Search Issue Tracker
Won't Fix
Won't Fix in 2021.3.X
Votes
0
Found in
2021.3.11f1
Issue ID
UUM-602
Regression
No
Crash on ves_icall_RuntimeFieldInfo_GetValueInternal_raw when trying to save a Project search query in the SearchEngine
Reproduction steps:
1. Open the user's attached project
2. Open Window -> Search -> New Window
3. Type anything in the search bar
4. Tap on the save icon right of the search bar and select 'Save Project...'
5. Name it and save it in the Assets folder
Expected result: The asset is saved
Actual result: The asset is saved but the Editor also crashes
Reproducible with: 2021.2.17f1, 2022.2.0a9
Couldn't test with: 2019.4.37f1, 2020.3.32f1 (Downgrading issues)
Stacktrace:
0x00007ffaac502269 (mono-2.0-bdwgc) \[icall-def.h:700] ves_icall_RuntimeFieldInfo_GetValueInternal_raw
0x000002cdceeb0134 (Mono JIT Code) (wrapper managed-to-native) System.Reflection.RuntimeFieldInfo:GetValueInternal (System.Reflection.RuntimeFieldInfo,object)
0x000002cdceeaf8eb (Mono JIT Code) System.Reflection.RuntimeFieldInfo:GetValue (object)
0x000002d0fece86f0 (Mono JIT Code) \[ReflectionUtility.cs:125] Reflection.Helpers.ReflectionHelpers:GetAllFieldPathsRecursiveCall<TFieldType_REF> (object,System.Collections.Generic.List`1<string>,string,System.Collections.Generic.HashSet`1<object>)
Add comment
All about bugs
View bugs we have successfully reproduced, and vote for the bugs you want to see fixed most urgently.
Latest issues
- Projection matrix is altered when using RasterCommandBuffer.ClearRenderTarget on DX12 and Metal
- Entities Hierarchy window allows Cyclic nesting and throws an “ArgumentException: Cyclic nesting detected” error when dragging a Prefab onto the same Prefab in the Entities Hierarchy
- EnterPlayModeOptions doesn't take effect if user manually modifies m_EnterPlayModeOptionsEnabled to 0
- VFX Graph Documentation dropdown button does nothing when clicked on the right side
- Required SpriteMask class (ID 331) is stripped when "Strip Engine Code" is enabled
Resolution Note:
Crash is caused by customer project passing in a bad Pointer into a Reflection API. When mono attempts to resolve the _ptr field containing the bad pointer value it accesses invalid memory triggering a crash. Unfortunately introducing a check for a valid pointer will have severe performance issues and we will have to trust that users ensure they are passing in valid data to Reflection APIs.
Resolution Note (2021.3.X):
Crash is caused by customer project passing in a bad Pointer into a Reflection API. When mono attempts to resolve the _ptr field containing the bad pointer value it accesses invalid memory triggering a crash. Unfortunately introducing a check for a valid pointer will have severe performance issues and we will have to trust that users ensure they are passing in valid data to Reflection APIs.