From c973d333da31c139c69943f743a2f342be610cce Mon Sep 17 00:00:00 2001 From: Bastien Montagne Date: Mon, 22 Aug 2022 12:10:04 +0200 Subject: Fix T100527: Right click in the attribute name field crashes blender. `UI_context_active_but_prop_get_templateID` became much more widely used with recent rBfec254364884, which revealed that it did not do any check on actual type of data it accesses, resulting easily in undefined behavior. Now also check the callback function pointer, this should be safe enough. Patch by @Severin (Julian Eisel), many thanks! --- source/blender/editors/interface/interface_templates.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'source/blender') diff --git a/source/blender/editors/interface/interface_templates.c b/source/blender/editors/interface/interface_templates.c index f3912eed9d6..37139e8d078 100644 --- a/source/blender/editors/interface/interface_templates.c +++ b/source/blender/editors/interface/interface_templates.c @@ -571,8 +571,11 @@ static uiBlock *id_search_menu(bContext *C, ARegion *region, void *arg_litem) /** \name ID Template * \{ */ -/* This is for browsing and editing the ID-blocks used */ +static void template_id_cb(bContext *C, void *arg_litem, void *arg_event); +/** + * This is for browsing and editing the ID-blocks used. + */ void UI_context_active_but_prop_get_templateID(bContext *C, PointerRNA *r_ptr, PropertyRNA **r_prop) @@ -582,7 +585,7 @@ void UI_context_active_but_prop_get_templateID(bContext *C, memset(r_ptr, 0, sizeof(*r_ptr)); *r_prop = NULL; - if (but && but->func_argN) { + if (but && (but->funcN == template_id_cb) && but->func_argN) { TemplateID *template_ui = but->func_argN; *r_ptr = template_ui->ptr; *r_prop = template_ui->prop; -- cgit v1.2.3