0032930: Modeling Algorithms - Crash in PerformIntersectionAtEnd when no face was found

ID	Project	Category	View Status	Date Submitted	Last Update

0032930	Community	OCCT:Modeling Algorithms	public	2022-04-13 15:08	2023-03-19 19:20

Reporter	CharlemagneLasse	Assigned To	CharlemagneLasse
Priority	normal	Severity	crash
Status	closed	Resolution	fixed
Platform	Linux	OS	Debian bullseye amd64
Product Version	7.5.3
Target Version	7.6.3	Fixed in Version	7.6.3

Summary	0032930: Modeling Algorithms - Crash in PerformIntersectionAtEnd when no face was found
Description	(This problem was seen with the version bundled with FreeCAD 0.20.28445 but can be reproduced easily with the master version directly from OCCT) The PerformIntersectionAtEnd code is currently not handling all the faces correctly. If it retrieves Face[0] as F, it can happen that the previously ran code didn't actually retrieve any faces in this array at all. For example when: * "if (nface==3)" is true - "if (!findonf1)" is true (doesn't assign any faces to this array) - "if (!findonf2)" is true (doesn't assign any faces to this array) - "if (state == ChFiDS_OnSame)" is not true (because it is ChFiDS_AllSame) - "if (findonf1 && !isOnSame1)" cannot be true (see above, but would handle faces) - "if (findonf2 && !isOnSame2)" cannot be true (see above, but would handle faces) - "if (isOnSame2)" is false (but would also handle faces) Since no faces were assigned here, F would be a NULL face. As result, the function will crash when trying to access the Surface behind the face via `BRep_Tool::Surface(F);`. More information (including how it was debugged) can be found at: * https://github.com/FreeCAD/FreeCAD/issues/6625#issuecomment-1094133666 * https://forum.freecadweb.org/viewtopic.php?p=581536#p581536
Steps To Reproduce	# get most recent OCCT $ cd /tmp/ $ git clone https://git.dev.opencascade.org/repos/occt.git OCCT # get build dependencies based on opencascade package in the Debian package source (deb-src) repository. will most likely work differently on whatever Distro you are using $ sudo apt build-dep opencascade # build everything (I only have 4 cores - you might change it if you are not working on a system with a 10 year old CPU) $ cd OCCT $ mkdir build $ cd build $ cmake .. -DCMAKE_BUILD_TYPE=Debug -DCMAKE_CXX_COMPILER_LAUNCHER=ccache -DCMAKE_VERBOSE_MAKEFILE=true && make -j4 $ cd /tmp/ # figure out how the brp of the last Pad (name "Pad") is called: $ unzip -p tutorial_excercise_1.FCStd Document.xml\|xmllint --xpath 'string(//Document/ObjectData/Object/Properties/Property[@name="Label"]/String[@value="Pad"]/../../Property[@name="Shape"]/Part/@file)' /dev/stdin PartShape3.brp # extract the PartShape3.brp for later usage - WARNING, the step with adding the extra header is only necessary in case it wasn't saved by FreeCAD. Versions before 4aa09e317f7be81a906439ff4bc08a4b4e8043ba will not be able to load this file if this header is not present $ rm -f PartShape3.brp $ echo DBRep_DrawableShape > PartShape3.brp $ unzip -p tutorial_excercise_1.FCStd PartShape3.brp >> PartShape3.brp # prepare reproducer script $ cd /tmp/OCCT/ $ cat > test.script << "EOF" # load the brp, get edges and then try to add fillet on the problematic edge Edge10 pload ALL restore /tmp/PartShape3.brp b explode b E blend b b 1 b_10 EOF # start DRAWEXE shell # usually I would have done it like that. But it is then not 100% reproducible due to various system effects. # So I just use gdb in the actual command to improve my live and make it 100% reproducible #$ LD_LIBRARY_PATH=/tmp/OCCT/build/lin64/gcc/libd/ CASROOT=/tmp/OCCT ./build/lin64/gcc/bind/DRAWEXE -f test.script $ LD_LIBRARY_PATH=/tmp/OCCT/build/lin64/gcc/libd/ CASROOT=/tmp/OCCT gdb -q --ex run --args ./build/lin64/gcc/bind/DRAWEXE -f test.script
Tags	No tags attached.

