diff options
| author | Campbell Barton <ideasman42@gmail.com> | 2012-10-23 15:03:52 +0400 |
|---|---|---|
| committer | Campbell Barton <ideasman42@gmail.com> | 2012-10-23 15:03:52 +0400 |
| commit | 07603085517b377318a28a06f5c557cf5c61b830 (patch) | |
| tree | 323d542b04cab178b7160bffefde1bd80ee3803e | |
| parent | 2f82e7f80854c8df4ace88c55003037e156d22c9 (diff) | |
fix for crash using an uninitialized pointer when fcurves reference missing collections (removing animated shape keys could crash).
| -rw-r--r-- | source/blender/makesrna/intern/rna_access.c | 24 |
1 files changed, 18 insertions, 6 deletions
diff --git a/source/blender/makesrna/intern/rna_access.c b/source/blender/makesrna/intern/rna_access.c index 9be54b9855f..f9493168277 100644 --- a/source/blender/makesrna/intern/rna_access.c +++ b/source/blender/makesrna/intern/rna_access.c @@ -3647,7 +3647,8 @@ int RNA_path_resolve(PointerRNA *ptr, const char *path, PointerRNA *r_ptr, Prope int RNA_path_resolve_full(PointerRNA *ptr, const char *path, PointerRNA *r_ptr, PropertyRNA **r_prop, int *index) { PropertyRNA *prop; - PointerRNA curptr, nextptr; + PointerRNA curptr; + PointerRNA nextptr; /* keep uninitialized, helps expose bugs in collection accessor functions */ char fixedbuf[256], *token; int type, intkey; @@ -3713,7 +3714,12 @@ int RNA_path_resolve_full(PointerRNA *ptr, const char *path, PointerRNA *r_ptr, /* check for "" to see if it is a string */ if (rna_token_strip_quotes(token)) { - RNA_property_collection_lookup_string(&curptr, prop, token + 1, &nextptr); + if (RNA_property_collection_lookup_string(&curptr, prop, token + 1, &nextptr)) { + /* pass */ + } + else { + nextptr.data = NULL; + } } else { /* otherwise do int lookup */ @@ -3721,7 +3727,12 @@ int RNA_path_resolve_full(PointerRNA *ptr, const char *path, PointerRNA *r_ptr, if (intkey == 0 && (token[0] != '0' || token[1] != '\0')) { return 0; /* we can be sure the fixedbuf was used in this case */ } - RNA_property_collection_lookup_int(&curptr, prop, intkey, &nextptr); + if (RNA_property_collection_lookup_int(&curptr, prop, intkey, &nextptr)) { + /* pass */ + } + else { + nextptr.data = NULL; + } } if (token != fixedbuf) { @@ -3730,13 +3741,14 @@ int RNA_path_resolve_full(PointerRNA *ptr, const char *path, PointerRNA *r_ptr, } else { PointerRNA c_ptr; - - /* ensure we quit on invalid values */ - nextptr.data = NULL; if (RNA_property_collection_type_get(&curptr, prop, &c_ptr)) { nextptr = c_ptr; } + else { + /* ensure we quit on invalid values */ + nextptr.data = NULL; + } } if (nextptr.data) { |