From 919e38cfc800fa2ee148e9b4ea8e2e56f4bc08b6 Mon Sep 17 00:00:00 2001 From: Campbell Barton Date: Fri, 20 Feb 2015 17:17:36 +1100 Subject: Fix for unlikely NULL pointer dereference Potential crash reading freestyle modifiers from future blend-files --- source/blender/blenkernel/intern/fcurve.c | 2 +- source/blender/blenkernel/intern/linestyle.c | 6 ++++++ source/blender/gpu/intern/gpu_compositing.c | 4 +++- source/blender/render/intern/source/bake_api.c | 1 - 4 files changed, 10 insertions(+), 3 deletions(-) (limited to 'source') diff --git a/source/blender/blenkernel/intern/fcurve.c b/source/blender/blenkernel/intern/fcurve.c index 765917794e8..81321b9dbc2 100644 --- a/source/blender/blenkernel/intern/fcurve.c +++ b/source/blender/blenkernel/intern/fcurve.c @@ -2102,7 +2102,7 @@ static float fcurve_eval_keyframes(FCurve *fcu, BezTriple *bezts, float evaltime * This lower bound was established in b888a32eee8147b028464336ad2404d8155c64dd */ a = binarysearch_bezt_index_ex(bezts, evaltime, fcu->totvert, 0.0001, &exact); - if (G.debug & G_DEBUG) printf("eval fcurve '%s' - %f => %d/%d, %d\n", fcu->rna_path, evaltime, a, fcu->totvert, exact); + if (G.debug & G_DEBUG) printf("eval fcurve '%s' - %f => %u/%u, %d\n", fcu->rna_path, evaltime, a, fcu->totvert, exact); if (exact) { /* index returned must be interpreted differently when it sits on top of an existing keyframe diff --git a/source/blender/blenkernel/intern/linestyle.c b/source/blender/blenkernel/intern/linestyle.c index d244e9d79d2..1a5760b049c 100644 --- a/source/blender/blenkernel/intern/linestyle.c +++ b/source/blender/blenkernel/intern/linestyle.c @@ -280,6 +280,9 @@ LineStyleModifier *BKE_linestyle_color_modifier_add(FreestyleLineStyle *linestyl LineStyleModifier *m; m = alloc_color_modifier(name, type); + if (UNLIKELY(m == NULL)) { + return NULL; + } m->blend = MA_RAMP_BLEND; switch (type) { @@ -314,6 +317,9 @@ LineStyleModifier *BKE_linestyle_color_modifier_copy(FreestyleLineStyle *linesty LineStyleModifier *new_m; new_m = alloc_color_modifier(m->name, m->type); + if (UNLIKELY(new_m == NULL)) { + return NULL; + } new_m->influence = m->influence; new_m->flags = m->flags; new_m->blend = m->blend; diff --git a/source/blender/gpu/intern/gpu_compositing.c b/source/blender/gpu/intern/gpu_compositing.c index 89fa1a599c2..e0a55b21921 100644 --- a/source/blender/gpu/intern/gpu_compositing.c +++ b/source/blender/gpu/intern/gpu_compositing.c @@ -267,7 +267,7 @@ bool GPU_fx_compositor_initialize_passes( int w = BLI_rcti_size_x(rect), h = BLI_rcti_size_y(rect); char err_out[256]; int num_passes = 0; - char fx_flag = fx_settings->fx_flag; + char fx_flag; fx->effects = 0; @@ -276,6 +276,8 @@ bool GPU_fx_compositor_initialize_passes( return false; } + fx_flag = fx_settings->fx_flag; + /* disable effects if no options passed for them */ if (!fx_settings->dof) { fx_flag &= ~GPU_FX_FLAG_DOF; diff --git a/source/blender/render/intern/source/bake_api.c b/source/blender/render/intern/source/bake_api.c index ab680cbd15a..ecfb86c8d17 100644 --- a/source/blender/render/intern/source/bake_api.c +++ b/source/blender/render/intern/source/bake_api.c @@ -928,7 +928,6 @@ bool RE_bake_internal( case SCE_PASS_UV: { return bake_uv(pixel_array, num_pixels, depth, result); - break; } default: break; -- cgit v1.2.3