[Bf-blender-cvs] [8b836f6894a] blender-v2.91-release: Fix (unreported) buffer-overflow in new lattice code.
Bastien Montagne
noreply at git.blender.org
Fri Oct 30 15:33:46 CET 2020
Commit: 8b836f6894a375bee1fe6ffcd5f8ce609571ad9e
Author: Bastien Montagne
Date: Fri Oct 30 15:31:01 2020 +0100
Branches: blender-v2.91-release
https://developer.blender.org/rB8b836f6894a375bee1fe6ffcd5f8ce609571ad9e
Fix (unreported) buffer-overflow in new lattice code.
Follow-up to rBc0beeeb5de0cbc, fixing overflow accesses on arrays
introduced by rB042143440d76.
It's never 'OK' to access invalid memory...
===================================================================
M source/blender/blenkernel/intern/lattice_deform.c
===================================================================
diff --git a/source/blender/blenkernel/intern/lattice_deform.c b/source/blender/blenkernel/intern/lattice_deform.c
index 43965813b84..382661ff070 100644
--- a/source/blender/blenkernel/intern/lattice_deform.c
+++ b/source/blender/blenkernel/intern/lattice_deform.c
@@ -235,10 +235,16 @@ void BKE_lattice_deform_data_eval_co(LatticeDeformData *lattice_deform_data,
#ifdef __SSE2__
{
__m128 weight_vec = _mm_set1_ps(u);
- /* This will load one extra element, this is ok because
- * we ignore that part of register anyway.
- */
- __m128 lattice_vec = _mm_loadu_ps(&latticedata[idx * 3]);
+ /* We need to address special case for last item to avoid accessing invalid memory. */
+ __m128 lattice_vec;
+ if (idx * 3 == idx_w_max) {
+ copy_v3_v3((float *)&lattice_vec, &latticedata[idx * 3]);
+ }
+ else {
+ /* When not on last item, we can safely access one extra float, it will be ignored
+ * anyway. */
+ lattice_vec = _mm_loadu_ps(&latticedata[idx * 3]);
+ }
co_vec = _mm_add_ps(co_vec, _mm_mul_ps(lattice_vec, weight_vec));
}
#else
More information about the Bf-blender-cvs
mailing list