diff options
author | Brecht Van Lommel <brechtvanlommel@gmail.com> | 2018-01-15 00:14:20 +0300 |
---|---|---|
committer | Brecht Van Lommel <brechtvanlommel@gmail.com> | 2018-01-18 02:54:07 +0300 |
commit | e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 (patch) | |
tree | f9248150341b73cd72978f9075a453fe021c2995 /source/blender/modifiers/intern/MOD_build.c | |
parent | e0f2c7aff484c7448903a1466829675494ebae6c (diff) |
Fix buffer overflow vulnerabilities in mesh code.
Solves these security issues from T52924:
CVE-2017-12081
CVE-2017-12082
CVE-2017-12086
CVE-2017-12099
CVE-2017-12100
CVE-2017-12101
CVE-2017-12105
While the specific overflow issue may be fixed, loading the repro .blend
files may still crash because they are incomplete and corrupt. The way
they crash may be impossible to exploit, but this is difficult to prove.
Differential Revision: https://developer.blender.org/D3002
Diffstat (limited to 'source/blender/modifiers/intern/MOD_build.c')
-rw-r--r-- | source/blender/modifiers/intern/MOD_build.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/source/blender/modifiers/intern/MOD_build.c b/source/blender/modifiers/intern/MOD_build.c index 56a274b9ac9..62da8b8ffea 100644 --- a/source/blender/modifiers/intern/MOD_build.c +++ b/source/blender/modifiers/intern/MOD_build.c @@ -104,9 +104,9 @@ static DerivedMesh *applyModifier(ModifierData *md, Object *UNUSED(ob), MVert *mvert_src = dm->getVertArray(dm); - vertMap = MEM_mallocN(sizeof(*vertMap) * numVert_src, "build modifier vertMap"); - edgeMap = MEM_mallocN(sizeof(*edgeMap) * numEdge_src, "build modifier edgeMap"); - faceMap = MEM_mallocN(sizeof(*faceMap) * numPoly_src, "build modifier faceMap"); + vertMap = MEM_malloc_arrayN(numVert_src, sizeof(*vertMap), "build modifier vertMap"); + edgeMap = MEM_malloc_arrayN(numEdge_src, sizeof(*edgeMap), "build modifier edgeMap"); + faceMap = MEM_malloc_arrayN(numPoly_src, sizeof(*faceMap), "build modifier faceMap"); range_vn_i(vertMap, numVert_src, 0); range_vn_i(edgeMap, numEdge_src, 0); |