[Bf-blender-cvs] [935e241] master: Fix (unreported) crash when opening a file from splash screen when 'load UI' option is disabled.

Bastien Montagne noreply at git.blender.org
Tue Feb 23 16:38:57 CET 2016 

Commit: 935e241fa6ea095493ade5d5403c9ac55c18d5ef
Author: Bastien Montagne
Date:   Tue Feb 23 16:19:59 2016 +0100
Branches: master
https://developer.blender.org/rB935e241fa6ea095493ade5d5403c9ac55c18d5ef

Fix (unreported) crash when opening a file from splash screen when 'load UI' option is disabled.

Took me some time to figure out what was going on here... Was again that delayed button
callback stuff (`ui_apply_but_funcs_after()`), first calling button op, and then
its callback func.

Issue was that 'open file' op (through call to `WM_file_read()`) would clear
the splash screen (as more or less the entire 'dynamic' UI), but callback func of that splash
(`wm_block_splash_refreshmenu()`) would still try to access that freed menu's region.

So, root of the issue seems to be that setting context's wm/win/etc. would not clear
context's menu pointer (while clearing all other 'sub' pointers). I could not find
nor imagine any case where this behavior could be desired, so simply added nullification
of that pointer when setting context's wm/win/etc.

Note that crash was due to read-after-free, infuriating debug builds with asan,
but seems like release builds never actually crashed on it.

===================================================================

M	source/blender/blenkernel/intern/context.c

===================================================================

diff --git a/source/blender/blenkernel/intern/context.c b/source/blender/blenkernel/intern/context.c
index 5b76985..7567033 100644
--- a/source/blender/blenkernel/intern/context.c
+++ b/source/blender/blenkernel/intern/context.c
@@ -820,6 +820,7 @@ void CTX_wm_manager_set(bContext *C, wmWindowManager *wm)
 	C->wm.screen = NULL;
 	C->wm.area = NULL;
 	C->wm.region = NULL;
+	C->wm.menu = NULL;
 }
 
 void CTX_wm_window_set(bContext *C, wmWindow *win)
@@ -830,6 +831,7 @@ void CTX_wm_window_set(bContext *C, wmWindow *win)
 		C->data.scene = C->wm.screen->scene;
 	C->wm.area = NULL;
 	C->wm.region = NULL;
+	C->wm.menu = NULL;
 }
 
 void CTX_wm_screen_set(bContext *C, bScreen *screen)
@@ -839,17 +841,20 @@ void CTX_wm_screen_set(bContext *C, bScreen *screen)
 		C->data.scene = C->wm.screen->scene;
 	C->wm.area = NULL;
 	C->wm.region = NULL;
+	C->wm.menu = NULL;
 }
 
 void CTX_wm_area_set(bContext *C, ScrArea *area)
 {
 	C->wm.area = area;
 	C->wm.region = NULL;
+	C->wm.menu = NULL;
 }
 
 void CTX_wm_region_set(bContext *C, ARegion *region)
 {
 	C->wm.region = region;
+	C->wm.menu = NULL;
 }
 
 void CTX_wm_menu_set(bContext *C, ARegion *menu)

More information about the Bf-blender-cvs mailing list