diff options
| author | Hans Goudey <h.goudey@me.com> | 2022-09-17 22:38:30 +0300 |
|---|---|---|
| committer | Hans Goudey <h.goudey@me.com> | 2022-09-17 22:38:30 +0300 |
| commit | 8934f00ac5701ea349f2bcccab32e252c79aa730 (patch) | |
| tree | ba4a990efea94c619d9d7ba68aff528992cafe3b /source/blender/blenkernel/BKE_attribute.hh | |
| parent | 6069cab442045775262691929e85b9c1fb3874dc (diff) | |
Attributes: Validate some builtin attributes for untrusted inputs
We expect some builtin attributes to have positive values or values
within a certain range, but currently there some cases where users
can set attributes to arbitrary values: the store named attribute node,
and the output attributes of the geometry nodes modifier. The set
material index node also needs validation.
This patch adds an `AttributeValidator` to the attribute API, which
can be used to correct values from these untrusted inputs if necessary.
As an alternative to D15548, this approach makes it much easier to
understand when validation is being applied, without the need to add
arguments to every attribute API method or complicate the virtual
array system.
Currently validation is provided with a multi-function. That integrates
well with the field evaluations that set these values now, but it could
be wrapped to be friendlier to other areas of Blender in the future.
The Python API is not handled here either. Currently I would prefer to
wait until we can integrate the C++ and C attribute APIs better before
addressing that.
Fixes T100952
Differential Revision: https://developer.blender.org/D15990
Diffstat (limited to 'source/blender/blenkernel/BKE_attribute.hh')
| -rw-r--r-- | source/blender/blenkernel/BKE_attribute.hh | 35 |
1 files changed, 34 insertions, 1 deletions
diff --git a/source/blender/blenkernel/BKE_attribute.hh b/source/blender/blenkernel/BKE_attribute.hh index fbdacee139c..946a7d21580 100644 --- a/source/blender/blenkernel/BKE_attribute.hh +++ b/source/blender/blenkernel/BKE_attribute.hh @@ -16,6 +16,10 @@ struct Mesh; struct PointCloud; +namespace blender::fn { +class MultiFunction; +class GField; +} // namespace blender::fn namespace blender::bke { @@ -163,6 +167,27 @@ template<typename T> struct AttributeReader { }; /** + * A utility to make sure attribute values are valid, for attributes like "material_index" which + * can only be positive, or attributes that represent enum options. This is usually only necessary + * when writing attributes from an untrusted/arbitrary user input. + */ +struct AttributeValidator { + /** + * Single input, single output function that corrects attribute values if necessary. + */ + const fn::MultiFunction *function; + + operator bool() const + { + return this->function != nullptr; + } + /** + * Return a field that creates corrected attribute values. + */ + fn::GField validate_field_if_necessary(const fn::GField &field) const; +}; + +/** * Result when looking up an attribute from some geometry with read and write access. After writing * to the attribute, the #finish method has to be called. This may invalidate caches based on this * attribute. @@ -343,7 +368,7 @@ struct AttributeAccessorFunctions { eAttrDomain to_domain); bool (*for_all)(const void *owner, FunctionRef<bool(const AttributeIDRef &, const AttributeMetaData &)> fn); - + AttributeValidator (*lookup_validator)(const void *owner, const AttributeIDRef &attribute_id); GAttributeWriter (*lookup_for_write)(void *owner, const AttributeIDRef &attribute_id); bool (*remove)(void *owner, const AttributeIDRef &attribute_id); bool (*add)(void *owner, @@ -498,6 +523,14 @@ class AttributeAccessor { } /** + * Same as the generic version above, but should be used when the type is known at compile time. + */ + AttributeValidator lookup_validator(const AttributeIDRef &attribute_id) const + { + return fn_->lookup_validator(owner_, attribute_id); + } + + /** * Interpolate data from one domain to another. */ GVArray adapt_domain(const GVArray &varray, |