Fix T98825: EEVEE: Regression: Buffer overflow in sample name buffer

This happened because of the false assumption that `std::array<char, 32>` would be treated as a container and not relocate their content if the `Vector` would grow. Replacing with actual object allocation fixes the issue. Candidate for 3.2.1 corrective release.
2022-06-29 12:11:05 +02:00
parent 4a9f60ecd2
commit 45fb7a1db5
1 changed files with 6 additions and 3 deletions
--- a/source/blender/gpu/intern/gpu_codegen.cc
+++ b/source/blender/gpu/intern/gpu_codegen.cc
@@ -52,16 +52,19 @@ using namespace blender::gpu::shader;
 */
 struct GPUCodegenCreateInfo : ShaderCreateInfo {
  struct NameBuffer {
+    using NameEntry = std::array<char, 32>;
+
    /** Duplicate attribute names to avoid reference the GPUNodeGraph directly. */
    char attr_names[16][GPU_MAX_SAFE_ATTR_NAME + 1];
    char var_names[16][8];
-    blender::Vector<std::array<char, 32>, 16> sampler_names;
+    blender::Vector<std::unique_ptr<NameEntry>, 16> sampler_names;

    /* Returns the appended name memory location */
    const char *append_sampler_name(const char name[32])
    {
-      auto index = sampler_names.append_and_get_index(std::array<char, 32>());
-      char *name_buffer = sampler_names[index].data();
+      auto index = sampler_names.size();
+      sampler_names.append(std::make_unique<NameEntry>());
+      char *name_buffer = sampler_names[index]->data();
      memcpy(name_buffer, name, 32);
      return name_buffer;
    }