[Bf-blender-cvs] [b6c07d69e2f] master: Fix T86106: bpy.types.SpaceView3D.draw_handler_remove(...) causes Blender to crash
Germano Cavalcante
noreply at git.blender.org
Mon Mar 8 14:38:23 CET 2021
Commit: b6c07d69e2f022f024c6ec2ff92925dbc6bbd79e
Author: Germano Cavalcante
Date: Mon Mar 8 10:29:57 2021 -0300
Branches: master
https://developer.blender.org/rBb6c07d69e2f022f024c6ec2ff92925dbc6bbd79e
Fix T86106: bpy.types.SpaceView3D.draw_handler_remove(...) causes Blender to crash
The handle of a drawing callback can be removed within the drawing function itself.
This causes `var = (type)(((Link *)(var))->next` to read an invalid memory value in C.
===================================================================
M source/blender/editors/space_api/spacetypes.c
M source/blender/windowmanager/intern/wm_draw.c
===================================================================
diff --git a/source/blender/editors/space_api/spacetypes.c b/source/blender/editors/space_api/spacetypes.c
index 1bd8d13b25b..ff05fb3bad6 100644
--- a/source/blender/editors/space_api/spacetypes.c
+++ b/source/blender/editors/space_api/spacetypes.c
@@ -262,7 +262,7 @@ void ED_region_draw_cb_exit(ARegionType *art, void *handle)
void ED_region_draw_cb_draw(const bContext *C, ARegion *region, int type)
{
- LISTBASE_FOREACH (RegionDrawCB *, rdc, ®ion->type->drawcalls) {
+ LISTBASE_FOREACH_MUTABLE (RegionDrawCB *, rdc, ®ion->type->drawcalls) {
if (rdc->type == type) {
rdc->draw(C, region, rdc->customdata);
diff --git a/source/blender/windowmanager/intern/wm_draw.c b/source/blender/windowmanager/intern/wm_draw.c
index 071bce822a5..e0c4ab8eaf3 100644
--- a/source/blender/windowmanager/intern/wm_draw.c
+++ b/source/blender/windowmanager/intern/wm_draw.c
@@ -98,7 +98,7 @@ static void wm_paintcursor_draw(bContext *C, ScrArea *area, ARegion *region)
return;
}
- LISTBASE_FOREACH (wmPaintCursor *, pc, &wm->paintcursors) {
+ LISTBASE_FOREACH_MUTABLE (wmPaintCursor *, pc, &wm->paintcursors) {
if ((pc->space_type != SPACE_TYPE_ANY) && (area->spacetype != pc->space_type)) {
continue;
}
More information about the Bf-blender-cvs
mailing list