The constructor for btConvexHullShape takes a pointer to a btScalar as the source for the float array to build the convex hull from. You might assume that you could thus use an array of packed 3-float points and a stride of 12. However, internally the function casts the pointer to a btVector3 (a 4-float value) and then copies it. The end result is that an extra float is read at the end of the array (there is an extra one written as well, but since the destination is a btVector3 array anyway it doesn't matter much). If this happens to put the extra float read at an illegal to read memory location (just across a page boundary for example) you will get an exception. For us this manifested as a rare crash.
We changed our local copy of bullet to treat it as a float array that is used to initialize a btVector3 array instead:
Code: Select all
btConvexHullShape ::btConvexHullShape (const btScalar* points,int numPoints,int stride) : btPolyhedralConvexShape ()
{
m_shapeType = CONVEX_HULL_SHAPE_PROXYTYPE;
m_unscaledPoints.resize(numPoints);
unsigned char* pointsAddress = (unsigned char*)points;
for (int i=0;i<numPoints;i++)
{
btScalar* point = (btScalar*)pointsAddress;
m_unscaledPoints[i] = btVector3(point[0], point[1], point[2]);
pointsAddress += stride;
}
recalcLocalAabb();
}