0c16800b1de0: fa fa fa fa fa fa 00 00 00 00 00 00 00 00 00 00
  0x0c16800b1df0: 00 00 00 fa fa fa fa fa fa fa fa fa 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):

Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc

**System Information** Operating system: Linux-5.8.0-36-generic-x86_64-with-debian-bullseye-sid 64 Bits Graphics card: SVGA3D; build: RELEASE; LLVM; VMware, Inc. 3.3 (Core Profile) Mesa 20.0.8 **Blender Version** Broken: version: - 2.92.0 Alpha, branch: master, commit date: 2021-01-08 10:20, hash: `03f1d8acab` - 2.91.0 Worked: 2.83.x **Short description of error** When an NLA track is deleted and the *NLA tracks* entry in the Outliner is expanded to show the hierarchy below, ASAN detects a use-after-free. **Exact steps for others to reproduce the error** - Open the attached file. - Delete *NlaTrack* in the *Nonlinear Animation* editor. # Expand the *Scene Collection > Collection > Cube > Animation > NLA tracks* entry. [#84586.blend](https://archive.blender.org/developer/F9559547/T84586.blend) Alternatively: - Create a keyframe animation. - Open the *Nonlinear Animation* editor. - Use *Push Down Action*. - Delete the track. # In the *Outliner* find the *NLA tracks* entry and try to expand the hierarchy below it by clicking on the triangle icon. ```lines ## 3185==ERROR: AddressSanitizer: heap-use-after-free on address 0x60b0005ced50 at pc 0x00001704cf5f bp 0x7fffffffa460 sp 0x7fffffffa450 READ of size 1 at 0x60b0005ced50 thread T0 - 0 0x1704cf5e in BLF_draw /home/dev/01-data/01-git/blender-git/blender/source/blender/blenfont/intern/blf.c:544 - 1 0x9353246 in UI_fontstyle_draw_simple /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/interface/interface_style.c:311 - 2 0x982ce06 in outliner_draw_tree_element /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_outliner/outliner_draw.c:3114 - 3 0x982dc0f in outliner_draw_tree_element /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_outliner/outliner_draw.c:3162 - 4 0x982dc0f in outliner_draw_tree_element /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_outliner/outliner_draw.c:3162 - 5 0x982dc0f in outliner_draw_tree_element /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_outliner/outliner_draw.c:3162 - 6 0x982dc0f in outliner_draw_tree_element /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_outliner/outliner_draw.c:3162 - 7 0x982dc0f in outliner_draw_tree_element /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_outliner/outliner_draw.c:3162 - 8 0x982dc0f in outliner_draw_tree_element /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_outliner/outliner_draw.c:3162 - 9 0x9833197 in outliner_draw_tree /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_outliner/outliner_draw.c:3508 - 10 0x9834a1b in draw_outliner /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_outliner/outliner_draw.c:3637 - 11 0x98843db in outliner_main_region_draw /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_outliner/space_outliner.c:92 - 12 0x7909e1c in ED_region_do_draw /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/screen/area.c:546 - 13 0x4fd2335 in wm_draw_window_offscreen /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_draw.c:731 - 14 0x4fd3557 in wm_draw_window /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_draw.c:872 - 15 0x4fd49c7 in wm_draw_update /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_draw.c:1073 - 16 0x4fc4fa7 in WM_main /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm.c:641 - 17 0x3523a3a in main /home/dev/01-data/01-git/blender-git/blender/source/creator/creator.c:522 - 18 0x7ffff6e490b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) - 19 0x3522bed in _start (/home/dev/01-data/01-git/blender-git/build_linux_debug_full/bin/blender+0x3522bed) 0x60b0005ced50 is located 48 bytes inside of 112-byte region [0x60b0005ced20,0x60b0005ced90) freed by thread T0 here: - 0 0x7ffff76907cf in __interceptor_free (/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf) - 1 0x18fba180 in MEM_lockfree_freeN /home/dev/01-data/01-git/blender-git/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:129 - 2 0x18c3d585 in BLI_freelinkN /home/dev/01-data/01-git/blender-git/blender/source/blender/blenlib/intern/listbase.c:290 - 3 0x392af3c in BKE_nlatrack_free /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/nla.c:131 - 4 0x973eeaf in nlaedit_delete_tracks_exec /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/space_nla/nla_channels.c:814 - 5 0x4fe1cf2 in wm_operator_invoke /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1312 - 6 0x4fe9aec in wm_handler_operator_call /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2141 - 7 0x4fed63b in wm_handlers_do_keymap_with_keymap_handler /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2466 - 8 0x4ff0dee in wm_handlers_do_intern /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2762 - 9 0x4ff207c in wm_handlers_do /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2886 - 10 0x4ff83f3 in wm_event_do_handlers /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:3382 - 11 0x4fc4f8f in WM_main /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm.c:635 - 12 0x3523a3a in main /home/dev/01-data/01-git/blender-git/blender/source/creator/creator.c:522 - 13 0x7ffff6e490b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) previously allocated by thread T0 here: - 0 0x7ffff7690bc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8) - 1 0x18fbabe0 in MEM_lockfree_mallocN /home/dev/01-data/01-git/blender-git/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:276 - 2 0x18fba2ea in MEM_lockfree_dupallocN /home/dev/01-data/01-git/blender-git/blender/intern/guardedalloc/intern/mallocn_lockfree_impl.c:145 - 3 0x392b8ab in BKE_nlatrack_copy /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/nla.c:237 - 4 0x6e52b9b in rna_NLA_tracks_override_apply /home/dev/01-data/01-git/blender-git/blender/source/blender/makesrna/intern/rna_animation.c:780 - 5 0x6dfd3a4 in rna_property_override_operation_apply /home/dev/01-data/01-git/blender-git/blender/source/blender/makesrna/intern/rna_access_compare_override.c:616 - 6 0x6e01497 in rna_property_override_apply_ex /home/dev/01-data/01-git/blender-git/blender/source/blender/makesrna/intern/rna_access_compare_override.c:1098 - 7 0x6e01d70 in RNA_struct_override_apply /home/dev/01-data/01-git/blender-git/blender/source/blender/makesrna/intern/rna_access_compare_override.c:1155 - 8 0x3789d1d in BKE_lib_override_library_update /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/lib_override.c:1818 - 9 0x378ae17 in BKE_lib_override_library_main_update /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/lib_override.c:1885 - 10 0x5140288 in blo_read_file_internal /home/dev/01-data/01-git/blender-git/blender/source/blender/blenloader/intern/readfile.c:4133 - 11 0x51139b0 in BLO_read_from_file /home/dev/01-data/01-git/blender-git/blender/source/blender/blenloader/intern/readblenentry.c:368 - 12 0x9dfd740 in BKE_blendfile_read_ex /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/blendfile.c:446 - 13 0x9dfd8ea in BKE_blendfile_read /home/dev/01-data/01-git/blender-git/blender/source/blender/blenkernel/intern/blendfile.c:468 - 14 0x5012456 in WM_file_read /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_files.c:717 - 15 0x501d5a6 in wm_file_read_opwrap /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_files.c:2185 - 16 0x501e82a in wm_open_mainfile__open /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_files.c:2325 - 17 0x501d911 in operator_state_dispatch /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_files.c:2221 - 18 0x501ea9f in wm_open_mainfile_dispatch /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_files.c:2349 - 19 0x501de16 in wm_open_mainfile__discard_changes /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_files.c:2266 - 20 0x501d911 in operator_state_dispatch /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_files.c:2221 - 21 0x501ea9f in wm_open_mainfile_dispatch /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_files.c:2349 - 22 0x501eacc in wm_open_mainfile_invoke /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_files.c:2354 - 23 0x4fe1725 in wm_operator_invoke /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1300 - 24 0x4fe37c3 in wm_operator_call_internal /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1541 - 25 0x4fe38bc in WM_operator_name_call_ptr /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:1555 - 26 0x91ce62a in ui_apply_but_funcs_after /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/interface/interface_handlers.c:939 - 27 0x9259475 in ui_popup_handler /home/dev/01-data/01-git/blender-git/blender/source/blender/editors/interface/interface_handlers.c:10937 - 28 0x4fdaec6 in wm_handler_ui_call /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:643 - 29 0x4ff103a in wm_handlers_do_intern /home/dev/01-data/01-git/blender-git/blender/source/blender/windowmanager/intern/wm_event_system.c:2778 SUMMARY: AddressSanitizer: heap-use-after-free /home/dev/01-data/01-git/blender-git/blender/source/blender/blenfont/intern/blf.c:544 in BLF_draw Shadow bytes around the buggy address: 0x0c16800b1d50: 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa 0x0c16800b1d60: fa fa 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c16800b1d70: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 0x0c16800b1d80: 00 00 00 00 00 00 fa fa fa fa fa fa fa fa 00 00 0x0c16800b1d90: 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa # >0x0c16800b1da0: fa fa fa fa fd fd fd fd fd fd[fd]fd fd fd fd fd 0x0c16800b1db0: fd fd fa fa fa fa fa fa fa fa 00 00 00 00 00 00 0x0c16800b1dc0: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa 0x0c16800b1dd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa fa 0x0c16800b1de0: fa fa fa fa fa fa 00 00 00 00 00 00 00 00 00 00 0x0c16800b1df0: 00 00 00 fa fa fa fa fa fa fa fa fa 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): ``` Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ``` ```
Robert Guetzkow commented 2021-01-11 09:31:34 +01:00
Author
Member
Copy Link

