onCCDContactModify danger

Hello NVidia,

I am trying to use the callback onCCDContactModify, and I stumbled upon a problematic crash / corruption that I would like if you can shed some light on.

The callback itself provides a list of PxContactModifyPair and a count, and for each one, we get a PxContactSet. Now we can tweak the contact with function such as: void setInvMassScale0(const PxReal scale).
However, if we look inside this function, it is doing some unsafe memory access like this:

const size_t headerOffset = sizeof(PxModifyContactHeader) +  sizeof(PxContactPatchBase);
PxModifyContactHeader* header = reinterpret_cast<PxModifyContactHeader*>(reinterpret_cast<PxU8*>(mContacts) - headerOffset);
header->invMassScale0 = scale;
header->flags |= PxContactHeader::eHAS_MODIFIED_MASS_RATIOS;

When a normal (non-ccd) contact callback occurs, everything is fine, because before calling the callback, this is being calculated:

PX_FORCE_INLINE	PxModifiableContact* getContactsForModification() 
	return (PxModifiableContact*)(mNpUnit.compressedContacts + sizeof(PxModifyContactHeader) + sizeof(PxContactPatchBase)); 

However, in the case of a CCD contact, in file PxsCCD.cpp inside function virtual void runInternal(), the contact point is created directly on the stack:

PxModifiableContact point;

with no way for the reinterpret cast memory offset subtraction above to work properly, which results in a random crash soon after or general memory stack corruption.

So far, the only “legal” thing I’ve found that I can do when in a CCD contact callback is this:

for (PxU32 ContactIdx = 0; ContactIdx < Contact.size(); ++ContactIdx)

Can you help me understand my issue?

Thanks for reporting. It will be fixed in an upcoming patch to PhysX 3.4