Fix T94674: crash reading ORCOs from an Alembic animation

The crash is caused as the data is only for the first frame, but the mesh changes topology, so reading the data in subsequent frames causes a buffer overflow. To fix this, we check that the data size matches the mesh's vertex count.
author: Kévin Dietrich <kevin.dietrich@mailoo.org> 2022-01-06 13:47:40 +0300
committer: Kévin Dietrich <kevin.dietrich@mailoo.org> 2022-01-06 13:48:44 +0300
commit: 88e15ff1e6864959782cc8af1f874c60c51764f4 (patch)
tree: 9268525da25cd505169383f6f47657644c64fb07 /source/blender/io
parent: ed3fecae8e5f6f542fcfe0d58e7275283c982b3a (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/source/blender/io/alembic/intern/abc_customdata.cc b/source/blender/io/alembic/intern/abc_customdata.cc
index 830ec731e20..4e2dcc9b8cd 100644
--- a/source/blender/io/alembic/intern/abc_customdata.cc
+++ b/source/blender/io/alembic/intern/abc_customdata.cc
@@ -545,6 +545,12 @@ void read_generated_coordinates(const ICompoundProperty &prop,
   const size_t totvert = abc_ocro.get()->size();
   Mesh *mesh = config.mesh;
 
+  if (totvert != mesh->totvert) {
+    /* Either the data is somehow corrupted, or we have a dynamic simulation where only the ORCOs
+     * for the first frame were exported. */
+    return;
+  }
+
   void *cd_data;
   if (CustomData_has_layer(&mesh->vdata, CD_ORCO)) {
     cd_data = CustomData_get_layer(&mesh->vdata, CD_ORCO);
author	Kévin Dietrich <kevin.dietrich@mailoo.org>	2022-01-06 13:47:40 +0300
committer	Kévin Dietrich <kevin.dietrich@mailoo.org>	2022-01-06 13:48:44 +0300
commit	88e15ff1e6864959782cc8af1f874c60c51764f4 (patch)
tree	9268525da25cd505169383f6f47657644c64fb07 /source/blender/io
parent	ed3fecae8e5f6f542fcfe0d58e7275283c982b3a (diff)