[Bf-blender-cvs] SVN commit: /data/svn/bf-blender [27595] branches/render25: - fcurves with out of range indicies would crash blender ( animsys was alredy checking length, just not comparing with the index)

Campbell Barton ideasman42 at gmail.com
Thu Mar 18 12:12:13 CET 2010 

Revision: 27595
          http://projects.blender.org/plugins/scmsvn/viewcvs.php?view=rev&root=bf-blender&revision=27595
Author:   campbellbarton
Date:     2010-03-18 12:12:12 +0100 (Thu, 18 Mar 2010)

Log Message:
-----------
- fcurves with out of range indicies would crash blender (animsys was alredy checking length, just not comparing with the index)
- pythons keyframe_insert/delete(): raise an error when given a keyframe with an invalid index.

Modified Paths:
--------------
    branches/render25/release/scripts/ui/properties_particle.py
    branches/render25/source/blender/blenkernel/intern/anim_sys.c
    branches/render25/source/blender/blenkernel/intern/collision.c
    branches/render25/source/blender/blenkernel/intern/pointcache.c
    branches/render25/source/blender/imbuf/intern/util.c
    branches/render25/source/blender/makesrna/intern/rna_object_force.c
    branches/render25/source/blender/python/intern/bpy_rna.c

Modified: branches/render25/release/scripts/ui/properties_particle.py
===================================================================
--- branches/render25/release/scripts/ui/properties_particle.py	2010-03-18 10:42:13 UTC (rev 27594)
+++ branches/render25/release/scripts/ui/properties_particle.py	2010-03-18 11:12:12 UTC (rev 27595)
@@ -27,7 +27,7 @@
 
 
 def particle_panel_enabled(context, psys):
-    return (psys.point_cache.baked is False) and (not psys.edited) and (not context.particle_system_editable)
+    return True # return (psys.point_cache.baked is False) and (not psys.edited) and (not context.particle_system_editable)
 
 
 def particle_panel_poll(context):

Modified: branches/render25/source/blender/blenkernel/intern/anim_sys.c
===================================================================
--- branches/render25/source/blender/blenkernel/intern/anim_sys.c	2010-03-18 10:42:13 UTC (rev 27594)
+++ branches/render25/source/blender/blenkernel/intern/anim_sys.c	2010-03-18 11:12:12 UTC (rev 27595)
@@ -771,6 +771,8 @@
 /* Write the given value to a setting using RNA, and return success */
 static short animsys_write_rna_setting (PointerRNA *ptr, char *path, int array_index, float value)
 {
+    // printf("%p %s %i %f\n", ptr, path, array_index, value);
+
 	PropertyRNA *prop;
 	PointerRNA new_ptr;
 	
@@ -780,22 +782,35 @@
 		/* set value - only for animatable numerical values */
 		if (RNA_property_animateable(&new_ptr, prop)) 
 		{
+			int array_len= RNA_property_array_length(&new_ptr, prop);
+
+			if(array_len && array_index >= array_len)
+			{
+				if (G.f & G_DEBUG) {
+					printf("Animato: Invalid array index. ID = '%s',  '%s[%d]', array length is %d \n",
+						(ptr && ptr->id.data) ? (((ID *)ptr->id.data)->name+2) : "<No ID>",
+						path, array_index, array_len-1);
+				}
+
+				return 0;
+			}
+
 			switch (RNA_property_type(prop)) 
 			{
 				case PROP_BOOLEAN:
-					if (RNA_property_array_length(&new_ptr, prop))
+					if (array_len)
 						RNA_property_boolean_set_index(&new_ptr, prop, array_index, (int)value);
 					else
 						RNA_property_boolean_set(&new_ptr, prop, (int)value);
 					break;
 				case PROP_INT:
-					if (RNA_property_array_length(&new_ptr, prop))
+					if (array_len)
 						RNA_property_int_set_index(&new_ptr, prop, array_index, (int)value);
 					else
 						RNA_property_int_set(&new_ptr, prop, (int)value);
 					break;
 				case PROP_FLOAT:
-					if (RNA_property_array_length(&new_ptr, prop))
+					if (array_len)
 						RNA_property_float_set_index(&new_ptr, prop, array_index, value);
 					else
 						RNA_property_float_set(&new_ptr, prop, value);
@@ -817,7 +832,7 @@
 		// XXX don't tag as failed yet though, as there are some legit situations (Action Constraint) 
 		// where some channels will not exist, but shouldn't lock up Action
 		if (G.f & G_DEBUG) {
-			printf("Animato: Invalid path. ID = '%s',  '%s [%d]' \n", 
+			printf("Animato: Invalid path. ID = '%s',  '%s[%d]' \n",
 				(ptr && ptr->id.data) ? (((ID *)ptr->id.data)->name+2) : "<No ID>", 
 				path, array_index);
 		}

Modified: branches/render25/source/blender/blenkernel/intern/collision.c
===================================================================
--- branches/render25/source/blender/blenkernel/intern/collision.c	2010-03-18 10:42:13 UTC (rev 27594)
+++ branches/render25/source/blender/blenkernel/intern/collision.c	2010-03-18 11:12:12 UTC (rev 27595)
@@ -1315,7 +1315,7 @@
 	for ( base = scene->base.first; base; base = base->next )
 	{
 		/*Only proceed for mesh object in same layer */
-		if(!(base->object->type==OB_MESH && (base->lay & self->lay))) 
+		if(!(base->lay & self->lay))
 			continue;
 		
 		coll_ob = base->object;
@@ -1323,7 +1323,7 @@
 		if(coll_ob == self)
 				continue;
 		
