[Bf-blender-cvs] [a151b46627f] master: Fix T53347: Vertex paint crash on undo/exit

Campbell Barton noreply at git.blender.org
Sun Nov 19 06:38:28 CET 2017 

Commit: a151b46627f32aeb39553994b84133a77ac2b036
Author: Campbell Barton
Date:   Sun Nov 19 16:45:27 2017 +1100
Branches: master
https://developer.blender.org/rBa151b46627f32aeb39553994b84133a77ac2b036

Fix T53347: Vertex paint crash on undo/exit

===================================================================

M	source/blender/blenkernel/BKE_subsurf.h
M	source/blender/blenkernel/intern/subsurf_ccg.c

===================================================================

diff --git a/source/blender/blenkernel/BKE_subsurf.h b/source/blender/blenkernel/BKE_subsurf.h
index f52bb2ab9cb..92170325113 100644
--- a/source/blender/blenkernel/BKE_subsurf.h
+++ b/source/blender/blenkernel/BKE_subsurf.h
@@ -125,6 +125,8 @@ typedef struct CCGDerivedMesh {
 	struct CCGFace **gridFaces;
 	struct DMFlagMat *gridFlagMats;
 	unsigned int **gridHidden;
+	/* Elements in arrays above. */
+	unsigned int numGrid;
 
 	struct {
 		struct MultiresModifierData *mmd;
diff --git a/source/blender/blenkernel/intern/subsurf_ccg.c b/source/blender/blenkernel/intern/subsurf_ccg.c
index 0cdc97c829f..f8025f8df84 100644
--- a/source/blender/blenkernel/intern/subsurf_ccg.c
+++ b/source/blender/blenkernel/intern/subsurf_ccg.c
@@ -4031,10 +4031,12 @@ static void ccgDM_release(DerivedMesh *dm)
 		if (ccgdm->gridOffset) MEM_freeN(ccgdm->gridOffset);
 		if (ccgdm->gridFlagMats) MEM_freeN(ccgdm->gridFlagMats);
 		if (ccgdm->gridHidden) {
-			int i, numGrids = dm->getNumGrids(dm);
-			for (i = 0; i < numGrids; i++) {
-				if (ccgdm->gridHidden[i])
+			/* Using dm->getNumGrids(dm) accesses freed memory */
+			uint numGrids = ccgdm->numGrid;
+			for (uint i = 0; i < numGrids; i++) {
+				if (ccgdm->gridHidden[i]) {
 					MEM_freeN(ccgdm->gridHidden[i]);
+				}
 			}
 			MEM_freeN(ccgdm->gridHidden);
 		}
@@ -4338,6 +4340,7 @@ static void ccgdm_create_grids(DerivedMesh *dm)
 	ccgdm->gridFaces = gridFaces;
 	ccgdm->gridOffset = gridOffset;
 	ccgdm->gridFlagMats = gridFlagMats;
+	ccgdm->numGrid = numGrids;
 }
 
 static CCGElem **ccgDM_getGridData(DerivedMesh *dm)

More information about the Bf-blender-cvs mailing list