[Bf-blender-cvs] [a41008964c7] master: Fix: Buffer overflow in StudioLight
Ray Molenkamp
noreply at git.blender.org
Sun Mar 31 21:45:34 CEST 2019
Commit: a41008964c76014246417b045bd543a44397b3ca
Author: Ray Molenkamp
Date: Sun Mar 31 13:45:13 2019 -0600
Branches: master
https://developer.blender.org/rBa41008964c76014246417b045bd543a44397b3ca
Fix: Buffer overflow in StudioLight
sl->light_ambient is a float[3], copy_v4_fl4 overwrites sl->free_function with a bogus
pointer on 32 bit.
===================================================================
M source/blender/blenkernel/intern/studiolight.c
M source/blender/blenloader/intern/versioning_userdef.c
===================================================================
diff --git a/source/blender/blenkernel/intern/studiolight.c b/source/blender/blenkernel/intern/studiolight.c
index 7fe21053794..38975f9a227 100644
--- a/source/blender/blenkernel/intern/studiolight.c
+++ b/source/blender/blenkernel/intern/studiolight.c
@@ -1184,7 +1184,7 @@ void BKE_studiolight_init(void)
STUDIOLIGHT_INTERNAL | STUDIOLIGHT_SPHERICAL_HARMONICS_COEFFICIENTS_CALCULATED | STUDIOLIGHT_TYPE_STUDIO);
BLI_strncpy(sl->name, "Default", FILE_MAXFILE);
- copy_v4_fl4(sl->light_ambient, 0.025000, 0.025000, 0.025000, 1.000000);
+ copy_v3_fl3(sl->light_ambient, 0.025000, 0.025000, 0.025000);
copy_v4_fl4(sl->light[0].vec, -0.580952, 0.228571, 0.781185, 0.0);
copy_v4_fl4(sl->light[0].col, 0.900000, 0.900000, 0.900000, 1.000000);
diff --git a/source/blender/blenloader/intern/versioning_userdef.c b/source/blender/blenloader/intern/versioning_userdef.c
index 5bff0cd1c93..502b33a2b4a 100644
--- a/source/blender/blenloader/intern/versioning_userdef.c
+++ b/source/blender/blenloader/intern/versioning_userdef.c
@@ -452,7 +452,7 @@ void BLO_version_defaults_userpref_blend(Main *bmain, UserDef *userdef)
userdef->light_param[3].flag = 1;
userdef->light_param[3].smooth = 0.7;
- copy_v4_fl4(userdef->light_ambient, 0.025000, 0.025000, 0.025000, 1.000000);
+ copy_v3_fl3(userdef->light_ambient, 0.025000, 0.025000, 0.025000);
userdef->flag &= ~(
USER_FLAG_UNUSED_4);
More information about the Bf-blender-cvs
mailing list