Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ImDrawList::AddPolyline stack overflow on large polylines #5704

Closed
azonenberg opened this issue Sep 23, 2022 · 2 comments
Closed

ImDrawList::AddPolyline stack overflow on large polylines #5704

azonenberg opened this issue Sep 23, 2022 · 2 comments

Comments

@azonenberg
Copy link
Contributor

The AddPolyline() function uses alloca() for temporary variables even with very large polylines (tens of thousands to millions of segments). This can lead to stack overflows.

=================================================================
==337686==ERROR: AddressSanitizer: stack-overflow on address 0x7fffa45456b8 (pc 0x5653344a17d0 bp 0x7fffa5c290a0 sp 0x7fffa45456c0 T0)
    #0 0x5653344a17d0 in ImDrawList::AddPolyline(ImVec2 const*, int, unsigned int, int, float) /ceph/fast/home/azonenberg/code/scopehal-apps/src/imgui/imgui_draw.cpp:764
    #1 0x565334410a2d in ImDrawList::PathStroke(unsigned int, int, float) /ceph/fast/home/azonenberg/code/scopehal-apps/src/imgui/imgui.h:2681
    #2 0x56533503f201 in WaveformArea::RenderAnalogWaveform(StreamDescriptor, ImVec2, ImVec2) /ceph/fast/home/azonenberg/code/scopehal-apps/src/ngscopeclient/WaveformArea.cpp:331
    #3 0x56533503eda7 in WaveformArea::RenderWaveforms(ImVec2, ImVec2) /ceph/fast/home/azonenberg/code/scopehal-apps/src/ngscopeclient/WaveformArea.cpp:298
    #4 0x56533503e4c1 in WaveformArea::Render(int, int, ImVec2) /ceph/fast/home/azonenberg/code/scopehal-apps/src/ngscopeclient/WaveformArea.cpp:248
    #5 0x56533505b3c7 in WaveformGroup::Render() /ceph/fast/home/azonenberg/code/scopehal-apps/src/ngscopeclient/WaveformGroup.cpp:106
    #6 0x565334eddc08 in MainWindow::RenderUI() /ceph/fast/home/azonenberg/code/scopehal-apps/src/ngscopeclient/MainWindow.cpp:286
    #7 0x56533501ea93 in VulkanWindow::Render() /ceph/fast/home/azonenberg/code/scopehal-apps/src/ngscopeclient/VulkanWindow.cpp:296
    #8 0x565335063cd3 in main /ceph/fast/home/azonenberg/code/scopehal-apps/src/ngscopeclient/main.cpp:142
    #9 0x7f5c8b75bd09 in __libc_start_main ../csu/libc-start.c:308
    #10 0x56533433cdc9 in _start (/ceph/fast/home/azonenberg/code/scopehal-apps/asan-build/src/ngscopeclient/ngscopeclient+0x220dc9)

This is not a major blocker for my application, which will be using custom shaders for large graphs in the future. I tried to use ImDrawList as a temporary debug visualization and apparently it can't handle it :)

But there should be, at minimum, a better failure mode such as throwing an assertion or falling back to malloc()'d memory. And any hard limits on primitive count should be documented somewhere.

azonenberg added a commit to ngscopeclient/scopehal-apps that referenced this issue Sep 23, 2022
@ocornut
Copy link
Owner

ocornut commented Sep 26, 2022

Now that we have access to a shared ImDrawListSharedData instance I think it would be reasonable to turn this into a reused ImVector and use reserve_discard(). I may investigate this.

Also note #1811 could still potentially apply but is a separate task.

@ocornut
Copy link
Owner

ocornut commented Sep 30, 2022

Pushed this change f2a522d, no notable change.

image
image

I even forgot to use reserve_discard() (instead of reserve()) when I took those number, so amortization will be faster.

Note we do not have a policy for freeing that shared buffer, so if you throw a million points at it it won't be freed.

