[Bf-blender-cvs] [3d6f6715595] blender-v3.2-release: Fix use-after-free error when handling events that close windows
Campbell Barton
noreply at git.blender.org
Fri Jul 15 14:47:21 CEST 2022
Commit: 3d6f6715595ea48004132d934c21f75eac85f51d
Author: Campbell Barton
Date: Fri Jul 15 14:47:20 2022 +0200
Branches: blender-v3.2-release
https://developer.blender.org/rB3d6f6715595ea48004132d934c21f75eac85f51d
Fix use-after-free error when handling events that close windows
Regression in [0] caused operations such as file-load or file-new
from any window besides the first to write into the freed:
`wmWindow.eventstate`.
Resolve by copying the event instead of restoring the region relative
cursor position after modifying it.
[0]: 789b1617f70e07f1c9bcb5253f1233acacbf6c8a
===================================================================
M source/blender/windowmanager/intern/wm_event_system.c
===================================================================
diff --git a/source/blender/windowmanager/intern/wm_event_system.c b/source/blender/windowmanager/intern/wm_event_system.c
index 43b4d4a90f0..c2be9514b2c 100644
--- a/source/blender/windowmanager/intern/wm_event_system.c
+++ b/source/blender/windowmanager/intern/wm_event_system.c
@@ -1377,22 +1377,20 @@ static int wm_operator_invoke(bContext *C,
}
if (op->type->invoke && event) {
- /* Temporarily write into `mval` (not technically `const` correct) but this is restored. */
- int mval_prev[2] = {UNPACK2(event->mval)};
- wm_region_mouse_co(C, (wmEvent *)event);
+ /* Make a copy of the event as it's `const` and the #wmEvent.mval to be written into. */
+ wmEvent event_temp = *event;
+ wm_region_mouse_co(C, &event_temp);
if (op->type->flag & OPTYPE_UNDO) {
wm->op_undo_depth++;
}
- retval = op->type->invoke(C, op, event);
+ retval = op->type->invoke(C, op, &event_temp);
OPERATOR_RETVAL_CHECK(retval);
if (op->type->flag & OPTYPE_UNDO && CTX_wm_manager(C) == wm) {
wm->op_undo_depth--;
}
-
- copy_v2_v2_int(((wmEvent *)event)->mval, mval_prev);
}
else if (op->type->exec) {
if (op->type->flag & OPTYPE_UNDO) {
More information about the Bf-blender-cvs
mailing list