Search Issue Tracker
Won't Fix
Won't Fix in 2021.3.X
Votes
0
Found in
2021.3.11f1
Issue ID
UUM-602
Regression
No
Crash on ves_icall_RuntimeFieldInfo_GetValueInternal_raw when trying to save a Project search query in the SearchEngine
Reproduction steps:
1. Open the user's attached project
2. Open Window -> Search -> New Window
3. Type anything in the search bar
4. Tap on the save icon right of the search bar and select 'Save Project...'
5. Name it and save it in the Assets folder
Expected result: The asset is saved
Actual result: The asset is saved but the Editor also crashes
Reproducible with: 2021.2.17f1, 2022.2.0a9
Couldn't test with: 2019.4.37f1, 2020.3.32f1 (Downgrading issues)
Stacktrace:
0x00007ffaac502269 (mono-2.0-bdwgc) \[icall-def.h:700] ves_icall_RuntimeFieldInfo_GetValueInternal_raw
0x000002cdceeb0134 (Mono JIT Code) (wrapper managed-to-native) System.Reflection.RuntimeFieldInfo:GetValueInternal (System.Reflection.RuntimeFieldInfo,object)
0x000002cdceeaf8eb (Mono JIT Code) System.Reflection.RuntimeFieldInfo:GetValue (object)
0x000002d0fece86f0 (Mono JIT Code) \[ReflectionUtility.cs:125] Reflection.Helpers.ReflectionHelpers:GetAllFieldPathsRecursiveCall<TFieldType_REF> (object,System.Collections.Generic.List`1<string>,string,System.Collections.Generic.HashSet`1<object>)
Add comment
All about bugs
View bugs we have successfully reproduced, and vote for the bugs you want to see fixed most urgently.
Latest issues
- Required SpriteMask class (ID 331) is stripped when "Strip Engine Code" is enabled
- “Maximized serialized file backup not found” error is thrown when minimizing a window in a newly opened project
- Build stack trace contains invalid lines when building with IL2CPP using scripts with delegates containing generic types in the signature
- Entities Systems window has a “Show Full Player Loop” dropdown which does nothing when clicked after enabling “Show Full Player Loop”
- Entities Hierarchy Search “Show/Hide” button’s Lens Icon is blurry when the Editor is on an external monitor
Resolution Note:
Crash is caused by customer project passing in a bad Pointer into a Reflection API. When mono attempts to resolve the _ptr field containing the bad pointer value it accesses invalid memory triggering a crash. Unfortunately introducing a check for a valid pointer will have severe performance issues and we will have to trust that users ensure they are passing in valid data to Reflection APIs.
Resolution Note (2021.3.X):
Crash is caused by customer project passing in a bad Pointer into a Reflection API. When mono attempts to resolve the _ptr field containing the bad pointer value it accesses invalid memory triggering a crash. Unfortunately introducing a check for a valid pointer will have severe performance issues and we will have to trust that users ensure they are passing in valid data to Reflection APIs.