[Bf-blender-cvs] [aa4ae79] blender-v2.75-release: BGE: fix use after free
Campbell Barton
noreply at git.blender.org
Thu Jun 18 17:37:17 CEST 2015
Commit: aa4ae796c8a7a19052614cf161e62fff49c856fe
Author: Campbell Barton
Date: Mon Jun 15 20:56:44 2015 +1000
Branches: blender-v2.75-release
https://developer.blender.org/rBaa4ae796c8a7a19052614cf161e62fff49c856fe
BGE: fix use after free
===================================================================
M source/gameengine/Ketsji/KX_Scene.cpp
===================================================================
diff --git a/source/gameengine/Ketsji/KX_Scene.cpp b/source/gameengine/Ketsji/KX_Scene.cpp
index 25755f7..49eda1d 100644
--- a/source/gameengine/Ketsji/KX_Scene.cpp
+++ b/source/gameengine/Ketsji/KX_Scene.cpp
@@ -1077,6 +1077,16 @@ int KX_Scene::NewRemoveObject(class CValue* gameobj)
group->RemoveInstanceObject(newobj);
newobj->RemoveMeshes();
+
+ switch (newobj->GetGameObjectType()) {
+ case SCA_IObject::OBJ_CAMERA:
+ m_cameras.remove((KX_Camera *)newobj);
+ break;
+ case SCA_IObject::OBJ_TEXT:
+ m_fonts.remove((KX_FontObject *)newobj);
+ break;
+ }
+
ret = 1;
if (newobj->GetGameObjectType()==SCA_IObject::OBJ_LIGHT && m_lightlist->RemoveValue(newobj))
ret = newobj->Release();
@@ -1092,7 +1102,10 @@ int KX_Scene::NewRemoveObject(class CValue* gameobj)
ret = newobj->Release();
if (m_animatedlist->RemoveValue(newobj))
ret = newobj->Release();
-
+
+ /* Warning 'newobj' maye be freed now, only compare, don't access */
+
+
if (newobj == m_active_camera)
{
//no AddRef done on m_active_camera so no Release
@@ -1100,12 +1113,6 @@ int KX_Scene::NewRemoveObject(class CValue* gameobj)
m_active_camera = NULL;
}
- // in case this is a camera
- m_cameras.remove((KX_Camera*)newobj);
-
- // in case this is a font
- m_fonts.remove((KX_FontObject*)newobj);
-
/* currently does nothing, keep in case we need to Unregister something */
#if 0
if (m_sceneConverter)
More information about the Bf-blender-cvs
mailing list