archive/blender-archive
Archived
1
1
Fork 0
Code Pull Requests Packages Activity

fix for possible buffer overflow in gpu_nodes_get_vertex_attributes() and hair_velocity_smoothing()

Browse Source 
and a unlikely NULL pointer dereference in unlink_material_cb().
This commit is contained in:
Campbell Barton
2012-11-01 09:56:18 +00:00
parent f213ae0b19
commit 4fc1a3c8b3
6 changed files with 31 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
source/blender/blenkernel/intern/implicit.c
View File

@@ -1513,7 +1513,7 @@ static void hair_velocity_smoothing(ClothModifierData *clmd, lfVector *lF, lfVec
i = HAIR_GRID_INDEX(lX[v], gmin, gmax, 0); i = HAIR_GRID_INDEX(lX[v], gmin, gmax, 0);
j = HAIR_GRID_INDEX(lX[v], gmin, gmax, 1); j = HAIR_GRID_INDEX(lX[v], gmin, gmax, 1);
k = HAIR_GRID_INDEX(lX[v], gmin, gmax, 2); k = HAIR_GRID_INDEX(lX[v], gmin, gmax, 2);
if (i < 0 || j < 0 || k < 0 || i > 10 || j >= 10 || k >= 10) if (i < 0 || j < 0 || k < 0 || i > 10 || j > 10 || k > 10)
continue; continue;
lF[v][0] += smoothfac * (grid[i][j][k].velocity[0] - lV[v][0]); lF[v][0] += smoothfac * (grid[i][j][k].velocity[0] - lV[v][0]);

9
source/blender/blenkernel/intern/mball.c
View File

@@ -1319,12 +1319,16 @@ static void addtovertices(VERTICES *vertices, VERTEX v)
static void vnormal(const float point[3], PROCESS *p, float r_no[3]) static void vnormal(const float point[3], PROCESS *p, float r_no[3])
{ {
float delta = 0.2f * p->delta; const float delta = 0.2f * p->delta;
float f = p->function(point[0], point[1], point[2]); const float f = p->function(point[0], point[1], point[2]);
r_no[0] = p->function(point[0] + delta, point[1], point[2]) - f; r_no[0] = p->function(point[0] + delta, point[1], point[2]) - f;
r_no[1] = p->function(point[0], point[1] + delta, point[2]) - f; r_no[1] = p->function(point[0], point[1] + delta, point[2]) - f;
r_no[2] = p->function(point[0], point[1], point[2] + delta) - f; r_no[2] = p->function(point[0], point[1], point[2] + delta) - f;
#if 1
normalize_v3(r_no);
#else
f = normalize_v3(r_no); f = normalize_v3(r_no);
if (0) { if (0) {
@@ -1343,6 +1347,7 @@ static void vnormal(const float point[3], PROCESS *p, float r_no[3])
normalize_v3(r_no); normalize_v3(r_no);
} }
} }
#endif
} }

5
source/blender/editors/space_outliner/outliner_tools.c
View File

@@ -158,7 +158,11 @@ static void unlink_material_cb(bContext *UNUSED(C), Scene *UNUSED(scene), TreeEl
totcol = mb->totcol; totcol = mb->totcol;
matar = mb->mat; matar = mb->mat;
} }
else {
BLI_assert(0);
}
if (LIKELY(matar != NULL)) {
for (a = 0; a < totcol; a++) { for (a = 0; a < totcol; a++) {
if (a == te->index && matar[a]) { if (a == te->index && matar[a]) {
matar[a]->id.us--; matar[a]->id.us--;
@@ -166,6 +170,7 @@ static void unlink_material_cb(bContext *UNUSED(C), Scene *UNUSED(scene), TreeEl
} }
} }
} }
}
static void unlink_texture_cb(bContext *UNUSED(C), Scene *UNUSED(scene), TreeElement *te, static void unlink_texture_cb(bContext *UNUSED(C), Scene *UNUSED(scene), TreeElement *te,
TreeStoreElem *tsep, TreeStoreElem *UNUSED(tselem)) TreeStoreElem *tsep, TreeStoreElem *UNUSED(tselem))

7
source/blender/gpu/intern/gpu_codegen.c
View File

@@ -1046,7 +1046,8 @@ static void gpu_nodes_get_vertex_attributes(ListBase *nodes, GPUVertexAttribs *a
} }
} }
if (a == attribs->totlayer && a < GPU_MAX_ATTRIB) { if (a < GPU_MAX_ATTRIB) {
if (a == attribs->totlayer) {
input->attribid = attribs->totlayer++; input->attribid = attribs->totlayer++;
input->attribfirst = 1; input->attribfirst = 1;
@@ -1055,12 +1056,14 @@ static void gpu_nodes_get_vertex_attributes(ListBase *nodes, GPUVertexAttribs *a
BLI_strncpy(attribs->layer[a].name, input->attribname, BLI_strncpy(attribs->layer[a].name, input->attribname,
sizeof(attribs->layer[a].name)); sizeof(attribs->layer[a].name));
} }
else else {
input->attribid = attribs->layer[a].attribid; input->attribid = attribs->layer[a].attribid;
} }
} }
} }
} }
}
}
static void gpu_nodes_get_builtin_flag(ListBase *nodes, int *builtin) static void gpu_nodes_get_builtin_flag(ListBase *nodes, int *builtin)
{ {