[Bf-blender-cvs] [d8681c9] master: Fix OpenSubdiv related buffer overrun with multiple FVar channels.
Alexander Gavrilov
noreply at git.blender.org
Sat Sep 10 20:16:32 CEST 2016
Commit: d8681c99c4290d38f38e67a2e1b9f7119221a569
Author: Alexander Gavrilov
Date: Sat Sep 10 21:15:52 2016 +0300
Branches: master
https://developer.blender.org/rBd8681c99c4290d38f38e67a2e1b9f7119221a569
Fix OpenSubdiv related buffer overrun with multiple FVar channels.
The existing code uses the input value count of the first channel
for all of them. If the first channel is the largest, it leads to
a crash-causing buffer overrun in memcpy below. Likely this was
left since the time when only one channel was supported.
As a crash fix, probably should go into 2.78
===================================================================
M intern/opensubdiv/opensubdiv_capi.cc
===================================================================
diff --git a/intern/opensubdiv/opensubdiv_capi.cc b/intern/opensubdiv/opensubdiv_capi.cc
index ab90495..52ce98f 100644
--- a/intern/opensubdiv/opensubdiv_capi.cc
+++ b/intern/opensubdiv/opensubdiv_capi.cc
@@ -165,7 +165,7 @@ static void interpolate_fvar_data(OpenSubdiv::Far::TopologyRefiner& refiner,
const int max_level = refiner.GetMaxLevel();
size_t fvar_data_offset = 0, values_offset = 0;
for (int channel = 0; channel < refiner.GetNumFVarChannels(); ++channel) {
- const int num_values = refiner.GetLevel(0).GetNumFVarValues(0) * 2,
+ const int num_values = refiner.GetLevel(0).GetNumFVarValues(channel) * 2,
num_values_max = refiner.GetLevel(max_level).GetNumFVarValues(channel),
num_values_total = refiner.GetNumFVarValuesTotal(channel);
if (num_values_total <= 0) {
More information about the Bf-blender-cvs
mailing list