[Bf-blender-cvs] [31e06a8c73b] blender-v3.3-release: Fix T99661: Use after free converting edit mode curve object to mesh
Hans Goudey
noreply at git.blender.org
Wed Aug 10 01:24:53 CEST 2022
Commit: 31e06a8c73b3c43d339e60ccbbc7f7d14c8d5221
Author: Hans Goudey
Date: Tue Aug 9 17:49:41 2022 -0500
Branches: blender-v3.3-release
https://developer.blender.org/rB31e06a8c73b3c43d339e60ccbbc7f7d14c8d5221
Fix T99661: Use after free converting edit mode curve object to mesh
The fix from c0fdf16561034f85aadae8a was missing in one place. We don't
want to free the edit mode pointers, those are just copied because the
edit mode changes aren't present in the actual original data-block.
===================================================================
M source/blender/blenkernel/intern/mesh_convert.cc
===================================================================
diff --git a/source/blender/blenkernel/intern/mesh_convert.cc b/source/blender/blenkernel/intern/mesh_convert.cc
index 923d2703960..81bab9f796f 100644
--- a/source/blender/blenkernel/intern/mesh_convert.cc
+++ b/source/blender/blenkernel/intern/mesh_convert.cc
@@ -985,6 +985,12 @@ static Mesh *mesh_new_from_curve_type_object(const Object *object)
/* If evaluating the curve replaced object data with different data, free the original data. */
if (temp_data != temp_object->data) {
+ if (GS(temp_data->name) == ID_CU_LEGACY) {
+ /* Clear edit mode pointers that were explicitly copied to the temporary curve. */
+ Curve *curve = reinterpret_cast<Curve *>(temp_data);
+ curve->editfont = nullptr;
+ curve->editnurb = nullptr;
+ }
BKE_id_free(nullptr, temp_data);
}
More information about the Bf-blender-cvs
mailing list