Test case number	tests/bugs/modalg_8/bug32930

CharlemagneLasse 2022-04-13 15:08 developer	PartShape3.brp (25,149 bytes) invalid_null_ptr_deref_master.txt (52,738 bytes)

git 2022-04-13 15:19 administrator ~0107916	Branch CR32930 has been created by CharlemagneLasse. SHA-1: e9391ef534cb1c2a018ab38de1844ecf65067915 Detailed log of new commits: Author: Charlemagne Lasse Date: Wed Apr 13 11:54:30 2022 +0200 0032930: Modeling Algorithm - In PerformIntersectionAtEnd Avoid crash when no face was found The PerformIntersectionAtEnd code is currently not handling all the faces correctly. If it retrieves Face[0] as F, it can happen that the previously ran code didn't actually retrieve any faces in this array at all. For example when: * "if (nface==3)" is true - "if (!findonf1)" is true (doesn't assign any faces to this array) - "if (!findonf2)" is true (doesn't assign any faces to this array) - "if (state == ChFiDS_OnSame)" is not true (because it is ChFiDS_AllSame) - "if (findonf1 && !isOnSame1)" cannot be true (see above, but would handle faces) - "if (findonf2 && !isOnSame2)" cannot be true (see above, but would handle faces) - "if (isOnSame2)" is false (but would also handle faces) Since no faces were assigned here, F would be a NULL face. As result, the function will crash when trying to access the Surface behind the face via `BRep_Tool::Surface(F);`. While the best approach would be to identify the implementation bug in the algorithm behind PerformIntersectionAtEnd, a check + exception is used instead because the actual algorithm is not known. Signed-off-by: Charlemagne Lasse <charlemagnelasse@gmail.com>

CharlemagneLasse 2022-04-13 15:23 developer ~0107919 Last edited: 2022-04-13 15:41	According to https://dev.opencascade.org/get_involved, I should do following: "Push your change to Git repository in branch with name starting with "CR" followed by the issue Id, then switch the issue to Resolved.". But I don't have any button to do this. EDIT: Problem was solved by azv

~~azv~~ 2022-04-13 15:28 administrator ~0107921	@CharlemagneLasse, I have updated your role here, please, try again.

CharlemagneLasse 2022-04-13 15:31 developer ~0107922 Last edited: 2022-04-13 15:41	Thanks, now I can see the buttons. I have updated the ticket accordingly.

git 2022-04-13 16:30 administrator ~0107928	Branch CR32930 has been updated forcibly by CharlemagneLasse. SHA-1: 10f671658d49fcad96059602c2db5835436534a7

CharlemagneLasse 2022-05-27 09:38 developer ~0108635	I was asked to bump this ticket. What can/should be done here to continue forward?

git 2022-06-02 08:33 administrator ~0108781	Branch CR32930 has been updated forcibly by aml. SHA-1: 5bca9e07d008691f7712eecd3c6de5cc631d976c

git 2022-06-02 09:03 administrator ~0108783	Branch CR32930 has been updated forcibly by aml. SHA-1: 411e08caae48885a4be7cb3d19a80091250cda66

~~aml~~ 2022-06-02 09:04 developer ~0108784	Attach shape with proper name. bug32930.brep (25,149 bytes)

~~aml~~ 2022-06-03 09:48 developer ~0108811	Reviewed. Jenkins job is: http://jenkins-test-occt/view/CR32930-master-aml/view/COMPARE/

~~afokin~~ 2022-06-04 10:11 administrator ~0108849	Combination - OCCT branch : IR-2022-06-04 master SHA - 24e4b3c83b237dad583f87c983eb06433d56c203 e0ceb716c70188b98130b1550914140d0502a6f9 Products branch : IR-2022-06-04 SHA - ad07e82b28135dbba6cde30827d08f1c0598cf50 was compiled on Linux, MacOS and Windows platforms and tested in optimize mode. Number of compiler warnings: No new/fixed warnings Regressions/Differences/Improvements: No regressions/differences CPU differences: Debian80-64: OCCT Total CPU difference: 18736.560000000623 / 18755.550000000607 [-0.10%] Products Total CPU difference: 11708.410000000114 / 11723.710000000106 [-0.13%] Windows-64-VC14: OCCT Total CPU difference: 20637.375 / 20721.125 [-0.40%] Products Total CPU difference: 13299.6875 / 13249.9375 [+0.38%] Image differences : No differences that require special attention Memory differences : No differences that require special attention

git 2022-06-04 12:59 administrator ~0108855	Branch CR32930 has been deleted by mnt. SHA-1: 411e08caae48885a4be7cb3d19a80091250cda66

