diff options
| author | Andrew Williams <sobakasu> | 2019-01-22 14:51:14 +0300 |
|---|---|---|
| committer | Brecht Van Lommel <brechtvanlommel@gmail.com> | 2019-01-22 17:24:06 +0300 |
| commit | 102631486b480d98c2d9b921a95472688bba8416 (patch) | |
| tree | 56e6db8ef761ec3ce19a395c14eb30b518fabafb | |
| parent | 414ebc68c2cccabc20eb9b966c8235d222874d56 (diff) | |
Fix potential invalid memory access in surface force field BVH tree.
Free the BVH tree immediately along with the mesh, otherwise we might access
invalid mesh data.
Differential Revision: https://developer.blender.org/D4201
| -rw-r--r-- | source/blender/blenkernel/intern/bvhutils.c | 2 | ||||
| -rw-r--r-- | source/blender/blenlib/intern/BLI_kdopbvh.c | 16 | ||||
| -rw-r--r-- | source/blender/modifiers/intern/MOD_surface.c | 12 |
3 files changed, 15 insertions, 15 deletions
diff --git a/source/blender/blenkernel/intern/bvhutils.c b/source/blender/blenkernel/intern/bvhutils.c index c264eb8a1d2..644672c52fc 100644 --- a/source/blender/blenkernel/intern/bvhutils.c +++ b/source/blender/blenkernel/intern/bvhutils.c @@ -1112,6 +1112,8 @@ BVHTree *BKE_bvhtree_from_mesh_get( data_cp.vert = mesh->mvert; if (data_cp.cached == false) { + /* TODO: a global mutex lock held during the expensive operation of + * building the BVH tree is really bad for performance. */ BLI_rw_mutex_lock(&cache_rwlock, THREAD_LOCK_WRITE); data_cp.cached = bvhcache_find( mesh->runtime.bvh_cache, type, &data_cp.tree); diff --git a/source/blender/blenlib/intern/BLI_kdopbvh.c b/source/blender/blenlib/intern/BLI_kdopbvh.c index d497c7a83ab..2819c1c5943 100644 --- a/source/blender/blenlib/intern/BLI_kdopbvh.c +++ b/source/blender/blenlib/intern/BLI_kdopbvh.c @@ -908,23 +908,17 @@ BVHTree *BLI_bvhtree_new(int maxsize, float epsilon, char tree_type, char axis) fail: - MEM_SAFE_FREE(tree->nodes); - MEM_SAFE_FREE(tree->nodebv); - MEM_SAFE_FREE(tree->nodechild); - MEM_SAFE_FREE(tree->nodearray); - - MEM_freeN(tree); - + BLI_bvhtree_free(tree); return NULL; } void BLI_bvhtree_free(BVHTree *tree) { if (tree) { - MEM_freeN(tree->nodes); - MEM_freeN(tree->nodearray); - MEM_freeN(tree->nodebv); - MEM_freeN(tree->nodechild); + MEM_SAFE_FREE(tree->nodes); + MEM_SAFE_FREE(tree->nodearray); + MEM_SAFE_FREE(tree->nodebv); + MEM_SAFE_FREE(tree->nodechild); MEM_freeN(tree); } } diff --git a/source/blender/modifiers/intern/MOD_surface.c b/source/blender/modifiers/intern/MOD_surface.c index c5fa510f2e0..a7198b5721e 100644 --- a/source/blender/modifiers/intern/MOD_surface.c +++ b/source/blender/modifiers/intern/MOD_surface.c @@ -96,8 +96,15 @@ static void deformVerts( SurfaceModifierData *surmd = (SurfaceModifierData *) md; const int cfra = (int)DEG_get_ctime(ctx->depsgraph); + /* Free mesh and BVH cache. */ + if (surmd->bvhtree) { + free_bvhtree_from_mesh(surmd->bvhtree); + MEM_SAFE_FREE(surmd->bvhtree); + } + if (surmd->mesh) { BKE_id_free(NULL, surmd->mesh); + surmd->mesh = NULL; } if (mesh) { @@ -168,10 +175,7 @@ static void deformVerts( surmd->cfra = cfra; - if (surmd->bvhtree) - free_bvhtree_from_mesh(surmd->bvhtree); - else - surmd->bvhtree = MEM_callocN(sizeof(BVHTreeFromMesh), "BVHTreeFromMesh"); + surmd->bvhtree = MEM_callocN(sizeof(BVHTreeFromMesh), "BVHTreeFromMesh"); if (surmd->mesh->totpoly) BKE_bvhtree_from_mesh_get(surmd->bvhtree, surmd->mesh, BVHTREE_FROM_LOOPTRI, 2); |