[Bf-blender-cvs] [e6fa74ffed5] master: Fix: Use after free in spreadsheet attribute column ID
Hans Goudey
noreply at git.blender.org
Wed Sep 15 01:13:59 CEST 2021
Commit: e6fa74ffed5ffaf2a7cd550415d8216883fd1961
Author: Hans Goudey
Date: Tue Sep 14 18:13:52 2021 -0500
Branches: master
https://developer.blender.org/rBe6fa74ffed5ffaf2a7cd550415d8216883fd1961
Fix: Use after free in spreadsheet attribute column ID
A temporary string was created in the attribute_foreach callback
and used in a map at a higher scope. When the callback finished,
the string went out of scope, was freed, then the elements in the
set pointed to freed memory.
===================================================================
M source/blender/editors/space_spreadsheet/spreadsheet_data_source_geometry.cc
===================================================================
diff --git a/source/blender/editors/space_spreadsheet/spreadsheet_data_source_geometry.cc b/source/blender/editors/space_spreadsheet/spreadsheet_data_source_geometry.cc
index bd2d89e4f27..78d9f61d8d5 100644
--- a/source/blender/editors/space_spreadsheet/spreadsheet_data_source_geometry.cc
+++ b/source/blender/editors/space_spreadsheet/spreadsheet_data_source_geometry.cc
@@ -54,8 +54,7 @@ void GeometryDataSource::foreach_default_column_ids(
return true;
}
SpreadsheetColumnID column_id;
- std::string name = attribute_id.name();
- column_id.name = (char *)name.c_str();
+ column_id.name = (char *)attribute_id.name().data();
fn(column_id);
return true;
});
More information about the Bf-blender-cvs
mailing list