diff options
author | Bastien Montagne <bastien@blender.org> | 2020-10-30 17:31:01 +0300 |
---|---|---|
committer | Bastien Montagne <bastien@blender.org> | 2020-10-30 17:33:25 +0300 |
commit | 8b836f6894a375bee1fe6ffcd5f8ce609571ad9e (patch) | |
tree | ce078384f190c9b7123fce1a51bd7f4c99012525 /source/blender/blenkernel/intern/lattice_deform.c | |
parent | a1d8559a429b30fe6a81bff4dd212e0ab42c1043 (diff) |
Fix (unreported) buffer-overflow in new lattice code.
Follow-up to rBc0beeeb5de0cbc, fixing overflow accesses on arrays
introduced by rB042143440d76.
It's never 'OK' to access invalid memory...
Diffstat (limited to 'source/blender/blenkernel/intern/lattice_deform.c')
-rw-r--r-- | source/blender/blenkernel/intern/lattice_deform.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/source/blender/blenkernel/intern/lattice_deform.c b/source/blender/blenkernel/intern/lattice_deform.c index 43965813b84..382661ff070 100644 --- a/source/blender/blenkernel/intern/lattice_deform.c +++ b/source/blender/blenkernel/intern/lattice_deform.c @@ -235,10 +235,16 @@ void BKE_lattice_deform_data_eval_co(LatticeDeformData *lattice_deform_data, #ifdef __SSE2__ { __m128 weight_vec = _mm_set1_ps(u); - /* This will load one extra element, this is ok because - * we ignore that part of register anyway. - */ - __m128 lattice_vec = _mm_loadu_ps(&latticedata[idx * 3]); + /* We need to address special case for last item to avoid accessing invalid memory. */ + __m128 lattice_vec; + if (idx * 3 == idx_w_max) { + copy_v3_v3((float *)&lattice_vec, &latticedata[idx * 3]); + } + else { + /* When not on last item, we can safely access one extra float, it will be ignored + * anyway. */ + lattice_vec = _mm_loadu_ps(&latticedata[idx * 3]); + } co_vec = _mm_add_ps(co_vec, _mm_mul_ps(lattice_vec, weight_vec)); } #else |