From 7aa39b40f40c2b037f97e009eabf8d4698c41ee4 Mon Sep 17 00:00:00 2001 From: Martijn Versteegh Date: Thu, 11 Nov 2021 09:25:10 -0600 Subject: Fix: Prevent use of uninitialized memory when creating Bezier spline When Constructing bezier splines from dna, the positions of the left/right handles were set directly in the internal vectors, by requesting a reference to them. The problem is that BezierSpline::handle_positions_left() calls ensure_auto_handles() before returning the reference. That function does some calculations on uninitialized memory if the positions array is not yet filled. Differential Revision: https://developer.blender.org/D13107 --- source/blender/blenkernel/intern/curve_eval.cc | 4 ++-- source/blender/blenkernel/intern/spline_bezier.cc | 13 +++++++++---- 2 files changed, 11 insertions(+), 6 deletions(-) (limited to 'source/blender/blenkernel/intern') diff --git a/source/blender/blenkernel/intern/curve_eval.cc b/source/blender/blenkernel/intern/curve_eval.cc index bb745d5b20d..ff0478f2543 100644 --- a/source/blender/blenkernel/intern/curve_eval.cc +++ b/source/blender/blenkernel/intern/curve_eval.cc @@ -225,8 +225,8 @@ static SplinePtr spline_from_dna_bezier(const Nurb &nurb) Span src_points{nurb.bezt, nurb.pntsu}; spline->resize(src_points.size()); MutableSpan positions = spline->positions(); - MutableSpan handle_positions_left = spline->handle_positions_left(); - MutableSpan handle_positions_right = spline->handle_positions_right(); + MutableSpan handle_positions_left = spline->handle_positions_left(true); + MutableSpan handle_positions_right = spline->handle_positions_right(true); MutableSpan handle_types_left = spline->handle_types_left(); MutableSpan handle_types_right = spline->handle_types_right(); MutableSpan radii = spline->radii(); diff --git a/source/blender/blenkernel/intern/spline_bezier.cc b/source/blender/blenkernel/intern/spline_bezier.cc index e760bf3495e..166fe0f5464 100644 --- a/source/blender/blenkernel/intern/spline_bezier.cc +++ b/source/blender/blenkernel/intern/spline_bezier.cc @@ -142,11 +142,14 @@ Span BezierSpline::handle_positions_left() const this->ensure_auto_handles(); return handle_positions_left_; } -MutableSpan BezierSpline::handle_positions_left() +MutableSpan BezierSpline::handle_positions_left(const bool write_only) { - this->ensure_auto_handles(); + if (!write_only) { + this->ensure_auto_handles(); + } return handle_positions_left_; } + Span BezierSpline::handle_types_right() const { return handle_types_right_; @@ -160,9 +163,11 @@ Span BezierSpline::handle_positions_right() const this->ensure_auto_handles(); return handle_positions_right_; } -MutableSpan BezierSpline::handle_positions_right() +MutableSpan BezierSpline::handle_positions_right(const bool write_only) { - this->ensure_auto_handles(); + if (!write_only) { + this->ensure_auto_handles(); + } return handle_positions_right_; } -- cgit v1.2.3