Welcome to mirror list, hosted at ThFree Co, Russian Federation.

git.blender.org/blender.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBastien Montagne <montagne29@wanadoo.fr>2016-03-03 16:44:05 +0300
committerSergey Sharybin <sergey.vfx@gmail.com>2016-03-04 19:11:58 +0300
commitb00822e42dc822b90ccb7c44ca263af294f68944 (patch)
treef63aa5fa19f7c322540d9d69159aa8c4017d2fec
parent67b16c6170b0ef79ab7ab9d7f2dc1e48679bffff (diff)
Fix T47644: crash (use-after-free) regression from rB7a74738914a66e.
Handling `me` data here is not good idea anyway, we override it completly with data from `tmp` (crash came from freeing already existing bb from me, while pointer still existed in tmp). (rediscovered it while working on T47676...). To be backported to 2.77.
Diffstat
-rw-r--r--source/blender/blenkernel/intern/DerivedMesh.c7
1 files changed, 3 insertions, 4 deletions
diff --git a/source/blender/blenkernel/intern/DerivedMesh.c b/source/blender/blenkernel/intern/DerivedMesh.c
index fa9875e9d26..423e8972657 100644
--- a/source/blender/blenkernel/intern/DerivedMesh.c
+++ b/source/blender/blenkernel/intern/DerivedMesh.c
@@ -808,13 +808,12 @@ void DM_to_mesh(DerivedMesh *dm, Mesh *me, Object *ob, CustomDataMask mask, bool
}
/* Clear selection history */
- tmp.mselect = NULL;
+ MEM_SAFE_FREE(tmp.mselect);
tmp.totselect = 0;
- if (me->mselect) {
- MEM_freeN(me->mselect);
- }
+ BLI_assert(ELEM(tmp.bb, NULL, me->bb));
if (me->bb) {
MEM_freeN(me->bb);
+ tmp.bb = NULL;
}
/* skip the listbase */
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-07 00:26:46 +0300