Search Issue Tracker
Won't Fix
Won't Fix in 2021.3.X
Votes
0
Found in
2021.3.11f1
Issue ID
UUM-602
Regression
No
Crash on ves_icall_RuntimeFieldInfo_GetValueInternal_raw when trying to save a Project search query in the SearchEngine
Reproduction steps:
1. Open the user's attached project
2. Open Window -> Search -> New Window
3. Type anything in the search bar
4. Tap on the save icon right of the search bar and select 'Save Project...'
5. Name it and save it in the Assets folder
Expected result: The asset is saved
Actual result: The asset is saved but the Editor also crashes
Reproducible with: 2021.2.17f1, 2022.2.0a9
Couldn't test with: 2019.4.37f1, 2020.3.32f1 (Downgrading issues)
Stacktrace:
0x00007ffaac502269 (mono-2.0-bdwgc) \[icall-def.h:700] ves_icall_RuntimeFieldInfo_GetValueInternal_raw
0x000002cdceeb0134 (Mono JIT Code) (wrapper managed-to-native) System.Reflection.RuntimeFieldInfo:GetValueInternal (System.Reflection.RuntimeFieldInfo,object)
0x000002cdceeaf8eb (Mono JIT Code) System.Reflection.RuntimeFieldInfo:GetValue (object)
0x000002d0fece86f0 (Mono JIT Code) \[ReflectionUtility.cs:125] Reflection.Helpers.ReflectionHelpers:GetAllFieldPathsRecursiveCall<TFieldType_REF> (object,System.Collections.Generic.List`1<string>,string,System.Collections.Generic.HashSet`1<object>)
Add comment
All about bugs
View bugs we have successfully reproduced, and vote for the bugs you want to see fixed most urgently.
Latest issues
- Shader warning in 'Hidden/Core/DebugOccluder' thrown after building High Definition 3D Sample Template
- Audio Mixer “+” buttons overlap with UI when the Audio Mixer window layout is set to Horizontal
- "Clear" button in the "Set project display name" closes all the pop-up instead of clearing just a name from the field
- Video Player renders no video on specific devices when using Vulkan
- The Editor slows itself down by showing tons of warnings when the majority of TransformAccessArrays content are NullRefs
Resolution Note:
Crash is caused by customer project passing in a bad Pointer into a Reflection API. When mono attempts to resolve the _ptr field containing the bad pointer value it accesses invalid memory triggering a crash. Unfortunately introducing a check for a valid pointer will have severe performance issues and we will have to trust that users ensure they are passing in valid data to Reflection APIs.
Resolution Note (2021.3.X):
Crash is caused by customer project passing in a bad Pointer into a Reflection API. When mono attempts to resolve the _ptr field containing the bad pointer value it accesses invalid memory triggering a crash. Unfortunately introducing a check for a valid pointer will have severe performance issues and we will have to trust that users ensure they are passing in valid data to Reflection APIs.