From 194a57fd631f755a1a443ff0ccd7c7d9c066d394 Mon Sep 17 00:00:00 2001
From: Nathan Craddock <nzcraddock@gmail.com>
Date: Sat, 14 Nov 2020 14:09:53 -0700
Subject: Outliner: Fix memory errors in runtime data

Fix a heap-use-after-free when duplicating outliner editors, and fully
free runtime data when freeing outliner editors.
---
 source/blender/editors/space_outliner/space_outliner.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'source/blender')

diff --git a/source/blender/editors/space_outliner/space_outliner.c b/source/blender/editors/space_outliner/space_outliner.c
index ce772043e3b..5ec55eee7fb 100644
--- a/source/blender/editors/space_outliner/space_outliner.c
+++ b/source/blender/editors/space_outliner/space_outliner.c
@@ -53,6 +53,7 @@
 
 #include "GPU_framebuffer.h"
 #include "outliner_intern.h"
+#include "tree/tree_display.h"
 
 static void outliner_main_region_init(wmWindowManager *wm, ARegion *region)
 {
@@ -353,6 +354,7 @@ static void outliner_free(SpaceLink *sl)
   }
 
   if (space_outliner->runtime) {
+    outliner_tree_display_destroy(&space_outliner->runtime->tree_display);
     MEM_freeN(space_outliner->runtime);
   }
 }
@@ -381,6 +383,7 @@ static SpaceLink *outliner_duplicate(SpaceLink *sl)
 
   if (space_outliner->runtime) {
     space_outliner_new->runtime = MEM_dupallocN(space_outliner->runtime);
+    space_outliner_new->runtime->tree_display = NULL;
   }
 
   return (SpaceLink *)space_outliner_new;
-- 
cgit v1.2.3