diff options
author | Brecht Van Lommel <brechtvanlommel@gmail.com> | 2018-01-15 00:14:20 +0300 |
---|---|---|
committer | Brecht Van Lommel <brechtvanlommel@gmail.com> | 2018-01-18 02:54:07 +0300 |
commit | e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 (patch) | |
tree | f9248150341b73cd72978f9075a453fe021c2995 /source/blender/modifiers/intern/MOD_warp.c | |
parent | e0f2c7aff484c7448903a1466829675494ebae6c (diff) |
Fix buffer overflow vulnerabilities in mesh code.
Solves these security issues from T52924:
CVE-2017-12081
CVE-2017-12082
CVE-2017-12086
CVE-2017-12099
CVE-2017-12100
CVE-2017-12101
CVE-2017-12105
While the specific overflow issue may be fixed, loading the repro .blend
files may still crash because they are incomplete and corrupt. The way
they crash may be impossible to exploit, but this is difficult to prove.
Differential Revision: https://developer.blender.org/D3002
Diffstat (limited to 'source/blender/modifiers/intern/MOD_warp.c')
-rw-r--r-- | source/blender/modifiers/intern/MOD_warp.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/source/blender/modifiers/intern/MOD_warp.c b/source/blender/modifiers/intern/MOD_warp.c index b340356467a..62813d75793 100644 --- a/source/blender/modifiers/intern/MOD_warp.c +++ b/source/blender/modifiers/intern/MOD_warp.c @@ -237,7 +237,7 @@ static void warpModifier_do(WarpModifierData *wmd, Object *ob, weight = strength; if (wmd->texture) { - tex_co = MEM_mallocN(sizeof(*tex_co) * numVerts, "warpModifier_do tex_co"); + tex_co = MEM_malloc_arrayN(numVerts, sizeof(*tex_co), "warpModifier_do tex_co"); get_texture_coords((MappingInfoModifierData *)wmd, ob, dm, vertexCos, tex_co, numVerts); modifier_init_texture(wmd->modifier.scene, wmd->texture); |