[Bf-blender-cvs] [6cd977b903f] master: Fix T94760: Crash building BMesh when opening file

Sat Jan 22 20:06:23 CET 2022

Commit: 6cd977b903f46ee0f33c4fb2fb1f00e084cb56e9
Author: Hans Goudey
Date:   Sat Jan 22 13:06:15 2022 -0600
Branches: master
https://developer.blender.org/rB6cd977b903f46ee0f33c4fb2fb1f00e084cb56e9

Fix T94760: Crash building BMesh when opening file

A large polygon in the file from the report caused `alloca`
to exceed the maximum stack size, causing a crash.  Instead
of using `alloca`, use `blender::Array` with an inline buffer.

Based on a patch by Germano Cavalcante (@mano-wii).

Differential Revision: https://developer.blender.org/D13898

===================================================================

M	source/blender/bmesh/intern/bmesh_mesh_convert.cc

===================================================================

diff --git a/source/blender/bmesh/intern/bmesh_mesh_convert.cc b/source/blender/bmesh/intern/bmesh_mesh_convert.cc
index b404c412160..9d758386336 100644
--- a/source/blender/bmesh/intern/bmesh_mesh_convert.cc
+++ b/source/blender/bmesh/intern/bmesh_mesh_convert.cc
@@ -79,6 +79,7 @@
 #include "MEM_guardedalloc.h"
 
 #include "BLI_alloca.h"
+#include "BLI_array.hh"
 #include "BLI_listbase.h"
 #include "BLI_math_vector.h"
 
@@ -95,6 +96,8 @@
 #include "bmesh.h"
 #include "intern/bmesh_private.h" /* For element checking. */
 
+using blender::Array;
+
 void BM_mesh_cd_flag_ensure(BMesh *bm, Mesh *mesh, const char cd_flag)
 {
   const char cd_flag_all = BM_mesh_cd_flag_from_bmesh(bm) | cd_flag;
@@ -178,8 +181,8 @@ char BM_mesh_cd_flag_from_bmesh(BMesh *bm)
 static BMFace *bm_face_create_from_mpoly(
     MPoly *mp, MLoop *ml, BMesh *bm, BMVert **vtable, BMEdge **etable)
 {
-  BMVert **verts = (BMVert **)BLI_array_alloca(verts, mp->totloop);
-  BMEdge **edges = (BMEdge **)BLI_array_alloca(edges, mp->totloop);
+  Array<BMVert *, BM_DEFAULT_NGON_STACK_SIZE> verts(mp->totloop);
+  Array<BMEdge *, BM_DEFAULT_NGON_STACK_SIZE> edges(mp->totloop);
   int j;
 
   for (j = 0; j < mp->totloop; j++, ml++) {
@@ -187,7 +190,7 @@ static BMFace *bm_face_create_from_mpoly(
     edges[j] = etable[ml->e];
   }
 
-  return BM_face_create(bm, verts, edges, mp->totloop, nullptr, BM_CREATE_SKIP_CD);
+  return BM_face_create(bm, verts.data(), edges.data(), mp->totloop, nullptr, BM_CREATE_SKIP_CD);
 }
 
 void BM_mesh_bm_from_me(BMesh *bm, const Mesh *me, const struct BMeshFromMeshParams *params)

