From a41008964c76014246417b045bd543a44397b3ca Mon Sep 17 00:00:00 2001 From: Ray Molenkamp Date: Sun, 31 Mar 2019 13:45:13 -0600 Subject: Fix: Buffer overflow in StudioLight sl->light_ambient is a float[3], copy_v4_fl4 overwrites sl->free_function with a bogus pointer on 32 bit. --- source/blender/blenkernel/intern/studiolight.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source/blender/blenkernel/intern/studiolight.c') diff --git a/source/blender/blenkernel/intern/studiolight.c b/source/blender/blenkernel/intern/studiolight.c index 7fe21053794..38975f9a227 100644 --- a/source/blender/blenkernel/intern/studiolight.c +++ b/source/blender/blenkernel/intern/studiolight.c @@ -1184,7 +1184,7 @@ void BKE_studiolight_init(void) STUDIOLIGHT_INTERNAL | STUDIOLIGHT_SPHERICAL_HARMONICS_COEFFICIENTS_CALCULATED | STUDIOLIGHT_TYPE_STUDIO); BLI_strncpy(sl->name, "Default", FILE_MAXFILE); - copy_v4_fl4(sl->light_ambient, 0.025000, 0.025000, 0.025000, 1.000000); + copy_v3_fl3(sl->light_ambient, 0.025000, 0.025000, 0.025000); copy_v4_fl4(sl->light[0].vec, -0.580952, 0.228571, 0.781185, 0.0); copy_v4_fl4(sl->light[0].col, 0.900000, 0.900000, 0.900000, 1.000000); -- cgit v1.2.3