[Bf-blender-cvs] [33af94dc468] temp_bmesh_multires: Fixed an out of bounds read error.

Joseph Eagar noreply at git.blender.org
Fri Apr 2 22:42:55 CEST 2021 

Commit: 33af94dc4687c08fcaa54c6b352f38ce3811bd62
Author: Joseph Eagar
Date:   Fri Apr 2 13:42:29 2021 -0700
Branches: temp_bmesh_multires
https://developer.blender.org/rB33af94dc4687c08fcaa54c6b352f38ce3811bd62

Fixed an out of bounds read error.

===================================================================

M	CMakeLists.txt
M	source/blender/blenkernel/intern/pbvh_bmesh.c
M	source/blender/bmesh/intern/bmesh_mesh_convert.c
M	source/blender/editors/sculpt_paint/sculpt.c
M	source/blender/editors/sculpt_paint/sculpt_dyntopo.c

===================================================================

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 3f3057bccf1..f7d5819e747 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -572,6 +572,12 @@ if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_C_COMPILER_ID MATCHES "Clang")
         [HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\LLVM\\LLVM;]/lib/clang/7.0.0/lib/windows
         [HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\LLVM\\LLVM;]/lib/clang/6.0.0/lib/windows
       )
+        find_library(
+          COMPILER_ASAN_LIBRARY_THUNK NAMES clang_rt.asan_dll_thunk-x86_64
+        PATHS
+        [HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\LLVM\\LLVM;]/lib/clang/7.0.0/lib/windows
+        [HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\LLVM\\LLVM;]/lib/clang/6.0.0/lib/windows
+      )
     elseif(APPLE)
       execute_process(COMMAND ${CMAKE_CXX_COMPILER}
         -print-file-name=lib
@@ -592,6 +598,7 @@ if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_C_COMPILER_ID MATCHES "Clang")
       )
     endif()
 
+    mark_as_advanced(COMPILER_ASAN_LIBRARY_THUNK)
     mark_as_advanced(COMPILER_ASAN_LIBRARY)
   endif()
 endif()
@@ -907,9 +914,9 @@ if(NOT CMAKE_BUILD_TYPE MATCHES "Release")
       unset(_list_COMPILER_ASAN_CFLAGS)
       unset(_is_CONFIG_DEBUG)
     elseif(COMPILER_ASAN_LIBRARY)
-      set(PLATFORM_LINKLIBS "${PLATFORM_LINKLIBS};${COMPILER_ASAN_LIBRARY}")
-      set(PLATFORM_LINKFLAGS "${COMPILER_ASAN_LIBRARY} ${COMPILER_ASAN_LINKER_FLAGS}")
-      set(PLATFORM_LINKFLAGS_DEBUG "${COMPILER_ASAN_LIBRARY} ${COMPILER_ASAN_LINKER_FLAGS}")
+      set(PLATFORM_LINKLIBS "${PLATFORM_LINKLIBS};\"${COMPILER_ASAN_LIBRARY}\" \"${COMPILER_ASAN_LIBRARY_THUNK}\"")
+      set(PLATFORM_LINKFLAGS "\"${COMPILER_ASAN_LIBRARY}\" \"${COMPILER_ASAN_LIBRARY_THUNK}\" ${COMPILER_ASAN_LINKER_FLAGS}")
+      set(PLATFORM_LINKFLAGS_DEBUG "\"${COMPILER_ASAN_LIBRARY}\" \"${COMPILER_ASAN_LIBRARY_THUNK}\" ${COMPILER_ASAN_LINKER_FLAGS}")
     endif()
   endif()
 endif()
diff --git a/source/blender/blenkernel/intern/pbvh_bmesh.c b/source/blender/blenkernel/intern/pbvh_bmesh.c
index c51f5600d2c..0d4bac4a2b9 100644
--- a/source/blender/blenkernel/intern/pbvh_bmesh.c
+++ b/source/blender/blenkernel/intern/pbvh_bmesh.c
@@ -3590,6 +3590,10 @@ static void BKE_pbvh_bmesh_corect_tree(PBVH *pbvh, PBVHNode *node, PBVHNode *par
 
 static void pbvh_bmesh_join_nodes(PBVH *bvh)
 {
+  if (bvh->totnode < 2) {
+    return;
+  }
+
   pbvh_count_subtree_verts(bvh, bvh->nodes);
   BKE_pbvh_bmesh_corect_tree(bvh, bvh->nodes, NULL);
 