occt: master 10a19b2a 2022-04-13 12:54:30 CharlemagneLasse Committer: ~~afokin~~ Details Diff	0032930: Modeling Algorithms - Crash in PerformIntersectionAtEnd when no face was found The PerformIntersectionAtEnd code is currently not handling all the faces correctly. If it retrieves Face[0] as F, it can happen that the previously ran code didn't actually retrieve any faces in this array at all. For example when: * "if (nface==3)" is true - "if (!findonf1)" is true (doesn't assign any faces to this array) - "if (!findonf2)" is true (doesn't assign any faces to this array) - "if (state == ChFiDS_OnSame)" is not true (because it is ChFiDS_AllSame) - "if (findonf1 && !isOnSame1)" cannot be true (see above, but would handle faces) - "if (findonf2 && !isOnSame2)" cannot be true (see above, but would handle faces) - "if (isOnSame2)" is false (but would also handle faces) Since no faces were assigned here, F would be a NULL face. As result, the function will crash when trying to access the Surface behind the face via `BRep_Tool::Surface(F);`. While the best approach would be to identify the implementation bug in the algorithm behind PerformIntersectionAtEnd, a check + exception is used instead because the actual algorithm is not known. Signed-off-by: Charlemagne Lasse <charlemagnelasse@gmail.com>	Affected Issues 0032930
	mod - src/ChFi3d/ChFi3d_Builder_C1.cxx	Diff File
	add - tests/bugs/modalg_8/bug32930	Diff File

Date Modified	Username	Field	Change
2022-04-13 15:08	CharlemagneLasse	New Issue
2022-04-13 15:08	CharlemagneLasse	Assigned To	=> msv
2022-04-13 15:08	CharlemagneLasse	File Added: PartShape3.brp
2022-04-13 15:08	CharlemagneLasse	File Added: invalid_null_ptr_deref_master.txt
2022-04-13 15:19	git	Note Added: 0107916
2022-04-13 15:23	CharlemagneLasse	Note Added: 0107919
2022-04-13 15:28	~~azv~~	Note Added: 0107921
2022-04-13 15:31	CharlemagneLasse	Note Added: 0107922
2022-04-13 15:38	CharlemagneLasse	Status	new => resolved
2022-04-13 15:38	CharlemagneLasse	Steps to Reproduce Updated
2022-04-13 15:41	CharlemagneLasse	Note Edited: 0107919
2022-04-13 15:41	CharlemagneLasse	Note Edited: 0107922
2022-04-13 15:41	CharlemagneLasse	Note Edited: 0107922
2022-04-13 15:58	~~msv~~	Assigned To	msv => azv
2022-04-13 16:30	git	Note Added: 0107928
2022-05-27 09:38	CharlemagneLasse	Note Added: 0108635
2022-06-02 08:31	~~aml~~	Summary	Crash in PerformIntersectionAtEnd when no face was found => Modeling Algorithms - Crash in PerformIntersectionAtEnd when no face was found
2022-06-02 08:33	git	Note Added: 0108781
2022-06-02 09:03	git	Note Added: 0108783
2022-06-02 09:04	~~aml~~	Note Added: 0108784
2022-06-02 09:04	~~aml~~	File Added: bug32930.brep
2022-06-02 09:05	~~azv~~	Assigned To	azv => aml
2022-06-03 09:48	~~aml~~	Note Added: 0108811
2022-06-03 09:49	~~aml~~	Assigned To	aml => bugmaster
2022-06-03 09:49	~~aml~~	Status	resolved => reviewed
2022-06-04 10:10	~~afokin~~	Test case number	=> tests/bugs/modalg_8/bug32930
2022-06-04 10:11	~~afokin~~	Status	reviewed => tested
2022-06-04 10:11	~~afokin~~	Note Added: 0108849
2022-06-04 12:56	~~afokin~~	Changeset attached	=> occt master 10a19b2a
2022-06-04 12:56	CharlemagneLasse	Assigned To	bugmaster => CharlemagneLasse
2022-06-04 12:56	CharlemagneLasse	Status	tested => verified
2022-06-04 12:56	CharlemagneLasse	Resolution	open => fixed
2022-06-04 12:59	git	Note Added: 0108855
2022-06-28 06:34	~~azv~~	Target Version	=> 7.6.3
2023-03-19 19:20	vglukhik	Status	verified => closed
2023-03-19 19:20	vglukhik	Fixed in Version	=> 7.6.3

View Issue Details

Attached Files

Activities

Related Changesets

Issue History