[Bf-blender-cvs] [90b7c3d05e5] master: Fix T99661: Use after free converting edit mode curve object to mesh

[Hans Goudey]

Commit: 90b7c3d05e58543650c4831bbc1f3765b526673b
Author: Hans Goudey
Date:   Tue Aug 9 17:49:41 2022 -0500
Branches: master
https://developer.blender.org/rB90b7c3d05e58543650c4831bbc1f3765b526673b

Fix T99661: Use after free converting edit mode curve object to mesh

The fix from c0fdf16561034f85aadae8a was missing in one place. We don't
want to free the edit mode pointers, those are just copied because the
edit mode changes aren't present in the actual original data-block.

===================================================================

M	source/blender/blenkernel/intern/mesh_convert.cc

===================================================================

diff --git a/source/blender/blenkernel/intern/mesh_convert.cc b/source/blender/blenkernel/intern/mesh_convert.cc
index 923d2703960..81bab9f796f 100644
--- a/source/blender/blenkernel/intern/mesh_convert.cc
+++ b/source/blender/blenkernel/intern/mesh_convert.cc
@@ -985,6 +985,12 @@ static Mesh *mesh_new_from_curve_type_object(const Object *object)
 
   /* If evaluating the curve replaced object data with different data, free the original data. */
   if (temp_data != temp_object->data) {
+    if (GS(temp_data->name) == ID_CU_LEGACY) {
+      /* Clear edit mode pointers that were explicitly copied to the temporary curve. */
+      Curve *curve = reinterpret_cast<Curve *>(temp_data);
+      curve->editfont = nullptr;
+      curve->editnurb = nullptr;
+    }
     BKE_id_free(nullptr, temp_data);
   }