From 49a35033be60e58ed4910346bc29ffa1954b34ec Mon Sep 17 00:00:00 2001 From: Dalai Felinto Date: Fri, 30 Jun 2017 18:59:29 +0200 Subject: Fix T51877: Deleting a scene uses freed memory At the moment libblock_remap_data_preprocess is using FOREACH_SCENE_OBJECT to iterate over all the objects of the scene and unlink them. However we were storing a reference to the Base of the removed object. Anyways, the loop is now sanitized so that this crash no longer happens. Also now we have an unittest for this. --- source/blender/blenkernel/intern/collection.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source/blender/blenkernel/intern/collection.c') diff --git a/source/blender/blenkernel/intern/collection.c b/source/blender/blenkernel/intern/collection.c index caaf482736b..38534f03123 100644 --- a/source/blender/blenkernel/intern/collection.c +++ b/source/blender/blenkernel/intern/collection.c @@ -565,7 +565,7 @@ void BKE_scene_collections_iterator_end(struct BLI_Iterator *iter) typedef struct SceneObjectsIteratorData { GSet *visited; - LinkData *link; + LinkData *link_next; BLI_Iterator scene_collection_iter; } SceneObjectsIteratorData; @@ -609,10 +609,10 @@ static LinkData *object_base_unique(GSet *gs, LinkData *link) void BKE_scene_objects_iterator_next(BLI_Iterator *iter) { SceneObjectsIteratorData *data = iter->data; - LinkData *link = data->link ? object_base_unique(data->visited, data->link->next) : NULL; + LinkData *link = data->link_next ? object_base_unique(data->visited, data->link_next) : NULL; if (link) { - data->link = link; + data->link_next = link->next; iter->current = link->data; } else { @@ -624,8 +624,8 @@ void BKE_scene_objects_iterator_next(BLI_Iterator *iter) /* get the first unique object of this collection */ LinkData *new_link = object_base_unique(data->visited, sc->objects.first); if (new_link) { - data->link = new_link; - iter->current = data->link->data; + data->link_next = new_link->next; + iter->current = new_link->data; return; } BKE_scene_collections_iterator_next(&data->scene_collection_iter); -- cgit v1.2.3