archive/blender-archive
Archived
1
1
Fork 0
Code Pull Requests Packages Activity

Bugfix #25437

Browse Source 
Crash in Bezier animation (inserting keys on control points in
curve object). The animation rna paths were not fixed after an
editmode session, which got fixed 2 weeks ago, but for all older
binaries the issue can still pop up.

The crash happened because the RNA array-itterator was not doing
a boundary check, even whilst the array size was passed on to the
itterator callbacks. With rna then writing far outside of valid
memory, very bad and unpredictable corruptions happen.

I've added a range check now, and a decent print to denote the
issue. An assert quit is useless, since a tab-tab on curve objects
will fix the channels nicely.

Example of warning print:
Array itterator out of range: Spline_bezier_points_lookup_int (index 30 range 2)
This commit is contained in:
Ton Roosendaal
2011-01-01 13:49:22 +00:00
parent 7040c89af0
commit d7c51aa3eb
3 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
source/blender/makesrna/intern/makesrna.c
View File

@@ -971,7 +971,10 @@ static char *rna_def_property_lookup_int_func(FILE *f, StructRNA *srna, Property
if(strcmp(nextfunc, "rna_iterator_array_next") == 0) {
fprintf(f, " ArrayIterator *internal= iter.internal;\n");
fprintf(f, " if(internal->skip) {\n");
fprintf(f, " if(index < 0 || index >= internal->length) {\n");
fprintf(f, " printf(\"Array itterator out of range: %%s (index %%d range %%d)\\n\", __func__, index, internal->length); \n");
fprintf(f, " }\n");
fprintf(f, " else if(internal->skip) {\n");
fprintf(f, " while(index-- > 0) {\n");
fprintf(f, " do {\n");
fprintf(f, " internal->ptr += internal->itemsize;\n");
@@ -2389,6 +2392,7 @@ static void rna_generate(BlenderRNA *brna, FILE *f, const char *filename, const
"#define RNA_RUNTIME\n\n");
fprintf(f, "#include <float.h>\n");
fprintf(f, "#include <stdio.h>\n");
fprintf(f, "#include <limits.h>\n");
fprintf(f, "#include <string.h>\n\n");
fprintf(f, "#include <stddef.h>\n\n");

3
source/blender/makesrna/intern/rna_access.c
View File

@@ -2828,7 +2828,8 @@ void rna_iterator_array_begin(CollectionPropertyIterator *iter, void *ptr, int i
internal->endptr= ((char*)ptr)+length*itemsize;
internal->itemsize= itemsize;
internal->skip= skip;
internal->length= length;
iter->internal= internal;
iter->valid= (internal->ptr != internal->endptr);

1
source/blender/makesrna/intern/rna_internal.h
View File

@@ -324,6 +324,7 @@ typedef struct ArrayIterator {
char *endptr;
void *free_ptr; /* will be free'd if set */
int itemsize;
int length;
IteratorSkipFunc skip;
} ArrayIterator;