[Bf-blender-cvs] [793b73e] master: Fix T37712: Point cache index lookup crashed with 0 points stored.
Lukas Tönne
noreply at git.blender.org
Mon Dec 9 11:10:11 CET 2013
Commit: 793b73edc269e7e801c2e72f4ae6d11951608f74
Author: Lukas Tönne
Date: Mon Dec 9 11:02:41 2013 +0100
http://developer.blender.org/rB793b73edc269e7e801c2e72f4ae6d11951608f74
Fix T37712: Point cache index lookup crashed with 0 points stored.
The BKE_ptcache_mem_index_find is using unsigned ints for binary search
"high" values - but this leads to integer overflow if the totpoint
number is 0 and causes invalid array access.
===================================================================
M source/blender/blenkernel/intern/pointcache.c
===================================================================
diff --git a/source/blender/blenkernel/intern/pointcache.c b/source/blender/blenkernel/intern/pointcache.c
index 9891a8c..d2ef59b 100644
--- a/source/blender/blenkernel/intern/pointcache.c
+++ b/source/blender/blenkernel/intern/pointcache.c
@@ -1769,7 +1769,7 @@ static void ptcache_file_pointers_init(PTCacheFile *pf)
/* Check to see if point number "index" is in pm, uses binary search for index data. */
int BKE_ptcache_mem_index_find(PTCacheMem *pm, unsigned int index)
{
- if (pm->data[BPHYS_DATA_INDEX]) {
+ if (pm->totpoint > 0 && pm->data[BPHYS_DATA_INDEX]) {
unsigned int *data = pm->data[BPHYS_DATA_INDEX];
unsigned int mid, low = 0, high = pm->totpoint - 1;
More information about the Bf-blender-cvs
mailing list