-		if(coll_ob->pd && coll_ob->pd->deflect)
+		if(coll_ob->type == OB_MESH && coll_ob->pd && coll_ob->pd->deflect)
 		{
 			collmd = ( CollisionModifierData * ) modifiers_findByType ( coll_ob, eModifierType_Collision );
 		}
@@ -1363,7 +1363,7 @@
 					if(coll_ob == self)
 						continue;
 					
-					if(coll_ob->pd && coll_ob->pd->deflect)
+					if(coll_ob->type == OB_MESH && coll_ob->pd && coll_ob->pd->deflect)
 					{
 						collmd = ( CollisionModifierData * ) modifiers_findByType ( coll_ob, eModifierType_Collision );
 					}

Modified: branches/render25/source/blender/blenkernel/intern/pointcache.c
===================================================================
--- branches/render25/source/blender/blenkernel/intern/pointcache.c	2010-03-18 10:42:13 UTC (rev 27594)
+++ branches/render25/source/blender/blenkernel/intern/pointcache.c	2010-03-18 11:12:12 UTC (rev 27595)
@@ -1134,8 +1134,8 @@
 	char filename[(FILE_MAXDIR+FILE_MAXFILE)*2];
 
 	/* don't allow writing for linked objects */
-	if(pid->ob->id.lib && mode == PTCACHE_FILE_WRITE)
-		return NULL;
+//	if(pid->ob->id.lib && mode == PTCACHE_FILE_WRITE)
+//		return NULL;
 
 	if (!G.relbase_valid && (pid->cache->flag & PTCACHE_EXTERNAL)==0) return NULL; /* save blend file before using disk pointcache */
 	
@@ -1875,8 +1875,8 @@
 		return;
 
 	/* don't allow clearing for linked objects */
-	if(pid->ob->id.lib)
-		return;
+//	if(pid->ob->id.lib)
+//		return;
 
 	/*if (!G.relbase_valid) return; *//* save blend file before using pointcache */
 	

Modified: branches/render25/source/blender/imbuf/intern/util.c
===================================================================
--- branches/render25/source/blender/imbuf/intern/util.c	2010-03-18 10:42:13 UTC (rev 27594)
+++ branches/render25/source/blender/imbuf/intern/util.c	2010-03-18 11:12:12 UTC (rev 27595)
@@ -383,6 +383,11 @@
 
 	if(UTIL_DEBUG) printf("in getanimtype: %s\n", name);
 
+	if (ib_stat(name,&st) == -1) return(0);
+	if (((st.st_mode) & S_IFMT) != S_IFREG) return(0);
+
+	if (isavi(name)) return (ANIM_AVI);
+
 #ifndef _WIN32
 #	ifdef WITH_QUICKTIME
 	if (isqtime(name)) return (ANIM_QTIME);
@@ -391,13 +396,9 @@
 	/* stat test below fails on large files > 4GB */
 	if (isffmpeg(name)) return (ANIM_FFMPEG);
 #	endif
-	if (ib_stat(name,&st) == -1) return(0);
-	if (((st.st_mode) & S_IFMT) != S_IFREG) return(0);
-
-	if (isavi(name)) return (ANIM_AVI);
-
 	if (ismovie(name)) return (ANIM_MOVIE);
 #else
+
 	if (ib_stat(name,&st) == -1) return(0);
 	if (((st.st_mode) & S_IFMT) != S_IFREG) return(0);
 

Modified: branches/render25/source/blender/makesrna/intern/rna_object_force.c
===================================================================
--- branches/render25/source/blender/makesrna/intern/rna_object_force.c	2010-03-18 10:42:13 UTC (rev 27594)
+++ branches/render25/source/blender/makesrna/intern/rna_object_force.c	2010-03-18 11:12:12 UTC (rev 27595)
@@ -680,12 +680,12 @@
 	
 	prop= RNA_def_property(srna, "start_frame", PROP_INT, PROP_TIME);
 	RNA_def_property_int_sdna(prop, NULL, "startframe");
-	RNA_def_property_range(prop, 1, 300000);
+	RNA_def_property_range(prop, -MAXFRAME, MAXFRAME);
 	RNA_def_property_ui_text(prop, "Start", "Frame on which the simulation starts");
 	
 	prop= RNA_def_property(srna, "end_frame", PROP_INT, PROP_TIME);
 	RNA_def_property_int_sdna(prop, NULL, "endframe");
-	RNA_def_property_range(prop, 1, 300000);
+	RNA_def_property_range(prop, -MAXFRAME, MAXFRAME);
 	RNA_def_property_ui_text(prop, "End", "Frame on which the simulation stops");
 
 	prop= RNA_def_property(srna, "step", PROP_INT, PROP_NONE);

Modified: branches/render25/source/blender/python/intern/bpy_rna.c
===================================================================
--- branches/render25/source/blender/python/intern/bpy_rna.c	2010-03-18 10:42:13 UTC (rev 27594)
+++ branches/render25/source/blender/python/intern/bpy_rna.c	2010-03-18 11:12:12 UTC (rev 27595)
@@ -1663,6 +1663,7 @@
 {
 	char *path;
 	PropertyRNA *prop;
+	int array_len;
 
 	if (!PyArg_ParseTuple(args, "s|if", &path, index, cfra)) {
 		PyErr_Format(PyExc_TypeError, "%.200s expected a string and optionally an int and float arguments", error_prefix);
@@ -1693,6 +1694,12 @@
 		return -1;
 	}
 
+	array_len= RNA_property_array_length(ptr, prop);
+	if((*index) != -1 && (*index) >= array_len) {
+		PyErr_Format( PyExc_TypeError, "%.200s index out of range \"%s\", given %d, array length is %d", error_prefix, path, *index, array_len);
+		return -1;
+	}
+
 	if(*cfra==FLT_MAX)
 		*cfra= CTX_data_scene(BPy_GetContext())->r.cfra;

More information about the Bf-blender-cvs mailing list