From 7aa39b40f40c2b037f97e009eabf8d4698c41ee4 Mon Sep 17 00:00:00 2001 From: Martijn Versteegh Date: Thu, 11 Nov 2021 09:25:10 -0600 Subject: Fix: Prevent use of uninitialized memory when creating Bezier spline When Constructing bezier splines from dna, the positions of the left/right handles were set directly in the internal vectors, by requesting a reference to them. The problem is that BezierSpline::handle_positions_left() calls ensure_auto_handles() before returning the reference. That function does some calculations on uninitialized memory if the positions array is not yet filled. Differential Revision: https://developer.blender.org/D13107 --- source/blender/blenkernel/BKE_spline.hh | 16 ++++++++++++++-- source/blender/blenkernel/intern/curve_eval.cc | 4 ++-- source/blender/blenkernel/intern/spline_bezier.cc | 13 +++++++++---- 3 files changed, 25 insertions(+), 8 deletions(-) (limited to 'source/blender/blenkernel') diff --git a/source/blender/blenkernel/BKE_spline.hh b/source/blender/blenkernel/BKE_spline.hh index 8509b730709..55a4f6ffcfd 100644 --- a/source/blender/blenkernel/BKE_spline.hh +++ b/source/blender/blenkernel/BKE_spline.hh @@ -306,11 +306,23 @@ class BezierSpline final : public Spline { blender::Span handle_types_left() const; blender::MutableSpan handle_types_left(); blender::Span handle_positions_left() const; - blender::MutableSpan handle_positions_left(); + /** + * Get writable access to the hande position. + * + * \param write_only: pass true for an uninitialized spline, this prevents accessing + * uninitialized memory while autogenerating handles. + */ + blender::MutableSpan handle_positions_left(bool write_only = false); blender::Span handle_types_right() const; blender::MutableSpan handle_types_right(); blender::Span handle_positions_right() const; - blender::MutableSpan handle_positions_right(); + /** + * Get writable access to the hande position. + * + * \param write_only: pass true for an uninitialized spline, this prevents accessing + * uninitialized memory while autogenerating handles. + */ + blender::MutableSpan handle_positions_right(bool write_only = false); void ensure_auto_handles() const; void translate(const blender::float3 &translation) override; diff --git a/source/blender/blenkernel/intern/curve_eval.cc b/source/blender/blenkernel/intern/curve_eval.cc index bb745d5b20d..ff0478f2543 100644 --- a/source/blender/blenkernel/intern/curve_eval.cc +++ b/source/blender/blenkernel/intern/curve_eval.cc @@ -225,8 +225,8 @@ static SplinePtr spline_from_dna_bezier(const Nurb &nurb) Span src_points{nurb.bezt, nurb.pntsu}; spline->resize(src_points.size()); MutableSpan positions = spline->positions(); - MutableSpan handle_positions_left = spline->handle_positions_left(); - MutableSpan handle_positions_right = spline->handle_positions_right(); + MutableSpan handle_positions_left = spline->handle_positions_left(true); + MutableSpan handle_positions_right = spline->handle_positions_right(true); MutableSpan handle_types_left = spline->handle_types_left(); MutableSpan handle_types_right = spline->handle_types_right(); MutableSpan radii = spline->radii(); diff --git a/source/blender/blenkernel/intern/spline_bezier.cc b/source/blender/blenkernel/intern/spline_bezier.cc index e760bf3495e..166fe0f5464 100644 --- a/source/blender/blenkernel/intern/spline_bezier.cc +++ b/source/blender/blenkernel/intern/spline_bezier.cc @@ -142,11 +142,14 @@ Span BezierSpline::handle_positions_left() const this->ensure_auto_handles(); return handle_positions_left_; } -MutableSpan BezierSpline::handle_positions_left() +MutableSpan BezierSpline::handle_positions_left(const bool write_only) { - this->ensure_auto_handles(); + if (!write_only) { + this->ensure_auto_handles(); + } return handle_positions_left_; } + Span BezierSpline::handle_types_right() const { return handle_types_right_; @@ -160,9 +163,11 @@ Span BezierSpline::handle_positions_right() const this->ensure_auto_handles(); return handle_positions_right_; } -MutableSpan BezierSpline::handle_positions_right() +MutableSpan BezierSpline::handle_positions_right(const bool write_only) { - this->ensure_auto_handles(); + if (!write_only) { + this->ensure_auto_handles(); + } return handle_positions_right_; } -- cgit v1.2.3