[Bf-blender-cvs] [b72f383ad50] temp-gpu-image-engine: Fix possible use-after-free on error handling during VR view drawing

Wed Dec 15 14:37:52 CET 2021

Commit: b72f383ad50e1543cb81db56da8fc8e7529684de
Author: Julian Eisel
Date:   Tue Dec 14 20:10:05 2021 +0100
Branches: temp-gpu-image-engine
https://developer.blender.org/rBb72f383ad50e1543cb81db56da8fc8e7529684de

Fix possible use-after-free on error handling during VR view drawing

Whenever an exception happens in VR session code, we cancel the entire
session. Alongside that, we removed the "surface" item used to draw into
an offscreen context. But this may still be stored as active surface,
leading to a use-after-free when deactivating this active surface, for
example.

===================================================================

M	source/blender/windowmanager/intern/wm_surface.c

===================================================================

diff --git a/source/blender/windowmanager/intern/wm_surface.c b/source/blender/windowmanager/intern/wm_surface.c
index 72b68788e79..39bff205cbd 100644
--- a/source/blender/windowmanager/intern/wm_surface.c
+++ b/source/blender/windowmanager/intern/wm_surface.c
@@ -119,6 +119,9 @@ void wm_surface_add(wmSurface *surface)
 
 void wm_surface_remove(wmSurface *surface)
 {
+  if (surface == g_drawable) {
+    wm_surface_clear_drawable();
+  }
   BLI_remlink(&global_surface_list, surface);
   surface->free_data(surface);
   MEM_freeN(surface);