Added subscriber: @rjg

Added subscriber: @rjg
Robert Guetzkow commented 2021-01-11 11:39:40 +01:00
Author
Member
Copy Link

Changed status from 'Needs Triage' to: 'Confirmed'

Changed status from 'Needs Triage' to: 'Confirmed'
Robert Guetzkow commented 2021-01-11 11:41:25 +01:00
Author
Member
Copy Link

Unlike 2.83.x it seems that 2.91 and later keeps a reference around to the NLA that has already been removed. In 2.83 the entry disappears in the Outliner once you click on it.

Unlike 2.83.x it seems that 2.91 and later keeps a reference around to the NLA that has already been removed. In 2.83 the entry disappears in the Outliner once you click on it.
Philipp Oeser commented 2021-01-11 11:55:57 +01:00
Member
Copy Link

Added subscriber: @lichtwerk

Added subscriber: @lichtwerk
Philipp Oeser self-assigned this 2021-01-11 11:55:57 +01:00
Philipp Oeser commented 2021-01-11 11:55:57 +01:00
Member
Copy Link

Will check on this

Will check on this
blender-admin commented 2021-01-11 13:56:15 +01:00
Copy Link

This issue was referenced by b4530deec4

This issue was referenced by b4530deec478e1982156a2a76bd4bdadaf651fb3
Philipp Oeser commented 2021-01-18 14:06:45 +01:00
Member
Copy Link

Changed status from 'Confirmed' to: 'Resolved'

