[Bf-blender-cvs] [baae87ce86d] master: Fix: Incorrect custom data maxlayers in rare files

Hans Goudey noreply at git.blender.org
Fri Apr 29 16:20:15 CEST 2022 

Commit: baae87ce86dc502e2ac28ffb241deba891cdcec1
Author: Hans Goudey
Date:   Fri Apr 29 09:19:52 2022 -0500
Branches: master
https://developer.blender.org/rBbaae87ce86dc502e2ac28ffb241deba891cdcec1

Fix: Incorrect custom data maxlayers in rare files

For a single day in 2015 between rBff3d535bc2a6309 and rB945f32e66d6ada,
custom data structs could be written with an incorrect maxlayer field.
This means that custom data structs read from those files would think
they have more space to add new layers than they actually did, causing
a crash if more layers were added. This was found while investigating
a crash from D14365 which adds new face corner layers in versioning.

The fix is to reset all maxlayer integers to totlayer, which is
done when writing files in current Blender anyway.

The file tests/render/motion_blur/camera_zoom_blur_perspective.blend
has this problem as it was added on 2015-07-21, right between the two
commits. Adding three custom data layers in versioning code would crash.

The problem was originally found and investigated by Martijn Versteegh
(@Baardaap), thanks!

Differential Revision: https://developer.blender.org/D14786

===================================================================

M	source/blender/blenkernel/intern/customdata.cc

===================================================================

diff --git a/source/blender/blenkernel/intern/customdata.cc b/source/blender/blenkernel/intern/customdata.cc
index a5138856d53..62351a31042 100644
--- a/source/blender/blenkernel/intern/customdata.cc
+++ b/source/blender/blenkernel/intern/customdata.cc
@@ -5328,6 +5328,11 @@ void CustomData_blend_read(BlendDataReader *reader, CustomData *data, int count)
     }
   }
 
+  /* Ensure allocated size is set to the size of the read array. While this should always be the
+   * case (see #CustomData_blend_write_prepare), there can be some corruption in rare cases (e.g.
+   * files saved between ff3d535bc2a63092 and 945f32e66d6ada2a). */
+  data->maxlayer = data->totlayer;
+
   CustomData_update_typemap(data);
 }

More information about the Bf-blender-cvs mailing list