We could use a moving-average approximation (without storage) to shrink back

@ocornut ocornut closed this as completed Sep 30, 2022
fangshun2004 added a commit to fangshun2004/imgui that referenced this issue Sep 30, 2022
commit 5884219
Author: cfillion <[email protected]>
Date:   Wed Sep 28 23:37:39 2022 -0400

    imgui_freetype: Assert if bitmap size exceed chunk size to avoid buffer overflow. (ocornut#5731)

commit f2a522d
Author: ocornut <[email protected]>
Date:   Fri Sep 30 15:43:27 2022 +0200

    ImDrawList: Not using alloca() anymore, lift single polygon size limits. (ocornut#5704, ocornut#1811)

commit cc5058e
Author: ocornut <[email protected]>
Date:   Thu Sep 29 21:59:32 2022 +0200

    IO: Filter duplicate input events during the AddXXX() calls. (ocornut#5599, ocornut#4921)

commit fac8295
Author: ocornut <[email protected]>
Date:   Thu Sep 29 21:31:36 2022 +0200

    IO: remove ImGuiInputEvent::IgnoredAsSame (revert part of 839c310), will filter earlier in next commit. (ocornut#5599)

    Making it a separate commit as this leads to much indentation change.

commit 9e7f460
Author: ocornut <[email protected]>
Date:   Thu Sep 29 20:42:45 2022 +0200

    Fixed GetKeyName() for ImGuiMod_XXX values, made invalid MousePos display in log nicer.  (ocornut#4921, ocornut#456)

    Amend fd408c9

commit 0749453
Author: ocornut <[email protected]>
Date:   Thu Sep 29 19:51:54 2022 +0200

    Menus, Nav: Fixed not being able to close a menu with Left arrow when parent is not a popup. (ocornut#5730)

commit 9f6aae3
Author: ocornut <[email protected]>
Date:   Thu Sep 29 19:48:27 2022 +0200

    Nav: Fixed race condition pressing Esc during popup opening frame causing crash.

commit bd2355a
Author: ocornut <[email protected]>
Date:   Thu Sep 29 19:25:26 2022 +0200

    Menus, Nav: Fixed using left/right navigation when appending to an existing menu (multiple BeginMenu() call with same names). (ocornut#1207)

commit 3532ed1
Author: ocornut <[email protected]>
Date:   Thu Sep 29 18:07:35 2022 +0200

    Menus, Nav: Fixed keyboard/gamepad navigation occasionally erroneously landing on menu-item in parent when the parent is not a popup. (ocornut#5730)

    Replace BeginMenu/MenuItem swapping g.NavWindow with a more adequate ImGuiItemFlags_NoWindowHoverableCheck.
    Expecting more subtle issues to stem from this.
    Note that NoWindowHoverableCheck is not supported by IsItemHovered() but then IsItemHovered() on BeginMenu() never worked: fix should be easy in BeginMenu() + add test is IsItemHovered(), will do later

commit d5d7050
Author: ocornut <[email protected]>
Date:   Thu Sep 29 17:26:52 2022 +0200

    Various comments

    As it turns out, functions like IsItemHovered() won't work on an open BeginMenu() because LastItemData is overriden by BeginPopup(). Probably an easy fix.

commit e74a50f
Author: Andrew D. Zonenberg <[email protected]>
Date:   Wed Sep 28 08:19:34 2022 -0700

    Added GetGlyphRangesGreek() helper for Greek & Coptic glyph range. (ocornut#5676, ocornut#5727)

commit d17627b
Author: ocornut <[email protected]>
Date:   Wed Sep 28 17:38:41 2022 +0200

    InputText: leave state->Flags uncleared for the purpose of backends emitting an on-screen keyboard for passwords. (ocornut#5724)

commit 0a7054c
Author: ocornut <[email protected]>
Date:   Wed Sep 28 17:00:45 2022 +0200

    Backends: Win32: Convert WM_CHAR values with MultiByteToWideChar() when window class was registered as MBCS (not Unicode). (ocornut#5725, ocornut#1807, ocornut#471, ocornut#2815, ocornut#1060)

commit a229a7f
Author: ocornut <[email protected]>
Date:   Wed Sep 28 16:57:09 2022 +0200

    Examples: Win32: Always use RegisterClassW() to ensure windows are Unicode. (ocornut#5725)

commit e0330c1
Author: ocornut <[email protected]>
Date:   Wed Sep 28 14:54:38 2022 +0200

    Fonts, Text: Fixed wrapped-text not doing a fast-forward on lines above the clipping region. (ocornut#5720)

    which would result in an abnormal number of vertices created.

commit 4d4889b
Author: ocornut <[email protected]>
Date:   Wed Sep 28 12:42:06 2022 +0200

    Refactor CalcWordWrapPositionA() to take on the responsability of minimum character display. Add CalcWordWrapNextLineStartA(), simplify caller code.

