Search Issue Tracker
Fixed in 6000.5.0a7
Fixed in 6000.4.X
Votes
0
Found in
6000.0.59f1
6000.2.8f1
6000.3.0b5
6000.4.0a2
Issue ID
UUM-122104
Regression
No
Crash on mono_object_handle_isinst_mbyref_raw when SerializedReference points to a struct implementing ISerializationCallbackReceiver whose first field is a UnityEngine.Object
How to reproduce:
1. Open the attached “IN-116470” project
2. Open the "BugReportSerialization" scene
3. In the Hierarchy, select the "Test3 Crash" GameObject
4. In the Inspector, expand the dropdown under the “Test Behavior 3 (script)“ component
5. Select "TestStruct`1[[ITest]]”
6. Observe the crash
Reproducible with: 6000.0.44f1, 6000.0.59f1, 6000.2.8f1, 6000.3.0b5, 6000.4.0a2
Could not test with: 6000.0.43f1 (no dropdown available in the script component)
Reproduced on: Windows 10 (user reported), Windows 11
Not reproduced on: No other environment tested
Note: The crash does not occur when the line 136: "private bool m_issuePrevention;" is uncommented in “ITest.cs”
First few lines of the stack trace:
0x00007FF91C7935EA (mono-2.0-bdwgc) [C:\build\output\Unity-Technologies\mono\mono\metadata\object.c:7548] mono_object_handle_isinst_mbyref_raw
0x00007FF91C7932D6 (mono-2.0-bdwgc) [C:\build\output\Unity-Technologies\mono\mono\metadata\object.c:7468] mono_object_isinst_checked
0x00007FF91C725724 (mono-2.0-bdwgc) [C:\build\output\Unity-Technologies\mono\mono\metadata\marshal.c:4218] mono_marshal_isinst_with_cache
0x000001E9465E2DE7 ((<unknown>)) (function-name not available)
0x000001E9DC952A4B (Mono JIT Code) (wrapper castclass) object:__isinst_with_cache
Add comment
All about bugs
View bugs we have successfully reproduced, and vote for the bugs you want to see fixed most urgently.
Latest issues
- Long Property names are not truncated in the Add Property dropdown in the Animation window when the Long Property name does not fit
- [iOS] High CPU load when device keyboard is open
- Selected Animation clip in the Animation window changes when the Domain Reload is triggered
- Animation window scrollbar keeps resetting when the scrollbar width is changed after adding an event
- LocalizationSettings.InitializationOperation hangs when re-entering Play Mode with Domain Reload disabled
Resolution Note (fix version 6000.5.0a7):
Fixed an issue where modifying a struct field in the OnAfterDeserialize when invoked on a boxed struct object corrupted the object's memory. The fix is using a correct method invocation target to avoid the memory corruption.
Resolution Note (fix version 6000.4):
Fixed an issue where modifying a struct field in the OnAfterDeserialize when invoked on a boxed struct object corrupted the object's memory. The fix is using a correct method invocation target to avoid the memory corruption.