diff options
author | Clément Foucault <foucault.clem@gmail.com> | 2022-06-29 13:11:05 +0300 |
---|---|---|
committer | Clément Foucault <foucault.clem@gmail.com> | 2022-06-29 15:12:03 +0300 |
commit | 45fb7a1db55d5f6abd54332450b48b0d99295cd9 (patch) | |
tree | 6c86a0701db852bb011fb2236f787b19e3f1f6fd /source/blender | |
parent | 4a9f60ecd291254ad32854b945c673dfc1e12137 (diff) |
Fix T98825: EEVEE: Regression: Buffer overflow in sample name buffer
This happened because of the false assumption that `std::array<char, 32>`
would be treated as a container and not relocate their content if the
`Vector` would grow. Replacing with actual object allocation fixes the
issue.
Candidate for 3.2.1 corrective release.
Diffstat (limited to 'source/blender')
-rw-r--r-- | source/blender/gpu/intern/gpu_codegen.cc | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/source/blender/gpu/intern/gpu_codegen.cc b/source/blender/gpu/intern/gpu_codegen.cc index fa7ce3a364b..453428cb648 100644 --- a/source/blender/gpu/intern/gpu_codegen.cc +++ b/source/blender/gpu/intern/gpu_codegen.cc @@ -52,16 +52,19 @@ using namespace blender::gpu::shader; */ struct GPUCodegenCreateInfo : ShaderCreateInfo { struct NameBuffer { + using NameEntry = std::array<char, 32>; + /** Duplicate attribute names to avoid reference the GPUNodeGraph directly. */ char attr_names[16][GPU_MAX_SAFE_ATTR_NAME + 1]; char var_names[16][8]; - blender::Vector<std::array<char, 32>, 16> sampler_names; + blender::Vector<std::unique_ptr<NameEntry>, 16> sampler_names; /* Returns the appended name memory location */ const char *append_sampler_name(const char name[32]) { - auto index = sampler_names.append_and_get_index(std::array<char, 32>()); - char *name_buffer = sampler_names[index].data(); + auto index = sampler_names.size(); + sampler_names.append(std::make_unique<NameEntry>()); + char *name_buffer = sampler_names[index]->data(); memcpy(name_buffer, name, 32); return name_buffer; } |