[ODE] a bug in dBodyDestroy

slipch slipch <slipch at gsc-game.kiev.ua>
Thu Feb 20 12:37:01 2003


Hello ODE,

If the "body" has more than one "geometry" attached to it then
dBodyDestroy intends to remove the body from all attached
"geometries". For this purpose dBodyDestroy has code


  for (dxGeom *geom = b->geom; geom; geom = dGeomGetBodyNext (geom)) {
    dGeomSetBody (geom,0);
  }  

But   dGeomSetBody calls g->bodyRemove().

void dGeomSetBody (dxGeom *g, dxBody *b)
{
  ........................
  .......................
  if (b) {
           ...............
           ...............
  }
  else {
    if (g->body) {
     .......................
     .......................
      g->bodyRemove();
    }
  }
}

In its turn  bodyRemove() sets body_next to zero.

void dxGeom::bodyRemove()
{
  if (body) {
     .....................
     ......................
    body_next = 0;
  }
}

 and   dGeomGetBodyNext (geom) always return zero after first
 iteration.

dxGeom *dGeomGetBodyNext (dxGeom *geom)
{
  return geom->body_next;
} 

So we will never iterate through all "geometries" attached to this
body.
It may lead to access violation when you try to delete "geometry"
with "body" which was deleted but not set to zero because ~dxGeom() again calls bodyRemove().

-- 
Best regards,
 Konstantin Slipchenko                          mailto:slipch@gsc-game.kiev.ua