Changed status from 'Confirmed' to: 'Resolved'
Thomas Dinges added this to the 2.91 milestone 2023-02-08 16:20:07 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
brush-assets-project
universal-scene-description
fix-121021
blender-v4.1-release
blender-v3.3-release
blender-v3.6-release
blender-v3.6-temp_wmoss_animrig_public
temp-sculpt-dyntopo
gpencil-next
anim/animation-id-113594
blender-v4.0-release
blender-projects-basics
bridge-curves
sculpt-blender
asset-browser-frontend-split
asset-shelf
tmp-usd-python-mtl
tmp-usd-3.6
blender-v3.5-release
blender-v2.93-release
realtime-clock
sculpt-dev
bevelv2
xr-dev
v4.1.1
v3.6.11
v3.3.18
v4.1.0
v3.3.17
v3.6.10
v3.6.9
v3.3.16
v3.6.8
v3.6.7
v3.3.14
v4.0.2
v4.0.1
v4.0.0
v3.6.5
v3.3.12
v3.6.4
v3.6.3
v3.3.11
v3.6.2
v3.3.10
v3.6.1
v3.3.9
v3.6.0
v3.3.8
v3.3.7
v2.93.18
v3.5.1
v3.3.6
v2.93.17
v3.5.0
v2.93.16
v3.3.5
v3.3.4
v2.93.15
v2.93.14
v3.3.3
v2.93.13
v2.93.12
v3.4.1
v3.3.2
v3.4.0
v3.3.1
v2.93.11
v3.3.0
v3.2.2
v2.93.10
v3.2.1
v3.2.0
v2.83.20
v2.93.9
v3.1.2
v3.1.1
v3.1.0
v2.83.19
v2.93.8
v3.0.1
v2.93.7
v3.0.0
v2.93.6
v2.93.5
v2.83.18
v2.93.4
v2.93.3
v2.83.17
v2.93.2
v2.93.1
v2.83.16
v2.93.0
v2.83.15
v2.83.14
v2.83.13
v2.92.0
v2.83.12
v2.91.2
v2.83.10
v2.91.0
v2.83.9
v2.83.8
v2.83.7
v2.90.1
v2.83.6.1
v2.83.6
v2.90.0
v2.83.5
v2.83.4
v2.83.3
v2.83.2
v2.83.1
v2.83
v2.82a
v2.82
v2.81a
v2.81
v2.80
v2.80-rc3
v2.80-rc2
v2.80-rc1
v2.79b
v2.79a
v2.79
v2.79-rc2
v2.79-rc1
v2.78c
v2.78b
v2.78a
v2.78
v2.78-rc2
v2.78-rc1
v2.77a
v2.77
v2.77-rc2
v2.77-rc1
v2.76b
v2.76a
v2.76
v2.76-rc3
v2.76-rc2
v2.76-rc1
v2.75a
v2.75
v2.75-rc2
v2.75-rc1
v2.74
v2.74-rc4
v2.74-rc3
v2.74-rc2
v2.74-rc1
v2.73a
v2.73
v2.73-rc1
v2.72b
2.72b
v2.72a
v2.72
v2.72-rc1
v2.71
v2.71-rc2
v2.71-rc1
v2.70a
v2.70
v2.70-rc2
v2.70-rc
v2.69
v2.68a
v2.68
v2.67b
v2.67a
v2.67
v2.66a
v2.66
v2.65a
v2.65
v2.64a
v2.64
v2.63a
v2.63
v2.61
v2.60a
v2.60
v2.59
v2.58a
v2.58
v2.57b
v2.57a
v2.57
v2.56a
v2.56
v2.55
v2.54
v2.53
v2.52
v2.51
v2.50
v2.49b
v2.49a
v2.49
v2.48a
v2.48
v2.47
v2.46
v2.45
v2.44
v2.43
v2.42a
v2.42
v2.41
v2.40
v2.37a
v2.37
v2.36
v2.35a
v2.35
v2.34
v2.33a
v2.33
v2.32
v2.31a
v2.31
v2.30
v2.28c
v2.28a
v2.28
v2.27
v2.26
v2.25
Labels
Clear labels   
Interest
Alembic

  
Interest
Animation & Rigging

  
Interest
Asset Browser

  
Interest
Asset Browser Project Overview

  
Interest
Audio

  
Interest
Automated Testing

  
Interest
Blender Asset Bundle

  
Interest
BlendFile

  
Interest
Collada

  
Interest
Compatibility
This issue affects/is about backward or forward compatibility

  
Interest
Compositing

  
Interest
Core

  
Interest
Cycles

  
Interest
Dependency Graph

  
Interest
Development Management

  
Interest
EEVEE

  
Interest
EEVEE & Viewport

  
Interest
Freestyle

  
Interest
Geometry Nodes

  
Interest
Grease Pencil

  
Interest
ID Management

  
Interest
Images & Movies

  
Interest
Import Export

  
Interest
Line Art

  
Interest
Masking

  
Interest
Metal

  
Interest
Modeling

  
Interest
Modifiers

  
Interest
Motion Tracking

  
Interest
Nodes & Physics

  
Interest
OpenGL

  
Interest
Overlay

  
Interest
Overrides

  
Interest
Performance

  
Interest
Physics

  
Interest
Pipeline, Assets & IO

  
Interest
Platforms, Builds & Tests

  
Interest
Python API

  
Interest
Render & Cycles

  
Interest
Render Pipeline

  
Interest
Sculpt, Paint & Texture

  
Interest
Text Editor

  
Interest
Translations

  
Interest
Triaging

  
Interest
Undo

  
Interest
USD

  
Interest
User Interface

  
Interest
UV Editing

  
Interest
VFX & Video

  
Interest
Video Sequencer

  
Interest
Virtual Reality

  
Interest
Vulkan

  
Interest
Wayland
Issues relating to Wayland windowing support.