@@ -3692,6 +3696,11 @@ static void pbvh_bmesh_join_nodes(PBVH *bvh)
   j = 0;
   for (int i = 0; i < bvh->totnode; i++) {
     if (!(bvh->nodes[i].flag & PBVH_Delete)) {
+      if (bvh->nodes[i].children_offset >= bvh->totnode-1) {
+        printf("error %i %i\n", i, bvh->nodes[i].children_offset);
+        continue;
+      }
+
       int i1 = map[bvh->nodes[i].children_offset];
       int i2 = map[bvh->nodes[i].children_offset + 1];
 
diff --git a/source/blender/bmesh/intern/bmesh_mesh_convert.c b/source/blender/bmesh/intern/bmesh_mesh_convert.c
index 7ab7e9aaa6d..33a67cfe37a 100644
--- a/source/blender/bmesh/intern/bmesh_mesh_convert.c
+++ b/source/blender/bmesh/intern/bmesh_mesh_convert.c
@@ -223,6 +223,7 @@ void BM_mesh_bm_from_me(Object *ob, BMesh *bm, const Mesh *me, const struct BMes
   CustomData_MeshMasks_update(&mask, &params->cd_mask_extra);
 
   MultiresModifierData *mmd = ob ? get_multires_modifier(NULL, ob, true) : NULL;
+
   if (mmd) {
     bm->multires = *mmd;
     bm->haveMultiResSettings = true;
diff --git a/source/blender/editors/sculpt_paint/sculpt.c b/source/blender/editors/sculpt_paint/sculpt.c
index bc9e28a6e2d..3c1e75b4bb2 100644
--- a/source/blender/editors/sculpt_paint/sculpt.c
+++ b/source/blender/editors/sculpt_paint/sculpt.c
@@ -8398,15 +8398,13 @@ static bool sculpt_stroke_test_start(bContext *C, struct wmOperator *op, const f
   return false;
 }
 
-static void sculpt_stroke_update_step(bContext *C,
-                                                               struct PaintStroke *stroke,
-                                                               PointerRNA *itemptr)
+static void sculpt_stroke_update_step(bContext *C, struct PaintStroke *stroke, PointerRNA *itemptr)
 {
   UnifiedPaintSettings *ups = &CTX_data_tool_settings(C)->unified_paint_settings;
   Sculpt *sd = CTX_data_tool_settings(C)->sculpt;
   Object *ob = CTX_data_active_object(C);
   SculptSession *ss = ob->sculpt;
-  const Brush *brush = BKE_paint_brush(&sd->paint);
+  Brush *brush = BKE_paint_brush(&sd->paint);
 
   ss->cache->stroke_distance = stroke->stroke_distance;
   ss->cache->stroke_distance_t = stroke->stroke_distance_t;
@@ -8960,10 +8958,12 @@ void ED_object_sculptmode_enter_ex(Main *bmain,
       /* Needed because we may be entering this mode before the undo system loads. */
       wmWindowManager *wm = bmain->wm.first;
       bool has_undo = wm->undo_stack != NULL;
+
       /* Undo push is needed to prevent memory leak. */
       if (has_undo) {
         SCULPT_undo_push_begin(ob, "Dynamic topology enable");
       }
+
       SCULPT_dynamic_topology_enable_ex(bmain, depsgraph, scene, ob);
       if (has_undo) {
         SCULPT_undo_push_node(ob, NULL, SCULPT_UNDO_DYNTOPO_BEGIN);
@@ -9444,8 +9444,6 @@ static void do_fake_neighbor_search_task_cb(void *__restrict userdata,
   NearestVertexFakeNeighborTLSData *nvtd = tls->userdata_chunk;
   PBVHVertexIter vd;
 
-  bool has_bmesh = false;
-
   SCULPT_vertex_random_access_ensure(ss);
 
   BKE_pbvh_vertex_iter_begin (ss->pbvh, data->nodes[n], vd, PBVH_ITER_UNIQUE) {
diff --git a/source/blender/editors/sculpt_paint/sculpt_dyntopo.c b/source/blender/editors/sculpt_paint/sculpt_dyntopo.c
index 60801026131..70476ac3163 100644
--- a/source/blender/editors/sculpt_paint/sculpt_dyntopo.c
+++ b/source/blender/editors/sculpt_paint/sculpt_dyntopo.c
@@ -360,6 +360,7 @@ void SCULPT_dynamic_topology_enable_ex(Main *bmain, Depsgraph *depsgraph, Scene
                               .use_toolflags = false,
                           }));
 
+
   BM_mesh_bm_from_me(NULL,
                      ss->bm,
                      me,

More information about the Bf-blender-cvs mailing list