Crash in Crash Reporter

A crash occurred in the crash reporter, when UE4Editor crashes:

UE4Editor-Core.dll!rml::internal::internalPoolMalloc(rml::internal::MemoryPool * memPool, unsigned __int64 size) Line 2059	C++
UE4Editor-Core.dll!scalable_realloc(void * ptr, unsigned __int64 size) Line 2425	C++
UE4Editor-Core.dll!FMallocTBB::Realloc(void * Ptr, unsigned __int64 NewSize, unsigned int Alignment) Line 85	C++
UE4Editor-SlateCore.dll!TArray<wchar_t,FDefaultAllocator>::AddUninitialized(int Count) Line 1276	C++
UE4Editor-SlateCore.dll!FStabilityEventLogger::GetLog() Line 94	C++
UE4Editor-CrashTracker.dll!FCrashTrackerEventLogger::OnHandleError() Line 53	C++
UE4Editor-CrashTracker.dll!TBaseRawMethodDelegateInstance<0,FCrashTrackerEventLogger,void __cdecl(void)>::ExecuteIfSafe() Line 582	C++
UE4Editor-Core.dll!TBaseMulticastDelegate<void>::Broadcast() Line 1030	C++
UE4Editor-Core.dll!FOutputDeviceWindowsError::HandleError() Line 125	C++
UE4Editor.exe!WinMain(HINSTANCE__ * hInInstance, HINSTANCE__ * hPrevInstance, char * __formal, int nCmdShow) Line 215	C++
[External Code]	

Since frontend.cpp is not distributed, this is the point of crash in the disassembly:

--- d:\perforce\pitbull-tburnsvs2013\ue4\engine\source\thirdparty\inteltbb\inteltbb-4.0\src\tbbmalloc\frontend.cpp 
00007FFAA9ED2990  mov         qword ptr [rsp+20h],rbp  
00007FFAA9ED2995  push        rdi  
00007FFAA9ED2996  sub         rsp,30h  
00007FFAA9ED299A  mov         rdi,rdx  
00007FFAA9ED299D  mov         rbp,rcx  
00007FFAA9ED29A0  test        rcx,rcx  
00007FFAA9ED29A3  je          rml::internal::internalPoolMalloc+322h (07FFAA9ED2CB2h)  
00007FFAA9ED29A9  mov         qword ptr [memPool],rbx  
00007FFAA9ED29AE  mov         qword ptr [size],rsi  
00007FFAA9ED29B3  mov         qword ptr [rsp+50h],r14  
00007FFAA9ED29B8  movaps      xmmword ptr [rsp+20h],xmm6  
00007FFAA9ED29BD  movss       xmm6,dword ptr [__real@463e8000 (07FFAA9FD1FA4h)]  
00007FFAA9ED29C5  xor         r14d,r14d  
00007FFAA9ED29C8  test        rdi,rdi  
00007FFAA9ED29CB  jne         rml::internal::internalPoolMalloc+44h (07FFAA9ED29D4h)  
00007FFAA9ED29CD  mov         edi,8  
00007FFAA9ED29D2  jmp         rml::internal::internalPoolMalloc+51h (07FFAA9ED29E1h)  
00007FFAA9ED29D4  cmp         rdi,1FC1h  
00007FFAA9ED29DB  jae         rml::internal::internalPoolMalloc+30Bh (07FFAA9ED2C9Bh)  
00007FFAA9ED29E1  mov         rdx,rdi  
00007FFAA9ED29E4  mov         rcx,rbp  
00007FFAA9ED29E7  call        rml::internal::MemoryPool::getAllocationBin (07FFAA9ED1F60h)  
00007FFAA9ED29EC  mov         rsi,rax  
00007FFAA9ED29EF  test        rax,rax  
00007FFAA9ED29F2  je          rml::internal::internalPoolMalloc+304h (07FFAA9ED2C94h)  
00007FFAA9ED29F8  mov         rdx,qword ptr [rax]  
00007FFAA9ED29FB  test        rdx,rdx  
00007FFAA9ED29FE  je          rml::internal::internalPoolMalloc+0E6h (07FFAA9ED2A76h)  
00007FFAA9ED2A00  mov         r8,qword ptr [rdx+60h]  
00007FFAA9ED2A04  test        r8,r8  
00007FFAA9ED2A07  je          rml::internal::internalPoolMalloc+82h (07FFAA9ED2A12h)  
00007FFAA9ED2A09  mov         rax,qword ptr [r8]

(At 00007FFAA9ED2A09)

Unhandled exception at 0x00007FFAA9ED2A09 (UE4Editor-Core.dll) in UE4Editor.exe: 0xC0000005: Access violation reading location 0x0000000000002C96.

Thank you for looking into this,

HyperReuts Technologic

The crash in UE4Editor happens when calling GEngine->GetWorldFromContextObject(worldContextObject, true);

It seems that my editor crash was resolved by deleting the Saved folder, perhaps it was caused by some corrupted state.

It seems that the crash was caused by a double delete. More specifically: a TArray of a pointer type calls the destructor of the object whenever it is removed from the array.

The crash in realloc gives this away; it can not reallocate an already deleted pointer.

Deleting the Saved folder and having no crash was merely coincidence.