blender
/
blender
134
400
Fork 583
Code Issues 6.3k Pull Requests 758 Projects 19 Wiki Activity

Depsgraph: Fix 'use after free' error in some cases during undo step #106661

Closed
Bastien Montagne wants to merge 1 commits from F-fix-deg-memuse-after-free into main
pull from: F-fix-deg-memuse-after-free
merge into: blender:main

When changing the target branch, be careful to rebase the branch in your fork to match. See documentation.
Conversation 3 Commits 1 Files Changed 4 +7 -7

1 Commits

Author SHA1 Message Date
Bastien Montagne 7ee24e4d86 Depsgraph: Fix 'use after free' error in some cases during undo step. 
The root of the issue seems to be that the depsgraph stores the name
parts of its Component and Operation ID keys as string pointers, which
may reffer to some data from the underlying ID.

During undo, to reduce updates and speedup undo steps, a lot of IDs get
'replaced in place', i.e. new data read from the undo memfile is moved
into the existing 'old' ID memory address. And the depsgraph is also
re-used from the old BMain.

Calling `DEG_id_tag_update` and similar on the ID can then cause
depsgraph code to access freed memory from the 'old' data.

To address this issue, this commit replaces the raw C string pointer by
an std::string for both `ComponentIDKey` and `OperationIDKey` name.
This has a performance cost on depsgraph building though, of about 6% to
7%. Depsgraph evaluation remains unchanged.
 2023-04-07 12:58:15 +02:00