[Bf-blender-cvs] [ac9daf3a27d] master: Fix (unreported) crash when iterating on depsgraph instances from RNA.
Bastien Montagne
noreply at git.blender.org
Wed Feb 6 21:25:48 CET 2019
Commit: ac9daf3a27df8693fc2a6852d52bea5c33ca6c56
Author: Bastien Montagne
Date: Wed Feb 6 20:59:29 2019 +0100
Branches: master
https://developer.blender.org/rBac9daf3a27df8693fc2a6852d52bea5c33ca6c56
Fix (unreported) crash when iterating on depsgraph instances from RNA.
This is a follow-up to rBb44e6f2b3d32, for some reason that issue was
not detected back then: in some cases, DEG_iterator_objects_next() will
free the temp list of dupli objects once it does not need it anymore,
henceforth freeing the dupli_object_current memory of the DEGObjectIterData
that we are storing in the RNA_Depsgraph_Instances_Iterator struct.
And yes, the uglyness of that hack is getting even better now...
Found while trying to export dupliobjects with FBX...
===================================================================
M source/blender/makesrna/intern/rna_depsgraph.c
===================================================================
diff --git a/source/blender/makesrna/intern/rna_depsgraph.c b/source/blender/makesrna/intern/rna_depsgraph.c
index 6f930d7569a..1a2ecc11505 100644
--- a/source/blender/makesrna/intern/rna_depsgraph.c
+++ b/source/blender/makesrna/intern/rna_depsgraph.c
@@ -301,6 +301,7 @@ typedef struct RNA_Depsgraph_Instances_Iterator
{
BLI_Iterator iterators[2];
DEGObjectIterData deg_data[2];
+ DupliObject dupli_object_current[2];
int counter;
} RNA_Depsgraph_Instances_Iterator;
@@ -331,6 +332,13 @@ static void rna_Depsgraph_object_instances_next(CollectionPropertyIterator *iter
di_it->iterators[di_it->counter % 2].data = &di_it->deg_data[di_it->counter % 2];
DEG_iterator_objects_next(&di_it->iterators[di_it->counter % 2]);
+ /* Dupli_object_current is also temp memory generated during the iterations,
+ * it may be freed when last item has been iterated, so we have same issue as with the iterator itself:
+ * we need to keep a local copy, which memory remains valid a bit longer, for python accesses to work. */
+ if (di_it->deg_data[di_it->counter % 2].dupli_object_current != NULL) {
+ di_it->dupli_object_current[di_it->counter % 2] = *di_it->deg_data[di_it->counter % 2].dupli_object_current;
+ di_it->deg_data[di_it->counter % 2].dupli_object_current = &di_it->dupli_object_current[di_it->counter % 2];
+ }
iter->valid = di_it->iterators[di_it->counter % 2].valid;
}
More information about the Bf-blender-cvs
mailing list