[Bf-blender-cvs] [496d18614f1] blender2.8: Depsgraph: Fix heap use after free when freeing scene with compositor
Sergey Sharybin
noreply at git.blender.org
Wed Jul 19 17:34:12 CEST 2017
Commit: 496d18614f1487c62f55dde13b211e7d12fc45ab
Author: Sergey Sharybin
Date: Wed Jul 19 15:06:25 2017 +0200
Branches: blender2.8
https://developer.blender.org/rB496d18614f1487c62f55dde13b211e7d12fc45ab
Depsgraph: Fix heap use after free when freeing scene with compositor
This is the fake ID nature of compositor again. Need to discard such
pointers before freeing datablock even for scenes (before it was done
for objects only).
===================================================================
M source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc
===================================================================
diff --git a/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc b/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc
index 28d5db4063b..f7e08915531 100644
--- a/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc
+++ b/source/blender/depsgraph/intern/eval/deg_eval_copy_on_write.cc
@@ -670,6 +670,9 @@ void deg_free_copy_on_write_datablock(ID *id_cow)
return;
}
const short type = GS(id_cow->name);
+#ifdef NESTED_ID_NASTY_WORKAROUND
+ nested_id_hack_discard_pointers(id_cow);
+#endif
switch (type) {
case ID_OB:
{
@@ -696,15 +699,13 @@ void deg_free_copy_on_write_datablock(ID *id_cow)
/* Special case for scene: we use explicit function call which
* ensures no access to other datablocks is done.
*/
- BKE_scene_free_ex((Scene *)id_cow, false);
+ Scene *scene = (Scene *)id_cow;
+ BKE_scene_free_ex(scene, false);
BKE_libblock_free_data(id_cow, false);
id_cow->name[0] = '\0';
return;
}
}
-#ifdef NESTED_ID_NASTY_WORKAROUND
- nested_id_hack_discard_pointers(id_cow);
-#endif
BKE_libblock_free_datablock(id_cow);
BKE_libblock_free_data(id_cow, false);
/* Signal datablock as not being expanded. */
More information about the Bf-blender-cvs
mailing list