From e0ae229acb2aa63ffba05dc53045577dbb876acf Mon Sep 17 00:00:00 2001 From: Brecht Van Lommel Date: Mon, 18 May 2020 18:07:09 +0200 Subject: Fix potential crash due to dyntopo GPU buffer invalid memory access When the number of triangles in a node became zero, the wireframe batch was not freed along with the triangles batch and could still reference a freed vertex buffer. Ref T76858 --- source/blender/gpu/intern/gpu_buffers.c | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) (limited to 'source/blender/gpu') diff --git a/source/blender/gpu/intern/gpu_buffers.c b/source/blender/gpu/intern/gpu_buffers.c index e9061f1a029..5221cc09ad9 100644 --- a/source/blender/gpu/intern/gpu_buffers.c +++ b/source/blender/gpu/intern/gpu_buffers.c @@ -1083,13 +1083,24 @@ short GPU_pbvh_buffers_material_index_get(GPU_PBVH_Buffers *buffers) return buffers->material_index; } +static void gpu_pbvh_buffers_clear(GPU_PBVH_Buffers *buffers) +{ + GPU_BATCH_DISCARD_SAFE(buffers->lines); + GPU_BATCH_DISCARD_SAFE(buffers->lines_fast); + GPU_BATCH_DISCARD_SAFE(buffers->triangles); + GPU_BATCH_DISCARD_SAFE(buffers->triangles_fast); + GPU_INDEXBUF_DISCARD_SAFE(buffers->index_lines_buf_fast); + GPU_INDEXBUF_DISCARD_SAFE(buffers->index_lines_buf); + GPU_INDEXBUF_DISCARD_SAFE(buffers->index_buf_fast); + GPU_INDEXBUF_DISCARD_SAFE(buffers->index_buf); + GPU_VERTBUF_DISCARD_SAFE(buffers->vert_buf); +} + void GPU_pbvh_buffers_update_flush(GPU_PBVH_Buffers *buffers) { /* Free empty bmesh node buffers. */ if (buffers->clear_bmesh_on_flush) { - GPU_BATCH_DISCARD_SAFE(buffers->triangles); - GPU_INDEXBUF_DISCARD_SAFE(buffers->index_buf); - GPU_VERTBUF_DISCARD_SAFE(buffers->vert_buf); + gpu_pbvh_buffers_clear(buffers); buffers->clear_bmesh_on_flush = false; } @@ -1102,16 +1113,7 @@ void GPU_pbvh_buffers_update_flush(GPU_PBVH_Buffers *buffers) void GPU_pbvh_buffers_free(GPU_PBVH_Buffers *buffers) { if (buffers) { - GPU_BATCH_DISCARD_SAFE(buffers->lines); - GPU_BATCH_DISCARD_SAFE(buffers->lines_fast); - GPU_BATCH_DISCARD_SAFE(buffers->triangles); - GPU_BATCH_DISCARD_SAFE(buffers->triangles_fast); - GPU_INDEXBUF_DISCARD_SAFE(buffers->index_lines_buf_fast); - GPU_INDEXBUF_DISCARD_SAFE(buffers->index_lines_buf); - GPU_INDEXBUF_DISCARD_SAFE(buffers->index_buf_fast); - GPU_INDEXBUF_DISCARD_SAFE(buffers->index_buf); - GPU_VERTBUF_DISCARD_SAFE(buffers->vert_buf); - + gpu_pbvh_buffers_clear(buffers); MEM_freeN(buffers); } } -- cgit v1.2.3 From c4ee94328fba1f70ca29df42ffff471aaeee2a82 Mon Sep 17 00:00:00 2001 From: Brecht Van Lommel Date: Mon, 18 May 2020 21:22:02 +0200 Subject: Fix invalid bit shift when GPU shader attribute is not found --- source/blender/gpu/intern/gpu_shader_interface.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source/blender/gpu') diff --git a/source/blender/gpu/intern/gpu_shader_interface.c b/source/blender/gpu/intern/gpu_shader_interface.c index cb1cd9a6f6d..8cd1afad536 100644 --- a/source/blender/gpu/intern/gpu_shader_interface.c +++ b/source/blender/gpu/intern/gpu_shader_interface.c @@ -257,7 +257,9 @@ GPUShaderInterface *GPU_shaderinterface_create(int32_t program) input->location = glGetAttribLocation(program, name); - shaderface->enabled_attr_mask |= (1 << input->location); + if (input->location != -1) { + shaderface->enabled_attr_mask |= (1 << input->location); + } set_input_name(shaderface, input, name, name_len); -- cgit v1.2.3