  
Interest
Workbench

  
Interest: X11

Issues relating to Xorg/X11 support.

  
Legacy
Blender 2.8 Project

  
Legacy
Milestone 1: Basic, Local Asset Browser

  
Legacy
OpenGL Error

  
Meta
Good First Issue

  
Meta
Papercut

  
Meta
Retrospective

  
Meta
Security
Issues relating to security: https://wiki.blender.org/wiki/Process/Vulnerability_Reports

  
Module
Animation & Rigging

  
Module
Core

  
Module
Development Management

  
Module
EEVEE & Viewport

  
Module
Grease Pencil

  
Module
Modeling

  
Module
Nodes & Physics

  
Module
Pipeline, Assets & IO

  
Module
Platforms, Builds & Tests

  
Module
Python API

  
Module
Render & Cycles

  
Module
Sculpt, Paint & Texture

  
Module
Triaging

  
Module
User Interface

  
Module
VFX & Video

  
Platform
FreeBSD

  
Platform
Linux

  
Platform
macOS

  
Platform
Windows

  
Priority
High

  
Priority
Low

  
Priority
Normal

  
Priority
Unbreak Now!

  
Status
Archived

  
Status
Confirmed

  
Status
Duplicate

  
Status
Needs Info from Developers

  
Status
Needs Information from User

  
Status
Needs Triage

  
Status
Resolved

  
Type
Bug

  
Type
Design

  
Type
Known Issue

  
Type
Patch

  
Type
Report

  
Type
To Do

No Label
Interest
Alembic
Interest
Animation & Rigging
Interest
Asset Browser
Interest
Asset Browser Project Overview
Interest
Audio
Interest
Automated Testing
Interest
Blender Asset Bundle
Interest
BlendFile
Interest
Collada
Interest
Compatibility
Interest
Compositing
Interest
Core
Interest
Cycles
Interest
Dependency Graph
Interest
Development Management
Interest
EEVEE
Interest
EEVEE & Viewport
Interest
Freestyle
Interest
Geometry Nodes
Interest
Grease Pencil
Interest
ID Management
Interest
Images & Movies
Interest
Import Export
Interest
Line Art
Interest
Masking
Interest
Metal
Interest
Modeling
Interest
Modifiers
Interest
Motion Tracking
Interest
Nodes & Physics
Interest
OpenGL
Interest
Overlay
Interest
Overrides
Interest
Performance
Interest
Physics
Interest
Pipeline, Assets & IO
Interest
Platforms, Builds & Tests
Interest
Python API
Interest
Render & Cycles
Interest
Render Pipeline
Interest
Sculpt, Paint & Texture
Interest
Text Editor
Interest
Translations
Interest
Triaging
Interest
Undo
Interest
USD
Interest
User Interface
Interest
UV Editing
Interest
VFX & Video
Interest
Video Sequencer
Interest
Virtual Reality
Interest
Vulkan
Interest
Wayland
Interest
Workbench
Interest: X11
Legacy
Blender 2.8 Project
Legacy
Milestone 1: Basic, Local Asset Browser
Legacy
OpenGL Error
Meta
Good First Issue
Meta
Papercut
Meta
Retrospective
Meta
Security
Module
Animation & Rigging
Module
Core
Module
Development Management
Module
EEVEE & Viewport
Module
Grease Pencil
Module
Modeling
Module
Nodes & Physics
Module
Pipeline, Assets & IO
Module
Platforms, Builds & Tests
Module
Python API
Module
Render & Cycles
Module
Sculpt, Paint & Texture
Module
Triaging
Module
User Interface
Module
VFX & Video
Platform
FreeBSD
Platform
Linux
Platform
macOS
Platform
Windows
Priority
High
Priority
Low
Priority
Normal
Priority
Unbreak Now!
Status
Archived
Status
Confirmed
Status
Duplicate
Status
Needs Info from Developers
Status
Needs Information from User
Status
Needs Triage
Status
Resolved
Type
Bug
Type
Design
Type
Known Issue
Type
Patch
Type
Report
Type
To Do
Milestone
Clear milestone
No items
No Milestone
2.91
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
Philipp Oeser
3 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: blender/blender#84586
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?