Search Issue Tracker
Third Party Issue
Votes
0
Found in
2022.3.51f1
Issue ID
UUM-86173
Regression
Yes
Crash on block_remove when opening a project with a corrupted library
How to reproduce:
1. Open the attached “IN-87449“ project
2. Observe the crash
Reproducible with: 2022.2.17f1, 2022.3.51f1
Not reproducible with: 2021.3.45f1, 2022.2.16f1, 6000.0.25f1, 6000.1.0a2
Reproduced on: Windows 11
Not reproduced on: No other environment tested
Notes:
- Deleting the Library folder resolves the issue
- When not reproducible, the project opens in Safe Mode
First few lines of the stack trace:
{noformat}0x00007FF7F4488E22 (Unity) block_remove
0x00007FF7F4488EF3 (Unity) block_trim_used
0x00007FF7F4489596 (Unity) tlsf_realloc_align_inplace
0x00007FF7F222DDF9 (Unity) DynamicHeapAllocator::Reallocate
0x00007FF7F2238181 (Unity) DualThreadAllocator<DynamicHeapAllocator>::Reallocate{noformat}
Add comment
All about bugs
View bugs we have successfully reproduced, and vote for the bugs you want to see fixed most urgently.
Latest issues
- Channel remapping dropdown in the Terrain Layer does not open when clicked on the title
- The Editor freezes indefinitely when a large number of elements are entered in the Subgraphs or Categories lists
- Some Visual Effects package Assets links to documentation are not working
- Heatmap asset’s documentation button in the Inspector window leads to “Sorry... that page seems to be missing!” page when clicked
- Crash on MonoBehaviour::CallMethodIfAvailable when performing various actions
Resolution Note:
The problem is in https://modular-avatar.nadena.dev/
They are using unsafe functions from NativeArray in a wrong way and write out of bounds memory. I'm attaching the callstack for future references:
```
[UnityEngine.CoreModule.dll] (wrapper managed-to-native) Unity.Collections.LowLevel.Unsafe.UnsafeUtility:MemSet (void*,byte,long)
[nadena.dev.modular-avatar.core.dll] nadena.dev.modular_avatar.core.armature_lock.NativeMemoryManager:SetInUseMask (int,int,bool)
[nadena.dev.modular-avatar.core.dll] nadena.dev.modular_avatar.core.armature_lock.NativeMemoryManager:<.ctor>b__13_0 (nadena.dev.modular_avatar.core.armature_lock.ISegment)
[nadena.dev.modular-avatar.core.dll] nadena.dev.modular_avatar.core.armature_lock.AllocationMap:FreeSegment (nadena.dev.modular_avatar.core.armature_lock.ISegment)
[nadena.dev.modular-avatar.core.dll] nadena.dev.modular_avatar.core.armature_lock.NativeMemoryManager:Allocate (int)
[nadena.dev.modular-avatar.core.dll] nadena.dev.modular_avatar.core.armature_lock.ArmatureLockOperator`1<T_REF>:RegisterLock (System.Collections.Generic.IEnumerable`1<System.ValueTuple`2<UnityEngine.Transform, UnityEngine.Transform>>)
[nadena.dev.modular-avatar.core.dll] nadena.dev.modular_avatar.core.armature_lock.ArmatureLockController:RebuildLock ()
[nadena.dev.modular-avatar.core.dll] nadena.dev.modular_avatar.core.armature_lock.ArmatureLockController:set_Mode (nadena.dev.modular_avatar.core.ArmatureLockMode)
[nadena.dev.modular-avatar.core.dll] nadena.dev.modular_avatar.core.ModularAvatarMergeArmature:SetLockMode ()
[nadena.dev.modular-avatar.core.dll] nadena.dev.modular_avatar.core.ModularAvatarMergeArmature:OnEnable ()
```