I first observed heap corruption when initializing the btDbvtBroadphase class when creating the dynamic world. After some debugging, I think it's the m_rayTestStacks member variable in the btDbvtBroadphase class that is causing the issue. Here is some code that shows the problem:
Code: Select all
auto classSize = sizeof(btDbvtBroadphase); // return 0xB0
auto arrSize = sizeof(btAlignedObjectArray<btDbvtProxy*>); // returns 0x14
auto rayTestStacks_offset = offsetof(btDbvtBroadphase, m_rayTestStacks); // return 0x9c
char* mem = (char*)malloc(classSize);
btDbvtBroadphase* c = (btDbvtBroadphase*)mem;
memset(mem, 'x', classSize);
memset(mem + rayTestStacks_offset, 'o', arrSize);
memset(c + 1, '_', classSize); // yes, this stomps memory, but it's to make the memory display easier to read
Code: Select all
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxoooo
oooooooooooooooo________________
Then I call the constructor for btDbvtBroadphase.
Code: Select all
auto* pClass = new(c) btDbvtBroadphase();
Code: Select all
øo*.........ÿÿÿÿ........xxxx....
.........xxx........ÿÿÿÿ........
xxxx.............xxx............
¶u.xxxx........................
................................
.......ooooo@...@...ðß..._______
I'm running VS2017. This is also the first time I've used Bullet, so it's very probable that I'm doing something incorrectly. I just put the .vcproj files into my solution and then built them. The example applications are running fine, so I'm sure sure what's happening
Does anyone have any insight to what's going on?
_______
Update: It seems that if I force the alignment of class btAlignedObjectArray to be 16, the issue resolves itself. It seems the default alignment is 4, but something at runtime think it's is 16.
I'm compiling to a Win32 platform with VS2017, v15.8.1