From 45fb7a1db55d5f6abd54332450b48b0d99295cd9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20Foucault?= Date: Wed, 29 Jun 2022 12:11:05 +0200 Subject: Fix T98825: EEVEE: Regression: Buffer overflow in sample name buffer This happened because of the false assumption that `std::array` would be treated as a container and not relocate their content if the `Vector` would grow. Replacing with actual object allocation fixes the issue. Candidate for 3.2.1 corrective release. --- source/blender/gpu/intern/gpu_codegen.cc | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/source/blender/gpu/intern/gpu_codegen.cc b/source/blender/gpu/intern/gpu_codegen.cc index fa7ce3a364b..453428cb648 100644 --- a/source/blender/gpu/intern/gpu_codegen.cc +++ b/source/blender/gpu/intern/gpu_codegen.cc @@ -52,16 +52,19 @@ using namespace blender::gpu::shader; */ struct GPUCodegenCreateInfo : ShaderCreateInfo { struct NameBuffer { + using NameEntry = std::array; + /** Duplicate attribute names to avoid reference the GPUNodeGraph directly. */ char attr_names[16][GPU_MAX_SAFE_ATTR_NAME + 1]; char var_names[16][8]; - blender::Vector, 16> sampler_names; + blender::Vector, 16> sampler_names; /* Returns the appended name memory location */ const char *append_sampler_name(const char name[32]) { - auto index = sampler_names.append_and_get_index(std::array()); - char *name_buffer = sampler_names[index].data(); + auto index = sampler_names.size(); + sampler_names.append(std::make_unique()); + char *name_buffer = sampler_names[index]->data(); memcpy(name_buffer, name, 32); return name_buffer; } -- cgit v1.2.3