diff options
author | Brecht Van Lommel <brechtvanlommel@gmail.com> | 2018-01-15 00:14:20 +0300 |
---|---|---|
committer | Brecht Van Lommel <brechtvanlommel@gmail.com> | 2018-01-18 02:54:07 +0300 |
commit | e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 (patch) | |
tree | f9248150341b73cd72978f9075a453fe021c2995 /source/blender/modifiers/intern/MOD_util.c | |
parent | e0f2c7aff484c7448903a1466829675494ebae6c (diff) |
Fix buffer overflow vulnerabilities in mesh code.
Solves these security issues from T52924:
CVE-2017-12081
CVE-2017-12082
CVE-2017-12086
CVE-2017-12099
CVE-2017-12100
CVE-2017-12101
CVE-2017-12105
While the specific overflow issue may be fixed, loading the repro .blend
files may still crash because they are incomplete and corrupt. The way
they crash may be impossible to exploit, but this is difficult to prove.
Differential Revision: https://developer.blender.org/D3002
Diffstat (limited to 'source/blender/modifiers/intern/MOD_util.c')
-rw-r--r-- | source/blender/modifiers/intern/MOD_util.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/source/blender/modifiers/intern/MOD_util.c b/source/blender/modifiers/intern/MOD_util.c index ded1f0b77e6..5b19bcf4817 100644 --- a/source/blender/modifiers/intern/MOD_util.c +++ b/source/blender/modifiers/intern/MOD_util.c @@ -87,7 +87,7 @@ void get_texture_coords(MappingInfoModifierData *dmd, Object *ob, MPoly *mpoly = dm->getPolyArray(dm); MPoly *mp; MLoop *mloop = dm->getLoopArray(dm); - char *done = MEM_callocN(sizeof(*done) * numVerts, + char *done = MEM_calloc_arrayN(numVerts, sizeof(*done), "get_texture_coords done"); int numPolys = dm->getNumPolys(dm); char uvname[MAX_CUSTOMDATA_LAYER_NAME]; |