diff options
author | Campbell Barton <ideasman42@gmail.com> | 2012-11-01 13:56:18 +0400 |
---|---|---|
committer | Campbell Barton <ideasman42@gmail.com> | 2012-11-01 13:56:18 +0400 |
commit | 4fc1a3c8b392d7819e89e0aafc1ecef558a37d4a (patch) | |
tree | f056314aafe9cac4327738723d4d8bdce17433a7 /source | |
parent | f213ae0b19e55a5a17216dea4c4769ca6d7a0a38 (diff) |
fix for possible buffer overflow in gpu_nodes_get_vertex_attributes() and hair_velocity_smoothing()
and a unlikely NULL pointer dereference in unlink_material_cb().
Diffstat (limited to 'source')
-rw-r--r-- | source/blender/blenkernel/intern/implicit.c | 2 | ||||
-rw-r--r-- | source/blender/blenkernel/intern/mball.c | 9 | ||||
-rw-r--r-- | source/blender/editors/animation/fmodifier_ui.c | 2 | ||||
-rw-r--r-- | source/blender/editors/space_outliner/outliner_tools.c | 13 | ||||
-rw-r--r-- | source/blender/gpu/intern/gpu_codegen.c | 23 | ||||
-rw-r--r-- | source/blender/windowmanager/intern/wm_event_system.c | 2 |
6 files changed, 32 insertions, 19 deletions
diff --git a/source/blender/blenkernel/intern/implicit.c b/source/blender/blenkernel/intern/implicit.c index 39dcd73e0e5..92ac7b60207 100644 --- a/source/blender/blenkernel/intern/implicit.c +++ b/source/blender/blenkernel/intern/implicit.c @@ -1513,7 +1513,7 @@ static void hair_velocity_smoothing(ClothModifierData *clmd, lfVector *lF, lfVec i = HAIR_GRID_INDEX(lX[v], gmin, gmax, 0); j = HAIR_GRID_INDEX(lX[v], gmin, gmax, 1); k = HAIR_GRID_INDEX(lX[v], gmin, gmax, 2); - if (i < 0 || j < 0 || k < 0 || i > 10 || j >= 10 || k >= 10) + if (i < 0 || j < 0 || k < 0 || i > 10 || j > 10 || k > 10) continue; lF[v][0] += smoothfac * (grid[i][j][k].velocity[0] - lV[v][0]); diff --git a/source/blender/blenkernel/intern/mball.c b/source/blender/blenkernel/intern/mball.c index 592101fbd31..5da7ff86e61 100644 --- a/source/blender/blenkernel/intern/mball.c +++ b/source/blender/blenkernel/intern/mball.c @@ -1319,12 +1319,16 @@ static void addtovertices(VERTICES *vertices, VERTEX v) static void vnormal(const float point[3], PROCESS *p, float r_no[3]) { - float delta = 0.2f * p->delta; - float f = p->function(point[0], point[1], point[2]); + const float delta = 0.2f * p->delta; + const float f = p->function(point[0], point[1], point[2]); r_no[0] = p->function(point[0] + delta, point[1], point[2]) - f; r_no[1] = p->function(point[0], point[1] + delta, point[2]) - f; r_no[2] = p->function(point[0], point[1], point[2] + delta) - f; + +#if 1 + normalize_v3(r_no); +#else f = normalize_v3(r_no); if (0) { @@ -1343,6 +1347,7 @@ static void vnormal(const float point[3], PROCESS *p, float r_no[3]) normalize_v3(r_no); } } +#endif } diff --git a/source/blender/editors/animation/fmodifier_ui.c b/source/blender/editors/animation/fmodifier_ui.c index a591b51b0b3..79a4c9a769d 100644 --- a/source/blender/editors/animation/fmodifier_ui.c +++ b/source/blender/editors/animation/fmodifier_ui.c @@ -167,7 +167,7 @@ static void draw_modifier__generator(uiLayout *layout, ID *id, FModifier *fcm, s uiDefBut(block, LABEL, 1, "y =", 0, 0, 40, 20, NULL, 0.0, 0.0, 0, 0, ""); /* coefficient */ - uiDefButF(block, NUM, B_FMODIFIER_REDRAW, "", 0, 0, bwidth/2, 20, cp, -UI_FLT_MAX, UI_FLT_MAX, + uiDefButF(block, NUM, B_FMODIFIER_REDRAW, "", 0, 0, bwidth / 2, 20, cp, -UI_FLT_MAX, UI_FLT_MAX, 10, 3, TIP_("Coefficient for polynomial")); /* 'x' param (and '+' if necessary) */ diff --git a/source/blender/editors/space_outliner/outliner_tools.c b/source/blender/editors/space_outliner/outliner_tools.c index 5fb9780c700..3b83279e09d 100644 --- a/source/blender/editors/space_outliner/outliner_tools.c +++ b/source/blender/editors/space_outliner/outliner_tools.c @@ -158,11 +158,16 @@ static void unlink_material_cb(bContext *UNUSED(C), Scene *UNUSED(scene), TreeEl totcol = mb->totcol; matar = mb->mat; } + else { + BLI_assert(0); + } - for (a = 0; a < totcol; a++) { - if (a == te->index && matar[a]) { - matar[a]->id.us--; - matar[a] = NULL; + if (LIKELY(matar != NULL)) { + for (a = 0; a < totcol; a++) { + if (a == te->index && matar[a]) { + matar[a]->id.us--; + matar[a] = NULL; + } } } } diff --git a/source/blender/gpu/intern/gpu_codegen.c b/source/blender/gpu/intern/gpu_codegen.c index b90e67ac838..b4490e656f3 100644 --- a/source/blender/gpu/intern/gpu_codegen.c +++ b/source/blender/gpu/intern/gpu_codegen.c @@ -1046,17 +1046,20 @@ static void gpu_nodes_get_vertex_attributes(ListBase *nodes, GPUVertexAttribs *a } } - if (a == attribs->totlayer && a < GPU_MAX_ATTRIB) { - input->attribid = attribs->totlayer++; - input->attribfirst = 1; - - attribs->layer[a].type = input->attribtype; - attribs->layer[a].attribid = input->attribid; - BLI_strncpy(attribs->layer[a].name, input->attribname, - sizeof(attribs->layer[a].name)); + if (a < GPU_MAX_ATTRIB) { + if (a == attribs->totlayer) { + input->attribid = attribs->totlayer++; + input->attribfirst = 1; + + attribs->layer[a].type = input->attribtype; + attribs->layer[a].attribid = input->attribid; + BLI_strncpy(attribs->layer[a].name, input->attribname, + sizeof(attribs->layer[a].name)); + } + else { + input->attribid = attribs->layer[a].attribid; + } } - else - input->attribid = attribs->layer[a].attribid; } } } diff --git a/source/blender/windowmanager/intern/wm_event_system.c b/source/blender/windowmanager/intern/wm_event_system.c index ffcbf399d5a..e8e6a026b41 100644 --- a/source/blender/windowmanager/intern/wm_event_system.c +++ b/source/blender/windowmanager/intern/wm_event_system.c @@ -2802,7 +2802,7 @@ void wm_event_add_ghostevent(wmWindowManager *wm, wmWindow *win, int type, int U event.y = evt->y = (win->sizey - 1) - cy; } - event.val= 0; + event.val = 0; /* Use prevx/prevy so we can calculate the delta later */ event.prevx = event.x - pd->deltaX; |