diff options
| author | Ton Roosendaal <ton@blender.org> | 2011-01-01 16:49:22 +0300 |
|---|---|---|
| committer | Ton Roosendaal <ton@blender.org> | 2011-01-01 16:49:22 +0300 |
| commit | d7c51aa3eb50fd173664b724c1d289f3faf989cd (patch) | |
| tree | ea31f25bf99ffd8fad0be0cf70dfba515980fe64 /source/blender/makesrna | |
| parent | 7040c89af052e4983e2d71b00ff11c1d0b9cd8cf (diff) | |
Bugfix #25437
Crash in Bezier animation (inserting keys on control points in
curve object). The animation rna paths were not fixed after an
editmode session, which got fixed 2 weeks ago, but for all older
binaries the issue can still pop up.
The crash happened because the RNA array-itterator was not doing
a boundary check, even whilst the array size was passed on to the
itterator callbacks. With rna then writing far outside of valid
memory, very bad and unpredictable corruptions happen.
I've added a range check now, and a decent print to denote the
issue. An assert quit is useless, since a tab-tab on curve objects
will fix the channels nicely.
Example of warning print:
Array itterator out of range: Spline_bezier_points_lookup_int (index 30 range 2)
Diffstat (limited to 'source/blender/makesrna')
| -rw-r--r-- | source/blender/makesrna/intern/makesrna.c | 6 | ||||
| -rw-r--r-- | source/blender/makesrna/intern/rna_access.c | 3 | ||||
| -rw-r--r-- | source/blender/makesrna/intern/rna_internal.h | 1 |
3 files changed, 8 insertions, 2 deletions
diff --git a/source/blender/makesrna/intern/makesrna.c b/source/blender/makesrna/intern/makesrna.c index c8e7fafbf5b..15dbe489f4e 100644 --- a/source/blender/makesrna/intern/makesrna.c +++ b/source/blender/makesrna/intern/makesrna.c @@ -971,7 +971,10 @@ static char *rna_def_property_lookup_int_func(FILE *f, StructRNA *srna, Property if(strcmp(nextfunc, "rna_iterator_array_next") == 0) { fprintf(f, " ArrayIterator *internal= iter.internal;\n"); - fprintf(f, " if(internal->skip) {\n"); + fprintf(f, " if(index < 0 || index >= internal->length) {\n"); + fprintf(f, " printf(\"Array itterator out of range: %%s (index %%d range %%d)\\n\", __func__, index, internal->length); \n"); + fprintf(f, " }\n"); + fprintf(f, " else if(internal->skip) {\n"); fprintf(f, " while(index-- > 0) {\n"); fprintf(f, " do {\n"); fprintf(f, " internal->ptr += internal->itemsize;\n"); @@ -2389,6 +2392,7 @@ static void rna_generate(BlenderRNA *brna, FILE *f, const char *filename, const "#define RNA_RUNTIME\n\n"); fprintf(f, "#include <float.h>\n"); + fprintf(f, "#include <stdio.h>\n"); fprintf(f, "#include <limits.h>\n"); fprintf(f, "#include <string.h>\n\n"); fprintf(f, "#include <stddef.h>\n\n"); diff --git a/source/blender/makesrna/intern/rna_access.c b/source/blender/makesrna/intern/rna_access.c index 8d596ac5025..5dba0a41a02 100644 --- a/source/blender/makesrna/intern/rna_access.c +++ b/source/blender/makesrna/intern/rna_access.c @@ -2828,7 +2828,8 @@ void rna_iterator_array_begin(CollectionPropertyIterator *iter, void *ptr, int i internal->endptr= ((char*)ptr)+length*itemsize; internal->itemsize= itemsize; internal->skip= skip; - + internal->length= length; + iter->internal= internal; iter->valid= (internal->ptr != internal->endptr); diff --git a/source/blender/makesrna/intern/rna_internal.h b/source/blender/makesrna/intern/rna_internal.h index cc1771adf8d..90c5a555221 100644 --- a/source/blender/makesrna/intern/rna_internal.h +++ b/source/blender/makesrna/intern/rna_internal.h @@ -324,6 +324,7 @@ typedef struct ArrayIterator { char *endptr; void *free_ptr; /* will be free'd if set */ int itemsize; + int length; IteratorSkipFunc skip; } ArrayIterator; |