Search Issue Tracker
Won't Fix
Votes
6
Found in
2021.3.32f1
2022.3.13f1
2023.2.1f1
2023.3.0a15
Issue ID
UUM-57087
Regression
No
[Android] Player crashes on "CustomMeshUtility_CopyPtrToValueAndIncrIdx_TisVector3..." when ARMv7 is enabled in the Configuration settings and IL2CPP Scripting Backend is selected
How to reproduce:
1. Open the "IN_61034" project
2. In the Build Settings "Run Device" dropdown, select the desired device
3. Press Build And Run
4. Swipe on the device screen
Expected result: "LoadMesh" Plane GameObject changes colour to red
Actual result: Player crashes
Reproducible with: 2021.3.32f1, 2022.3.13f1, 2023.2.1f1, 2023.3.0a15
Testing environment: Windows 10 Pro
Not reproducible on: No other environment tested
Reproducible with these devices:
VLNQA00178, Xiaomi Redmi Note 4 (Redmi Note 4), Android 6.0, CPU: MediaTek Helio X20 MT6797M, GPU: Mali-T880
VLNQA00120, Google Pixel 2 (Pixel 2), Android 8.1.0, CPU: Snapdragon 835 MSM8998, GPU: Adreno (TM) 540
VLNQA00267, Samsung Galaxy S10+ (SM-G975F), Android 12, CPU: Exynos 9 (9820), GPU: Mali-G76
VLNQA00489, Htc 10 (HTC 10), Android 6.0.1, CPU: Snapdragon 820 MSM8996, GPU: Adreno (TM) 530
Not reproducible with these devices:
VLNQA00494 - iPhone 14 Pro Max, 16.3.1 iOS
VLNQA00358 - iPhone 12, 14.1 iOS
VLNQA00392 - iPad (9th generation), 15.0 iOS
VLNQA00310 - iPad Pro 12.9", 13.4.1 iOS
Notes:
- Not reproducible on the Windows Standalone and iOS Platforms (others not tested)
- Only ARMv7 architecture must be selected
- Not reproducible with Mono Scripting Backend
First lines of the Stack Trace:
#00 pc 003727b0 (CustomMeshUtility_CopyPtrToValueAndIncrIdx_TisVector3_t24C512C7B96BBABAD472002D0BA2BDA40A5A80B2_mD5BE852E19DDA3F9CF8472AB5C415C3E4BDE2126_gshared at C:/Users/USERNAME/Downloads/IN-61034_androidcrash (1)/Library/Bee/artifacts/Android/il2cppOutput/cpp\GenericMethods__2.cpp:12056) /data/app/~~K3aNswstHHBi8UlHjnZ9Dg==/com.DefaultCompany.AndroidCrash-mTOiVL8c4tlUhckF1UmTGA==/lib/arm/libil2cpp.so (BuildId: 6c30c145e5ddbbdd)
#01 pc 0032bf90 (CustomMeshUtility_CopyPtrToValueAndIncrIdx_TisVector3_t24C512C7B96BBABAD472002D0BA2BDA40A5A80B2_mD5BE852E19DDA3F9CF8472AB5C415C3E4BDE2126(NativeSlice_1_tCEC4B2B900638EC1820BB61FE436766204DFD8DA, Vector3_t24C512C7B96BBABAD472002D0BA2BDA40A5A80B2*, int*, MethodInfo const*) at C:/Users/USERNAME/Downloads/IN-61034_androidcrash (1)/Library/Bee/artifacts/Android/il2cppOutput/cpp\Assembly-CSharp.cpp:893) /data/app/~~K3aNswstHHBi8UlHjnZ9Dg==/com.DefaultCompany.AndroidCrash-mTOiVL8c4tlUhckF1UmTGA==/lib/arm/libil2cpp.so (BuildId: 6c30c145e5ddbbdd)
#02 pc 0032c358 (LoadMesh_LoadCustomMesh_m016148D06D5451D19E840F1EA609534309997D12 at C:/Users/USERNAME/Downloads/IN-61034_androidcrash (1)/Library/Bee/artifacts/Android/il2cppOutput/cpp\Assembly-CSharp.cpp:2123) /data/app/~~K3aNswstHHBi8UlHjnZ9Dg==/com.DefaultCompany.AndroidCrash-mTOiVL8c4tlUhckF1UmTGA==/lib/arm/libil2cpp.so (BuildId: 6c30c145e5ddbbdd)
Add comment
All about bugs
View bugs we have successfully reproduced, and vote for the bugs you want to see fixed most urgently.
Latest issues
- [Search] Query Builder - uneditable NaN in Transform vectors
- Transform.rotation property is as a Vector4 Quaternion instead of a Vector3 field when using InspectorElement.FillDefaultInspector
- [Search] Query Builder - "Input String was not in a correct format" error when changing query options
- MacOS Xcode project build fails when a package has PrivacyManifest
- [IL2CPP] Crash when closing the Player while an exception is thrown during exception handling
Resolution Note:
There's a bug in your CopyPtrToValueAndIncrIdx function.
When reading floats from memory, memory addressed need to be aligned by 4, as specified here - https://developer.arm.com/documentation/dui0801/g/Floating-point-Instructions--32-bit-/VSTR--floating-point-
You can add this code to see if there's misalignment:
public static unsafe void CopyPtrToValueAndIncrIdx<U>(NativeSlice<byte> pBuffer, ref U xValue, ref int iBufferIndex) where U : unmanaged
{
int iByteSize = sizeof(U);
U* unsafePtr = (U*)((byte*)pBuffer.GetUnsafePtr() + iBufferIndex);
if (typeof(U) == typeof(Vector3))
{
if (((UInt64)unsafePtr) % 4 != 0)
{
Debug.LogError($"Misalign {(UInt64)unsafePtr}");
return;
}
}
xValue = *unsafePtr;
iBufferIndex += iByteSize;
}
There's few possible ways to fix this:
1. Rearrange your data so float based values like Vector3 would be placed without the need to align (for ex., at the beginning of memory stream)
2. Adding padding data before float based values, to ensure alignment.
It doesn't happen on Mono, because on Mono C# code is JIT'ed, meaning the assembly is generated without NEON instructions which have alignment restrictions for cases like this.