[Bf-blender-cvs] [ea32a03] master: Fix T48824: Crash when having too many ray-to-volume intersections
Sergey Sharybin
noreply at git.blender.org
Mon Jul 11 18:01:07 CEST 2016
Commit: ea32a0380148b3261679eded2149ebac7e3a15ef
Author: Sergey Sharybin
Date: Mon Jul 11 17:58:42 2016 +0200
Branches: master
https://developer.blender.org/rBea32a0380148b3261679eded2149ebac7e3a15ef
Fix T48824: Crash when having too many ray-to-volume intersections
Code might have writing past the array boundaries.
===================================================================
M intern/cycles/kernel/bvh/bvh_shadow_all.h
M intern/cycles/kernel/bvh/bvh_volume_all.h
M intern/cycles/kernel/bvh/qbvh_shadow_all.h
M intern/cycles/kernel/bvh/qbvh_volume_all.h
===================================================================
diff --git a/intern/cycles/kernel/bvh/bvh_shadow_all.h b/intern/cycles/kernel/bvh/bvh_shadow_all.h
index 1d6fa30..1869457 100644
--- a/intern/cycles/kernel/bvh/bvh_shadow_all.h
+++ b/intern/cycles/kernel/bvh/bvh_shadow_all.h
@@ -254,6 +254,9 @@ ccl_device bool BVH_FUNCTION_FULL_NAME(BVH)(KernelGlobals *kg,
/* shadow ray early termination */
if(hit) {
+ /* Update number of hits now, so we do proper check on max bounces. */
+ (*num_hits)++;
+
/* detect if this surface has a shader with transparent shadows */
/* todo: optimize so primitive visibility flag indicates if
@@ -284,14 +287,11 @@ ccl_device bool BVH_FUNCTION_FULL_NAME(BVH)(KernelGlobals *kg,
return true;
}
- /* move on to next entry in intersections array */
- isect_array++;
- (*num_hits)++;
#if BVH_FEATURE(BVH_INSTANCING)
num_hits_in_instance++;
#endif
-
- isect_array->t = isect_t;
+ /* Move on to next entry in intersections array */
+ isect_array++;
}
prim_addr++;
diff --git a/intern/cycles/kernel/bvh/bvh_volume_all.h b/intern/cycles/kernel/bvh/bvh_volume_all.h
index 7eddc28..b5405e8 100644
--- a/intern/cycles/kernel/bvh/bvh_volume_all.h
+++ b/intern/cycles/kernel/bvh/bvh_volume_all.h
@@ -201,13 +201,11 @@ ccl_device uint BVH_FUNCTION_FULL_NAME(BVH)(KernelGlobals *kg,
object,
prim_addr);
if(hit) {
- /* Move on to next entry in intersections array. */
- isect_array++;
+ /* Update number of hits now, so we do proper check on max bounces. */
num_hits++;
#if BVH_FEATURE(BVH_INSTANCING)
num_hits_in_instance++;
#endif
- isect_array->t = isect_t;
if(num_hits == max_hits) {
#if BVH_FEATURE(BVH_INSTANCING)
# if BVH_FEATURE(BVH_MOTION)
@@ -222,6 +220,9 @@ ccl_device uint BVH_FUNCTION_FULL_NAME(BVH)(KernelGlobals *kg,
#endif /* BVH_FEATURE(BVH_INSTANCING) */
return num_hits;
}
+ /* Move on to next entry in intersections array */
+ isect_array++;
+ isect_array->t = isect_t;
}
}
break;
@@ -246,13 +247,11 @@ ccl_device uint BVH_FUNCTION_FULL_NAME(BVH)(KernelGlobals *kg,
object,
prim_addr);
if(hit) {
- /* Move on to next entry in intersections array. */
- isect_array++;
+ /* Update number of hits now, so we do proper check on max bounces. */
num_hits++;
# if BVH_FEATURE(BVH_INSTANCING)
num_hits_in_instance++;
# endif
- isect_array->t = isect_t;
if(num_hits == max_hits) {
