[Bf-blender-cvs] [8c34de9] alembic: Fix for potential memory corruption in selection drawing code.

Lukas Tönne noreply at git.blender.org
Thu Apr 9 17:36:19 CEST 2015


Commit: 8c34de9918a3a4ef4b0a5a1e50f68ce7666e5097
Author: Lukas Tönne
Date:   Thu Apr 9 17:34:41 2015 +0200
Branches: alembic
https://developer.blender.org/rB8c34de9918a3a4ef4b0a5a1e50f68ce7666e5097

Fix for potential memory corruption in selection drawing code.

This code works much like the main object drawing code and has to take
the same precautions regarding replacing the derivedFinal pointer in
Objects. This pointer may be replaced during drawing calls, regardless
of the "ownership" indicated by needsFree.

===================================================================

M	source/blender/editors/space_view3d/view3d_view.c

===================================================================

diff --git a/source/blender/editors/space_view3d/view3d_view.c b/source/blender/editors/space_view3d/view3d_view.c
index 6442090..7bdf458 100644
--- a/source/blender/editors/space_view3d/view3d_view.c
+++ b/source/blender/editors/space_view3d/view3d_view.c
@@ -44,6 +44,7 @@
 #include "BKE_camera.h"
 #include "BKE_context.h"
 #include "BKE_depsgraph.h"
+#include "BKE_DerivedMesh.h"
 #include "BKE_object.h"
 #include "BKE_global.h"
 #include "BKE_main.h"
@@ -1031,7 +1032,8 @@ static void view3d_select_loop(ViewContext *vc, Scene *scene, View3D *v3d, ARegi
 
 							for (dob = lb->first; dob; dob = dob->next) {
 								/* for restoring after override */
-								struct DerivedMesh *store_final_dm;
+								DupliObjectData *dob_data = NULL;
+								DerivedMesh *store_final_dm;
 								float store_obmat[4][4];
 
 								tbase.object = dob->ob;
@@ -1047,8 +1049,8 @@ static void view3d_select_loop(ViewContext *vc, Scene *scene, View3D *v3d, ARegi
 								/* override final DM */
 								tbase.object->transflag &= ~OB_IS_DUPLI_CACHE;
 								if (base->object->dup_cache) {
-									DupliObjectData *dob_data = BKE_dupli_cache_find_data(base->object->dup_cache, tbase.object);
-									if (dob_data->dm) {
+									dob_data = BKE_dupli_cache_find_data(base->object->dup_cache, tbase.object);
+									if (dob_data && dob_data->dm) {
 										tbase.object->transflag |= OB_IS_DUPLI_CACHE;
 										
 										tbase.object->derivedFinal = dob_data->dm;
@@ -1057,13 +1059,27 @@ static void view3d_select_loop(ViewContext *vc, Scene *scene, View3D *v3d, ARegi
 
 								draw_object(scene, ar, v3d, &tbase, DRAW_PICKING | DRAW_CONSTCOLOR);
 
+								/* restore final DM */
+								if (tbase.object->transflag & OB_IS_DUPLI_CACHE) {
+									DerivedMesh *cur = tbase.object->derivedFinal;
+									
+									/* in some cases drawing code can recreate the derivedFinal,
+									 * make sure we free those first before restoring
+									 */
+									if (cur && cur != dob_data->dm) {
+										cur->needsFree = 1;
+										cur->release(cur);
+									}
+									
+									tbase.object->transflag &= ~OB_IS_DUPLI_CACHE;
+									tbase.object->derivedFinal = store_final_dm;
+								}
+
 								tbase.object->dt = dt;
 								tbase.object->dtx = dtx;
 
 								/* restore obmat and final DM */
-								tbase.object->transflag &= ~OB_IS_DUPLI_CACHE;
 								copy_m4_m4(dob->ob->obmat, store_obmat);
-								tbase.object->derivedFinal = store_final_dm;
 							}
 							free_object_duplilist(lb);
 						}




More information about the Bf-blender-cvs mailing list