Search Issue Tracker
Third Party Issue
Votes
0
Found in
2022.3.51f1
Issue ID
UUM-86173
Regression
Yes
Crash on block_remove when opening a project with a corrupted library
How to reproduce:
1. Open the attached “IN-87449“ project
2. Observe the crash
Reproducible with: 2022.2.17f1, 2022.3.51f1
Not reproducible with: 2021.3.45f1, 2022.2.16f1, 6000.0.25f1, 6000.1.0a2
Reproduced on: Windows 11
Not reproduced on: No other environment tested
Notes:
* Deleting the Library folder resolves the issue
* When not reproducible, the project opens in Safe Mode
First few lines of the stack trace:
{noformat}0x00007FF7F4488E22 (Unity) block_remove
0x00007FF7F4488EF3 (Unity) block_trim_used
0x00007FF7F4489596 (Unity) tlsf_realloc_align_inplace
0x00007FF7F222DDF9 (Unity) DynamicHeapAllocator::Reallocate
0x00007FF7F2238181 (Unity) DualThreadAllocator<DynamicHeapAllocator>::Reallocate{noformat}
Add comment
All about bugs
View bugs we have successfully reproduced, and vote for the bugs you want to see fixed most urgently.
Latest issues
- Color mismatch in UI Builders Library panel when the Editors theme is set to Light Mode
- [Android ] "AndroidJNI.ToBooleanArray" returns a random non-zero value instead of "IntPtr.Zero" when the method argument is null
- Non-HDR color picker opens when selecting material color with HDR enabled
- Crash on EditorApplication:Internal_CallUpdateFunctions when pushing property block by index to SpriteShapeRenderer
- Depth Texture Mode "After Opaques" breaks when "Full Screen Pass Renderer Feature" is added
Resolution Note:
The problem is in https://modular-avatar.nadena.dev/
They are using unsafe functions from NativeArray in a wrong way and write out of bounds memory. I'm attaching the callstack for future references:
```
[UnityEngine.CoreModule.dll] (wrapper managed-to-native) Unity.Collections.LowLevel.Unsafe.UnsafeUtility:MemSet (void*,byte,long)
[nadena.dev.modular-avatar.core.dll] nadena.dev.modular_avatar.core.armature_lock.NativeMemoryManager:SetInUseMask (int,int,bool)
[nadena.dev.modular-avatar.core.dll] nadena.dev.modular_avatar.core.armature_lock.NativeMemoryManager:<.ctor>b__13_0 (nadena.dev.modular_avatar.core.armature_lock.ISegment)
[nadena.dev.modular-avatar.core.dll] nadena.dev.modular_avatar.core.armature_lock.AllocationMap:FreeSegment (nadena.dev.modular_avatar.core.armature_lock.ISegment)
[nadena.dev.modular-avatar.core.dll] nadena.dev.modular_avatar.core.armature_lock.NativeMemoryManager:Allocate (int)
[nadena.dev.modular-avatar.core.dll] nadena.dev.modular_avatar.core.armature_lock.ArmatureLockOperator`1<T_REF>:RegisterLock (System.Collections.Generic.IEnumerable`1<System.ValueTuple`2<UnityEngine.Transform, UnityEngine.Transform>>)
[nadena.dev.modular-avatar.core.dll] nadena.dev.modular_avatar.core.armature_lock.ArmatureLockController:RebuildLock ()
[nadena.dev.modular-avatar.core.dll] nadena.dev.modular_avatar.core.armature_lock.ArmatureLockController:set_Mode (nadena.dev.modular_avatar.core.ArmatureLockMode)
[nadena.dev.modular-avatar.core.dll] nadena.dev.modular_avatar.core.ModularAvatarMergeArmature:SetLockMode ()
[nadena.dev.modular-avatar.core.dll] nadena.dev.modular_avatar.core.ModularAvatarMergeArmature:OnEnable ()
```