# if BVH_FEATURE(BVH_INSTANCING)
# if BVH_FEATURE(BVH_MOTION)
@@ -267,6 +266,9 @@ ccl_device uint BVH_FUNCTION_FULL_NAME(BVH)(KernelGlobals *kg,
# endif /* BVH_FEATURE(BVH_INSTANCING) */
return num_hits;
}
+ /* Move on to next entry in intersections array */
+ isect_array++;
+ isect_array->t = isect_t;
}
}
break;
diff --git a/intern/cycles/kernel/bvh/qbvh_shadow_all.h b/intern/cycles/kernel/bvh/qbvh_shadow_all.h
index 3a728b3..34753ff 100644
--- a/intern/cycles/kernel/bvh/qbvh_shadow_all.h
+++ b/intern/cycles/kernel/bvh/qbvh_shadow_all.h
@@ -337,6 +337,9 @@ ccl_device bool BVH_FUNCTION_FULL_NAME(QBVH)(KernelGlobals *kg,
/* Shadow ray early termination. */
if(hit) {
+ /* Update number of hits now, so we do proper check on max bounces. */
+ (*num_hits)++;
+
/* detect if this surface has a shader with transparent shadows */
/* todo: optimize so primitive visibility flag indicates if
@@ -367,13 +370,11 @@ ccl_device bool BVH_FUNCTION_FULL_NAME(QBVH)(KernelGlobals *kg,
return true;
}
- /* move on to next entry in intersections array */
- isect_array++;
- (*num_hits)++;
#if BVH_FEATURE(BVH_INSTANCING)
num_hits_in_instance++;
#endif
-
+ /* Move on to next entry in intersections array */
+ isect_array++;
isect_array->t = isect_t;
}
diff --git a/intern/cycles/kernel/bvh/qbvh_volume_all.h b/intern/cycles/kernel/bvh/qbvh_volume_all.h
index 4d3028b..a877e5b 100644
--- a/intern/cycles/kernel/bvh/qbvh_volume_all.h
+++ b/intern/cycles/kernel/bvh/qbvh_volume_all.h
@@ -268,13 +268,11 @@ ccl_device uint BVH_FUNCTION_FULL_NAME(QBVH)(KernelGlobals *kg,
/* Intersect ray against primitive. */
hit = triangle_intersect(kg, &isect_precalc, isect_array, P, visibility, object, prim_addr);
if(hit) {
- /* Move on to next entry in intersections array. */
- isect_array++;
+ /* Update number of hits now, so we do proper check on max bounces. */
num_hits++;
#if BVH_FEATURE(BVH_INSTANCING)
num_hits_in_instance++;
#endif
- isect_array->t = isect_t;
if(num_hits == max_hits) {
#if BVH_FEATURE(BVH_INSTANCING)
# if BVH_FEATURE(BVH_MOTION)
@@ -289,6 +287,9 @@ ccl_device uint BVH_FUNCTION_FULL_NAME(QBVH)(KernelGlobals *kg,
#endif /* BVH_FEATURE(BVH_INSTANCING) */
return num_hits;
}
+ /* Move on to next entry in intersections array */
+ isect_array++;
+ isect_array->t = isect_t;
}
}
break;
@@ -306,13 +307,11 @@ ccl_device uint BVH_FUNCTION_FULL_NAME(QBVH)(KernelGlobals *kg,
/* Intersect ray against primitive. */
hit = motion_triangle_intersect(kg, isect_array, P, dir, ray->time, visibility, object, prim_addr);
if(hit) {
- /* Move on to next entry in intersections array. */
- isect_array++;
+ /* Update number of hits now, so we do proper check on max bounces. */
num_hits++;
# if BVH_FEATURE(BVH_INSTANCING)
num_hits_in_instance++;
# endif
- isect_array->t = isect_t;
if(num_hits == max_hits) {
# if BVH_FEATURE(BVH_INSTANCING)
# if BVH_FEATURE(BVH_MOTION)
@@ -327,6 +326,9 @@ ccl_device uint BVH_FUNCTION_FULL_NAME(QBVH)(KernelGlobals *kg,
# endif /* BVH_FEATURE(BVH_INSTANCING) */
return num_hits;
}
+ /* Move on to next entry in intersections array */
+ isect_array++;
+ isect_array->t = isect_t;
}
}
break;
More information about the Bf-blender-cvs
mailing list