diff options
author | Clément Foucault <foucault.clem@gmail.com> | 2022-06-29 13:11:05 +0300 |
---|---|---|
committer | Thomas Dinges <blender@dingto.org> | 2022-06-29 17:18:03 +0300 |
commit | 5b1a8a0e2f81ed8f0962970a81c850cd47169c20 (patch) | |
tree | 887e7366a10bb677aac7482b669bc280feb5079a | |
parent | 45763272c55a9125947da19aba096939ea8a36f9 (diff) |
Fix T98825: EEVEE: Regression: Buffer overflow in sample name buffer
This happened because of the false assumption that `std::array<char, 32>`
would be treated as a container and not relocate their content if the
`Vector` would grow. Replacing with actual object allocation fixes the
issue.
Candidate for 3.2.1 corrective release.
-rw-r--r-- | source/blender/gpu/intern/gpu_codegen.cc | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/source/blender/gpu/intern/gpu_codegen.cc b/source/blender/gpu/intern/gpu_codegen.cc index f1b46f8bf86..f30c64eae46 100644 --- a/source/blender/gpu/intern/gpu_codegen.cc +++ b/source/blender/gpu/intern/gpu_codegen.cc @@ -56,16 +56,19 @@ using namespace blender::gpu::shader; */ struct GPUCodegenCreateInfo : ShaderCreateInfo { struct NameBuffer { + using NameEntry = std::array<char, 32>; + /** Duplicate attribute names to avoid reference the GPUNodeGraph directly. */ char attr_names[16][GPU_MAX_SAFE_ATTR_NAME + 1]; char var_names[16][8]; - blender::Vector<std::array<char, 32>, 16> sampler_names; + blender::Vector<std::unique_ptr<NameEntry>, 16> sampler_names; /* Returns the appended name memory location */ const char *append_sampler_name(const char name[32]) { - auto index = sampler_names.append_and_get_index(std::array<char, 32>()); - char *name_buffer = sampler_names[index].data(); + auto index = sampler_names.size(); + sampler_names.append(std::make_unique<NameEntry>()); + char *name_buffer = sampler_names[index]->data(); memcpy(name_buffer, name, 32); return name_buffer; } |