Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Executing ColorPickerButton.propagate_notification(33) crashes Godot #54168

Closed
qarmin opened this issue Oct 23, 2021 · 1 comment
Closed

Executing ColorPickerButton.propagate_notification(33) crashes Godot #54168

qarmin opened this issue Oct 23, 2021 · 1 comment
Labels
bug crash topic:gui
Milestone
3.4

Comments

@qarmin
Copy link
Contributor

qarmin commented Oct 23, 2021

Godot version

3.4.beta.custom_build. 01ae488

System information

Ubuntu 21.10 - Nvidia GTX 970, Gnome shell 3.38 X11

Issue description

When executing

	var temp_variable115 = ColorPickerButton.new()
	temp_variable115.propagate_notification(33)

Godot crashes with this backtrace

scene/gui/control.cpp:555:31: runtime error: member access within null pointer of type 'struct Viewport'
scene/gui/control.cpp:555:31: runtime error: member call on null pointer of type 'struct Object'
scene/gui/control.cpp:555:31: runtime error: member access within null pointer of type 'struct Object'

================================================================
handle_crash: Program crashed with signal 11
Engine version: Godot Engine v3.4.rc.custom_build (62f56af6942438d70c7787770e2cf84c46fea546)
Dumping the backtrace. Please include this when reporting the bug on https://github.com/godotengine/godot/issues
[1] godots() [0x17d976c] (/mnt/Miecz/godot3.2/platform/x11/crash_handler_x11.cpp:56)
[2] /lib/x86_64-linux-gnu/libc.so.6(+0x46520) [0x7f34bf935520] (??:0)
[3] Control::_notification(int) (/mnt/Miecz/godot3.2/scene/gui/control.cpp:555)
[4] Control::_notificationv(int, bool) (/mnt/Miecz/godot3.2/./scene/gui/control.h:47 (discriminator 14))
[5] BaseButton::_notificationv(int, bool) (/mnt/Miecz/godot3.2/./scene/gui/base_button.h:39 (discriminator 3))
[6] Button::_notificationv(int, bool) (/mnt/Miecz/godot3.2/./scene/gui/button.h:37 (discriminator 3))
[7] ColorPickerButton::_notificationv(int, bool) (/mnt/Miecz/godot3.2/scene/gui/color_picker.h:149 (discriminator 3))
[8] Object::notification(int, bool) (/mnt/Miecz/godot3.2/core/object.cpp:929)
[9] Node::propagate_notification(int) (/mnt/Miecz/godot3.2/scene/main/node.cpp:1736)
[10] MethodBind1<int>::call(Object*, Variant const**, int, Variant::CallError&) (/mnt/Miecz/godot3.2/./core/method_bind.gen.inc:775 (discriminator 12))
[11] Object::call(StringName const&, Variant const**, int, Variant::CallError&) (/mnt/Miecz/godot3.2/core/object.cpp:918 (discriminator 1))
[12] Object::callv(StringName const&, Array const&) (/mnt/Miecz/godot3.2/core/object.cpp:828 (discriminator 1))
[13] MethodBind2R<Variant, StringName const&, Array const&>::call(Object*, Variant const**, int, Variant::CallError&) (/mnt/Miecz/godot3.2/./core/method_bind.gen.inc:1717 (discriminator 12))
[14] Object::call(StringName const&, Variant const**, int, Variant::CallError&) (/mnt/Miecz/godot3.2/core/object.cpp:918 (discriminator 1))
[15] Variant::call_ptr(StringName const&, Variant const**, int, Variant*, Variant::CallError&) (/mnt/Miecz/godot3.2/core/variant_call.cpp:1175 (discriminator 1))
[16] GDScriptFunction::call(GDScriptInstance*, Variant const**, int, Variant::CallError&, GDScriptFunction::CallState*) (/mnt/Miecz/godot3.2/modules/gdscript/gdscript_function.cpp:1044)
[17] GDScriptInstance::call(StringName const&, Variant const**, int, Variant::CallError&) (/mnt/Miecz/godot3.2/modules/gdscript/gdscript.cpp:1169)
[18] Object::call(StringName const&, Variant const**, int, Variant::CallError&) (/mnt/Miecz/godot3.2/core/object.cpp:899 (discriminator 1))
[19] Variant::call_ptr(StringName const&, Variant const**, int, Variant*, Variant::CallError&) (/mnt/Miecz/godot3.2/core/variant_call.cpp:1175 (discriminator 1))
[20] GDScriptFunction::call(GDScriptInstance*, Variant const**, int, Variant::CallError&, GDScriptFunction::CallState*) (/mnt/Miecz/godot3.2/modules/gdscript/gdscript_function.cpp:1049)
[21] GDScriptInstance::call_multilevel(StringName const&, Variant const**, int) (/mnt/Miecz/godot3.2/modules/gdscript/gdscript.cpp:1184)
[22] Node::_notification(int) (/mnt/Miecz/godot3.2/scene/main/node.cpp:57)
[23] Node::_notificationv(int, bool) (/mnt/Miecz/godot3.2/./scene/main/node.h:45 (discriminator 14))
[24] Object::notification(int, bool) (/mnt/Miecz/godot3.2/core/object.cpp:929)
[25] SceneTree::_notify_group_pause(StringName const&, int) (/mnt/Miecz/godot3.2/scene/main/scene_tree.cpp:977)
[26] SceneTree::idle(float) (/mnt/Miecz/godot3.2/scene/main/scene_tree.cpp:528 (discriminator 3))
[27] Main::iteration() (/mnt/Miecz/godot3.2/main/main.cpp:2188)
[28] OS_X11::run() (/mnt/Miecz/godot3.2/platform/x11/os_x11.cpp:3641)
[29] godots(main+0x33e) [0x17cfd54] (/mnt/Miecz/godot3.2/platform/x11/godot_x11.cpp:57)
[30] /lib/x86_64-linux-gnu/libc.so.6(+0x2dfd0) [0x7f34bf91cfd0] (??:0)
[31] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x7d) [0x7f34bf91d07d] (??:0)
[32] godots(_start+0x25) [0x17cf955] (??:?)
-- END OF BACKTRACE --
================================================================

This example was found by Godot fuzzer - Qarminer, so it is quite unlikelly that this code could be used in real project, but still this should be handled gracefully.

Steps to reproduce

Above

Minimal reproduction project

No response
@miraz12 miraz12 mentioned this issue Oct 23, 2021
Merged
@akien-mga akien-mga added this to the 3.4 milestone Oct 25, 2021
@akien-mga
Copy link
Member

Fixed by #54170 (and by #54120 in 4.0).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug crash topic:gui
Projects
None yet
Milestone
3.4
Development

No branches or pull requests
3 participants
@Calinou @akien-mga @qarmin