Fix T83164: Spline IK joint_bindings parameter is broken.

Code freeing the array would not properly reset its length value to zero. Note that this corrupted data could also be saved in .blend files, so had to bump fileversion and add some doversion code too. Fix T90166: crash when creating a liboverride.
2021-08-05 17:17:15 +02:00
parent 834523e239
commit 6c326ba0a2
4 changed files with 43 additions and 21 deletions
--- a/source/blender/blenkernel/BKE_blender_version.h
+++ b/source/blender/blenkernel/BKE_blender_version.h
@@ -39,7 +39,7 @@ extern "C" {

 /* Blender file format version. */
 #define BLENDER_FILE_VERSION BLENDER_VERSION
-#define BLENDER_FILE_SUBVERSION 16
+#define BLENDER_FILE_SUBVERSION 17

 /* Minimum Blender version that supports reading file written with the current
 * version. Older Blender versions will test this and show a warning if the file
--- a/source/blender/blenkernel/intern/constraint.c
+++ b/source/blender/blenkernel/intern/constraint.c
@@ -4616,9 +4616,7 @@ static void splineik_free(bConstraint *con)
  bSplineIKConstraint *data = con->data;

  /* binding array */
-  if (data->points) {
-    MEM_freeN(data->points);
-  }
+  MEM_SAFE_FREE(data->points);
 }

 static void splineik_copy(bConstraint *con, bConstraint *srccon)
--- a/source/blender/blenloader/intern/versioning_300.c
+++ b/source/blender/blenloader/intern/versioning_300.c
@@ -29,6 +29,7 @@
 #include "DNA_armature_types.h"
 #include "DNA_brush_types.h"
 #include "DNA_collection_types.h"
+#include "DNA_constraint_types.h"
 #include "DNA_curve_types.h"
 #include "DNA_genfile.h"
 #include "DNA_listBase.h"
@@ -383,6 +384,19 @@ static void do_version_bones_bbone_len_scale(ListBase *lb)
  }
 }

+static void do_version_constraints_spline_ik_joint_bindings(ListBase *lb)
+{
+  /* Binding array data could be freed without properly resetting its size data. */
+  LISTBASE_FOREACH (bConstraint *, con, lb) {
+    if (con->type == CONSTRAINT_TYPE_SPLINEIK) {
+      bSplineIKConstraint *data = (bSplineIKConstraint *)con->data;
+      if (data->points == NULL) {
+        data->numpoints = 0;
+      }
+    }
+  }
+}
+
 /* NOLINTNEXTLINE: readability-function-size */
 void blo_do_versions_300(FileData *fd, Library *UNUSED(lib), Main *bmain)
 {
@@ -697,18 +711,7 @@ void blo_do_versions_300(FileData *fd, Library *UNUSED(lib), Main *bmain)
    BKE_main_id_repair_duplicate_names_listbase(lb);
  }

-  /**
-   * Versioning code until next subversion bump goes here.
-   *
-   * \note Be sure to check when bumping the version:
-   * - "versioning_userdef.c", #blo_do_versions_userdef
-   * - "versioning_userdef.c", #do_versions_theme
-   *
-   * \note Keep this message at the bottom of the function.
-   */
-  {
-    /* Keep this block, even when empty. */
-
+  if (!MAIN_VERSION_ATLEAST(bmain, 300, 17)) {
    if (!DNA_struct_elem_find(
            fd->filesdna, "View3DOverlay", "float", "normals_constant_screen_size")) {
      LISTBASE_FOREACH (bScreen *, screen, &bmain->screens) {
@@ -722,5 +725,29 @@ void blo_do_versions_300(FileData *fd, Library *UNUSED(lib), Main *bmain)
        }
      }
    }
+
+    /* Fix SplineIK constraint's inconsistency between binding points array and its stored size. */
+    LISTBASE_FOREACH (Object *, ob, &bmain->objects) {
+      /* NOTE: Objects should never have SplineIK constraint, so no need to apply this fix on
+       * their constraints. */
+      if (ob->pose) {
+        LISTBASE_FOREACH (bPoseChannel *, pchan, &ob->pose->chanbase) {
+          do_version_constraints_spline_ik_joint_bindings(&pchan->constraints);
+        }
+      }
+    }
+  }
+
+  /**
+   * Versioning code until next subversion bump goes here.
+   *
+   * \note Be sure to check when bumping the version:
+   * - "versioning_userdef.c", #blo_do_versions_userdef
+   * - "versioning_userdef.c", #do_versions_theme
+   *
+   * \note Keep this message at the bottom of the function.
+   */
+  {
+    /* Keep this block, even when empty. */
  }
 }
--- a/source/blender/editors/object/object_constraint.c
+++ b/source/blender/editors/object/object_constraint.c
@@ -432,11 +432,8 @@ static void test_constraint(
     * free the points array and request a rebind...
     */
    if ((data->points == NULL) || (data->numpoints != data->chainlen + 1)) {
-      /* free the points array */
-      if (data->points) {
-        MEM_freeN(data->points);
-        data->points = NULL;
-      }
+      MEM_SAFE_FREE(data->points);
+      data->numpoints = 0;

      /* clear the bound flag, forcing a rebind next time this is evaluated */
      data->flag &= ~CONSTRAINT_SPLINEIK_BOUND;