[Bf-blender-cvs] [edfe2d6] master: BGE: fix use after free
Campbell Barton
noreply at git.blender.org
Mon Jun 15 13:16:44 CEST 2015
Commit: edfe2d669146cec3f89d722bfd30502cbdf59795
Author: Campbell Barton
Date: Mon Jun 15 20:56:44 2015 +1000
Branches: master
https://developer.blender.org/rBedfe2d669146cec3f89d722bfd30502cbdf59795
BGE: fix use after free
===================================================================
M source/gameengine/Ketsji/KX_Scene.cpp
===================================================================
diff --git a/source/gameengine/Ketsji/KX_Scene.cpp b/source/gameengine/Ketsji/KX_Scene.cpp
index 2adc20b..d3ee219 100644
--- a/source/gameengine/Ketsji/KX_Scene.cpp
+++ b/source/gameengine/Ketsji/KX_Scene.cpp
@@ -1080,6 +1080,16 @@ int KX_Scene::NewRemoveObject(class CValue* gameobj)
group->RemoveInstanceObject(newobj);
newobj->RemoveMeshes();
+
+ switch (newobj->GetGameObjectType()) {
+ case SCA_IObject::OBJ_CAMERA:
+ m_cameras.remove((KX_Camera *)newobj);
+ break;
+ case SCA_IObject::OBJ_TEXT:
+ m_fonts.remove((KX_FontObject *)newobj);
+ break;
+ }
+
ret = 1;
if (newobj->GetGameObjectType()==SCA_IObject::OBJ_LIGHT && m_lightlist->RemoveValue(newobj))
ret = newobj->Release();
@@ -1095,7 +1105,10 @@ int KX_Scene::NewRemoveObject(class CValue* gameobj)
ret = newobj->Release();
if (m_animatedlist->RemoveValue(newobj))
ret = newobj->Release();
-
+
+ /* Warning 'newobj' maye be freed now, only compare, don't access */
+
+
if (newobj == m_active_camera)
{
//no AddRef done on m_active_camera so no Release
@@ -1103,12 +1116,6 @@ int KX_Scene::NewRemoveObject(class CValue* gameobj)
m_active_camera = NULL;
}
- // in case this is a camera
- m_cameras.remove((KX_Camera*)newobj);
-
- // in case this is a font
- m_fonts.remove((KX_FontObject*)newobj);
-
/* currently does nothing, keep in case we need to Unregister something */
#if 0
if (m_sceneConverter)
More information about the Bf-blender-cvs
mailing list