From 4da3d5bcdad42375dba3540236be78fe8c916d11 Mon Sep 17 00:00:00 2001 From: Sergey Sharybin Date: Mon, 19 Aug 2013 11:36:29 +0000 Subject: Fix read past end of array when drawing tracking markers keyframes Was introduced by plane track merge. --- source/blender/editors/space_clip/clip_draw.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source/blender/editors') diff --git a/source/blender/editors/space_clip/clip_draw.c b/source/blender/editors/space_clip/clip_draw.c index eb58bdc7696..202dd35d0d7 100644 --- a/source/blender/editors/space_clip/clip_draw.c +++ b/source/blender/editors/space_clip/clip_draw.c @@ -127,9 +127,11 @@ static int generic_track_get_marker_framenr(MovieTrackingTrack *track, MovieTrac int marker_index) { if (track) { + BLI_assert(marker_index < track->markersnr); return track->markers[marker_index].framenr; } else if (plane_track) { + BLI_assert(marker_index < plane_track->markersnr); return plane_track->markers[marker_index].framenr; } @@ -140,6 +142,7 @@ static bool generic_track_is_marker_enabled(MovieTrackingTrack *track, MovieTrac int marker_index) { if (track) { + BLI_assert(marker_index < track->markersnr); return (track->markers[marker_index].flag & MARKER_DISABLED) == 0; } else if (plane_track) { @@ -153,9 +156,11 @@ static bool generic_track_is_marker_keyframed(MovieTrackingTrack *track, MovieTr int marker_index) { if (track) { + BLI_assert(marker_index < track->markersnr); return (track->markers[marker_index].flag & MARKER_TRACKED) == 0; } else if (plane_track) { + BLI_assert(marker_index < plane_track->markersnr); return (plane_track->markers[marker_index].flag & PLANE_MARKER_TRACKED) == 0; } @@ -212,6 +217,8 @@ static void draw_movieclip_cache(SpaceClip *sc, ARegion *ar, MovieClip *clip, Sc a++; } + a = min_ii(a, markersnr - 1); + if (generic_track_is_marker_enabled(act_track, act_plane_track, a)) { framenr = generic_track_get_marker_framenr(act_track, act_plane_track, a); -- cgit v1.2.3