[Bf-blender-cvs] [3906782] master: Fix possible buffer overflow in selection code. We want to copy the number of selected data since the offset, not the offset!
Antony Riakiotakis
noreply at git.blender.org
Tue Sep 23 19:05:52 CEST 2014
Commit: 39067824060f83d1da66df7bf8d779e9ebe7c76e
Author: Antony Riakiotakis
Date: Tue Sep 23 19:05:31 2014 +0200
Branches: master
https://developer.blender.org/rB39067824060f83d1da66df7bf8d779e9ebe7c76e
Fix possible buffer overflow in selection code. We want to copy the
number of selected data since the offset, not the offset!
===================================================================
M source/blender/editors/space_view3d/view3d_select.c
===================================================================
diff --git a/source/blender/editors/space_view3d/view3d_select.c b/source/blender/editors/space_view3d/view3d_select.c
index 46ea520..c26ce27 100644
--- a/source/blender/editors/space_view3d/view3d_select.c
+++ b/source/blender/editors/space_view3d/view3d_select.c
@@ -1181,14 +1181,14 @@ static short selectbuffer_ret_hits_15(unsigned int *UNUSED(buffer), const short
static short selectbuffer_ret_hits_9(unsigned int *buffer, const short hits15, const short hits9)
{
const int offs = 4 * hits15;
- memcpy(buffer, buffer + offs, 4 * offs);
+ memcpy(buffer, buffer + offs, 4 * hits9);
return hits9;
}
static short selectbuffer_ret_hits_5(unsigned int *buffer, const short hits15, const short hits9, const short hits5)
{
const int offs = 4 * hits15 + 4 * hits9;
- memcpy(buffer, buffer + offs, 4 * offs);
+ memcpy(buffer, buffer + offs, 4 * hits5);
return hits5;
}
More information about the Bf-blender-cvs
mailing list