Solves these security issues from T52924:
CVE-2017-12081
CVE-2017-12082
CVE-2017-12086
CVE-2017-12099
CVE-2017-12100
CVE-2017-12101
CVE-2017-12105
While the specific overflow issue may be fixed, loading the repro .blend
files may still crash because they are incomplete and corrupt. The way
they crash may be impossible to exploit, but this is difficult to prove.
Differential Revision: https://developer.blender.org/D3002
- Derived-mesh drawing.
- All non UV members of TexFace structs.
MTexPoly is now redundant but keeping with a dummy member,
will check on complete removal later.
TexFace complicates the now more popular shading pipeline by having
per-face images, see: T51382 for details.
To keep the ability to select a per-material edit-image
(used with UV-mapping workflow), the material now stores an image
which will be set when changing images in edit-mode.
This is used as a bake-target when not using Cycles too.
Things like `BLI_uniquename` had nothing, but really nothing to do in
BLI_path_util files!
Also, got rid of length limitation in `BLI_uniquename_cb`, we can use
alloca here to avoid overhead of malloc while keeping free size (within
reasonable limits of course).
Normal Map node support for GLSL mode and the internal render (multiple tangents support).
The Normal Map node is a useful node which is present in the Cycles render.
It makes it possible to use normal mapping without additional material node in a node tree.
This patch implements Normal Map node for GLSL mode and the internal render.
Previously only the active UV layer was used to calculate tangents.
Those new functions invert the winding of polygons, effectively inverting their normals.
A helper was also added to allow swapping two items in customdata layers.
Being able to invert normals outside of BMesh area is very important in several places,
like IO scripts or customnormals modifiers...
Reviewers: campbellbarton
Differential Revision: https://developer.blender.org/D1814
Otherwise user may have a hard time understanding why their modifier is no more working
after they e.g. deleted some vertices... including the root one. ;)
Even if the weights are normalized, the weighted sum of normalized vectors
usually does **not** give a normalized vector (unless all source vectors
are aligned).
This probably was not a big issue in most cases, since we usually interpolate
similar vectors here - but still!
The final stage of the process (copying/interpolating new dst cddata from src cddata)
was simply broken in normal case, where we need to convert from source to destination
object space.
This patch is a bit verbose, but I cannot see how to avoid it really.
To think this code is in master since over 6 months and it only gets reported now... :/
- Add blentranslation `BLT_*` module.
- moved & split `BLF_translation.h` into (`BLT_translation.h`, `BLT_lang.h`).
- moved `BLF_*_unifont` functions from `blf_translation.c` to new source file `blf_font_i18n.c`.
Notes:
* Code in rendering and in game engine will still convert
tangents to a tessface representation. Added code that
takes care of tangent layer only, might be removed
when BGE and rendering goes full mlooptri mode.
* Baking should work discovered some dead code while
I was working on the patch, also tangents are broken
when baking from multires (also in master), but those
are separate issues that can be fixed later.
This should fix T45491 as well
Caused by own rBff3d535bc2a6309 - since we now only write the exact amount of layers
needed to store saved customdata, we have to adjust CustomData->maxlayer too.
Otherwise, on next read, customdata code believes it has more layers allocated than
actual number.
Issue reported by Campbell over IRC, thanks.
Issue is rather well explained in T45471: our current customdata writing code easily generates several different blocks in blend file with same 'old' address. This is bad, because those addresses are used as 'uid' during reading process (it kind of work in Blender's own reading process, by mere luck mostly, but breaks the file specs).
Solution (suggested by Campbell, thanks) implemented by this patch is to avoid duplicating everything, and instead just overwrite what we needs to skip some cdlayers on write:
* the CustomData's `totlayer` number;
* the CustomData's `layers` array of CustomDataLayer (keeping its original address using the `writestruct_at_address` helper).
New design allows us to get completely rid of the no_free flag stuff in `write_customdata()`.
Note that this implies written data is **not** directly valid from Blend PoV, since its written typemap does not match written layers (this is not an issue because typemap is rebuilt on read anyway - and it's easy to fix this if really needed).
Also, the backward compatibility saving of mface data remains an issue here, see comment in code.
Reviewers: sergey, campbellbarton
Projects: #bf_blender
Maniphest Tasks: T45471
Differential Revision: https://developer.blender.org/D1425
It was always only using the flags from the first source layer of a given type, not from
the layer actually being handled.
This was (probably) more or less harmless for the CD_FLAG_NOCOPY test,
but could be really bad when checking CD_FLAG_NOFREE, and when
copying the flags over to new copied data!
