From e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 Mon Sep 17 00:00:00 2001 From: Brecht Van Lommel Date: Sun, 14 Jan 2018 22:14:20 +0100 Subject: Fix buffer overflow vulnerabilities in mesh code. Solves these security issues from T52924: CVE-2017-12081 CVE-2017-12082 CVE-2017-12086 CVE-2017-12099 CVE-2017-12100 CVE-2017-12101 CVE-2017-12105 While the specific overflow issue may be fixed, loading the repro .blend files may still crash because they are incomplete and corrupt. The way they crash may be impossible to exploit, but this is difficult to prove. Differential Revision: https://developer.blender.org/D3002 --- source/blender/modifiers/intern/MOD_warp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source/blender/modifiers/intern/MOD_warp.c') diff --git a/source/blender/modifiers/intern/MOD_warp.c b/source/blender/modifiers/intern/MOD_warp.c index b340356467a..62813d75793 100644 --- a/source/blender/modifiers/intern/MOD_warp.c +++ b/source/blender/modifiers/intern/MOD_warp.c @@ -237,7 +237,7 @@ static void warpModifier_do(WarpModifierData *wmd, Object *ob, weight = strength; if (wmd->texture) { - tex_co = MEM_mallocN(sizeof(*tex_co) * numVerts, "warpModifier_do tex_co"); + tex_co = MEM_malloc_arrayN(numVerts, sizeof(*tex_co), "warpModifier_do tex_co"); get_texture_coords((MappingInfoModifierData *)wmd, ob, dm, vertexCos, tex_co, numVerts); modifier_init_texture(wmd->modifier.scene, wmd->texture); -- cgit v1.2.3