[Bf-blender-cvs] [f6fb072] blender-v2.78-release: Fix OpenSubdiv related buffer overrun with multiple FVar channels.
Alexander Gavrilov
noreply at git.blender.org
Wed Sep 14 10:38:46 CEST 2016
Commit: f6fb072ab241fb490c98ef56c1215f593677db06
Author: Alexander Gavrilov
Date: Sat Sep 10 21:15:52 2016 +0300
Branches: blender-v2.78-release
https://developer.blender.org/rBf6fb072ab241fb490c98ef56c1215f593677db06
Fix OpenSubdiv related buffer overrun with multiple FVar channels.
The existing code uses the input value count of the first channel
for all of them. If the first channel is the largest, it leads to
a crash-causing buffer overrun in memcpy below. Likely this was
left since the time when only one channel was supported.
As a crash fix, probably should go into 2.78
===================================================================
M intern/opensubdiv/opensubdiv_capi.cc
===================================================================
diff --git a/intern/opensubdiv/opensubdiv_capi.cc b/intern/opensubdiv/opensubdiv_capi.cc
index ab90495..52ce98f 100644
--- a/intern/opensubdiv/opensubdiv_capi.cc
+++ b/intern/opensubdiv/opensubdiv_capi.cc
@@ -165,7 +165,7 @@ static void interpolate_fvar_data(OpenSubdiv::Far::TopologyRefiner& refiner,
const int max_level = refiner.GetMaxLevel();
size_t fvar_data_offset = 0, values_offset = 0;
for (int channel = 0; channel < refiner.GetNumFVarChannels(); ++channel) {
- const int num_values = refiner.GetLevel(0).GetNumFVarValues(0) * 2,
+ const int num_values = refiner.GetLevel(0).GetNumFVarValues(channel) * 2,
num_values_max = refiner.GetLevel(max_level).GetNumFVarValues(channel),
num_values_total = refiner.GetNumFVarValuesTotal(channel);
if (num_values_total <= 0) {
More information about the Bf-blender-cvs
mailing list