[Bf-blender-cvs] [c0a4089] master: Fix T38356: Crash when UIList.filter_items returns too few items.

Bastien Montagne noreply at git.blender.org
Fri Jan 24 22:14:46 CET 2014


Commit: c0a40892652e89601060a9590ea0a6f0606d28bb
Author: Bastien Montagne
Date:   Fri Jan 24 22:12:38 2014 +0100
https://developer.blender.org/rBc0a40892652e89601060a9590ea0a6f0606d28bb

Fix T38356: Crash when UIList.filter_items returns too few items.

===================================================================

M	source/blender/editors/interface/interface_templates.c
M	source/blender/makesrna/intern/rna_ui.c

===================================================================

diff --git a/source/blender/editors/interface/interface_templates.c b/source/blender/editors/interface/interface_templates.c
index fe3fb72..14ec4d5 100644
--- a/source/blender/editors/interface/interface_templates.c
+++ b/source/blender/editors/interface/interface_templates.c
@@ -2806,14 +2806,8 @@ void uiTemplateList(uiLayout *layout, bContext *C, const char *listtype_name, co
 	ui_list->layout_type = layout_type;
 
 	/* Reset filtering data. */
-	if (dyn_data->items_filter_flags) {
-		MEM_freeN(dyn_data->items_filter_flags);
-		dyn_data->items_filter_flags = NULL;
-	}
-	if (dyn_data->items_filter_neworder) {
-		MEM_freeN(dyn_data->items_filter_neworder);
-		dyn_data->items_filter_neworder = NULL;
-	}
+	MEM_SAFE_FREE(dyn_data->items_filter_flags);
+	MEM_SAFE_FREE(dyn_data->items_filter_neworder);
 	dyn_data->items_len = dyn_data->items_shown = -1;
 
 	/* When active item changed since last draw, scroll to it. */
diff --git a/source/blender/makesrna/intern/rna_ui.c b/source/blender/makesrna/intern/rna_ui.c
index 432c050..c36becf 100644
--- a/source/blender/makesrna/intern/rna_ui.c
+++ b/source/blender/makesrna/intern/rna_ui.c
@@ -358,30 +358,34 @@ static void uilist_filter_items(uiList *ui_list, bContext *C, PointerRNA *datapt
 	parm = RNA_function_find_parameter(NULL, func, "filter_flags");
 	ret_len = RNA_parameter_dynamic_length_get(&list, parm);
 	if (ret_len != len && ret_len != 0) {
-		printf("%s: Error, py func returned %d items in %s, %d or none were expected.\n", AT,
+		printf("%s: Error, py func returned %d items in %s, %d or none were expected.\n", __func__,
 		       RNA_parameter_dynamic_length_get(&list, parm), "filter_flags", len);
-		RNA_parameter_list_free(&list);
-		return;
+		/* Note: we cannot return here, we would let flt_data in inconsistent state... see T38356. */
+		filter_flags = NULL;
+	}
+	else {
+		RNA_parameter_get(&list, parm, &ret1);
+		filter_flags = (int *)ret1;
 	}
-	RNA_parameter_get(&list, parm, &ret1);
-	filter_flags = (int *)ret1;
 
 	parm = RNA_function_find_parameter(NULL, func, "filter_neworder");
 	ret_len = RNA_parameter_dynamic_length_get(&list, parm);
 	if (ret_len != len && ret_len != 0) {
-		printf("%s: Error, py func returned %d items in %s, %d or none were expected.\n", AT,
+		printf("%s: Error, py func returned %d items in %s, %d or none were expected.\n", __func__,
 		       RNA_parameter_dynamic_length_get(&list, parm), "filter_neworder", len);
-		RNA_parameter_list_free(&list);
-		return;
+		/* Note: we cannot return here, we would let flt_data in inconsistent state... see T38356. */
+		filter_neworder = NULL;
+	}
+	else {
+		RNA_parameter_get(&list, parm, &ret2);
+		filter_neworder = (int *)ret2;
 	}
-	RNA_parameter_get(&list, parm, &ret2);
-	filter_neworder = (int *)ret2;
 
 	/* We have to do some final checks and transforms... */
 	{
 		int i, filter_exclude = ui_list->filter_flag & UILST_FLT_EXCLUDE;
 		if (filter_flags) {
-			flt_data->items_filter_flags = MEM_mallocN(sizeof(int) * len, AT);
+			flt_data->items_filter_flags = MEM_mallocN(sizeof(int) * len, __func__);
 			memcpy(flt_data->items_filter_flags, filter_flags, sizeof(int) * len);
 
 			if (filter_neworder) {
@@ -397,7 +401,7 @@ static void uilist_filter_items(uiList *ui_list, bContext *C, PointerRNA *datapt
 					}
 				}
 				items_shown = flt_data->items_shown = shown_idx;
-				flt_data->items_filter_neworder = MEM_mallocN(sizeof(int) * items_shown, AT);
+				flt_data->items_filter_neworder = MEM_mallocN(sizeof(int) * items_shown, __func__);
 				/* And now, bring back new indices into the [0, items_shown[ range!
 				 * XXX This is O(N²)... :/
 				 */
@@ -429,7 +433,7 @@ static void uilist_filter_items(uiList *ui_list, bContext *C, PointerRNA *datapt
 			flt_data->items_shown = len;
 
 			if (filter_neworder) {
-				flt_data->items_filter_neworder = MEM_mallocN(sizeof(int) * len, AT);
+				flt_data->items_filter_neworder = MEM_mallocN(sizeof(int) * len, __func__);
 				memcpy(flt_data->items_filter_neworder, filter_neworder, sizeof(int) * len);
 			}
 		}




More information about the Bf-blender-cvs mailing list