    Should be no-op but incrementing IMGUI_VERSION_NUM just in case.
    Preparing for ocornut#5720

commit 5c4426c
Author: ocornut <[email protected]>
Date:   Wed Sep 28 12:22:34 2022 +0200

    Demo: Fixed Log & Console from losing scrolling position with Auto-Scroll when child is clipped. (ocornut#5721)

commit 12c0246
Author: ocornut <[email protected]>
Date:   Wed Sep 28 12:07:43 2022 +0200

    Removed support for 1.42-era IMGUI_DISABLE_INCLUDE_IMCONFIG_H / IMGUI_INCLUDE_IMCONFIG_H. (ocornut#255)

commit 73efcec
Author: ocornut <[email protected]>
Date:   Tue Sep 27 22:21:47 2022 +0200

    Examples: disable GL related warnings on Mac + amend to ignore list.

commit a725db1
Author: ocornut <[email protected]>
Date:   Tue Sep 27 18:47:20 2022 +0200

    Comments for flags discoverability + add to debug log (ocornut#3795, ocornut#4559)

commit 325299f
Author: ocornut <[email protected]>
Date:   Wed Sep 14 15:46:27 2022 +0200

    Backends: OpenGL: Add ability to #define IMGUI_IMPL_OPENGL_DEBUG. (ocornut#4468, ocornut#4825, ocornut#4832, ocornut#5127, ocornut#5655, ocornut#5709)

commit 56c3eae
Author: ocornut <[email protected]>
Date:   Tue Sep 27 14:24:21 2022 +0200

    ImDrawList: asserting on incorrect value for CurveTessellationTol (ocornut#5713)

commit 04316bd
Author: ocornut <[email protected]>
Date:   Mon Sep 26 16:32:09 2022 +0200

    ColorEdit3: fixed id collision leading to an assertion. (ocornut#5707)

commit c261dac
Author: ocornut <[email protected]>
Date:   Mon Sep 26 14:50:46 2022 +0200

    Demo: moved ShowUserGuide() lower in the file, to make main demo entry point more visible + fix using IMGUI_DEBUG_LOG() macros in if/else.

commit 51bbc70
Author: ocornut <[email protected]>
Date:   Mon Sep 26 14:44:26 2022 +0200

    Backends: SDL: Disable SDL 2.0.22 new "auto capture" which prevents drag and drop across windows, and don't capture mouse when drag and dropping. (ocornut#5710)

commit 7a9045d
Author: ocornut <[email protected]>
Date:   Mon Sep 26 11:55:07 2022 +0200

    Backends: WGPU: removed Emscripten version check (currently failing on CI, ensure why, and tbh its redundant/unnecessary with changes of wgpu api nowadays)

commit 83a0030
Author: ocornut <[email protected]>
Date:   Mon Sep 26 10:33:44 2022 +0200

    Added ImGuiMod_Shortcut which is ImGuiMod_Super on Mac and ImGuiMod_Ctrl otherwise. (ocornut#456)

commit fd408c9
Author: ocornut <[email protected]>
Date:   Thu Sep 22 18:58:33 2022 +0200

    Renamed and merged keyboard modifiers key enums and flags into a same set:. ImGuiKey_ModXXX -> ImGuiMod_XXX and ImGuiModFlags_XXX -> ImGuiMod_XXX. (ocornut#4921, ocornut#456)

    Changed signature of GetKeyChordName() to use ImGuiKeyChord.
    Additionally SetActiveIdUsingAllKeyboardKeys() doesn't set ImGuiKey_ModXXX but we never need/use those and the system will be changed in upcoming commits.

# Conflicts:
#	docs/CHANGELOG.txt
#	imgui.h
#	imgui_demo.cpp
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants