[Bf-blender-cvs] [ebb49ddd834] master: GPencil: Fix double-free issue in update cache

[Falk David]

Commit: ebb49ddd834cba2ea59f375e4866890ece57eae5
Author: Falk David
Date:   Wed Mar 30 11:41:27 2022 +0200
Branches: master
https://developer.blender.org/rBebb49ddd834cba2ea59f375e4866890ece57eae5

GPencil: Fix double-free issue in update cache

When a `GPencilUpdateCacheNode` is created, it always allocates the
`children` pointer. This should not be freed until the whole cache is
deleted.
The `cache_node_update` would free the `children` pointer in a specific
case, causing a double-free later when the cache was removed.

===================================================================

M	source/blender/blenkernel/intern/gpencil_update_cache.c

===================================================================

diff --git a/source/blender/blenkernel/intern/gpencil_update_cache.c b/source/blender/blenkernel/intern/gpencil_update_cache.c
index bbe576eb847..9113f2e2ab9 100644
--- a/source/blender/blenkernel/intern/gpencil_update_cache.c
+++ b/source/blender/blenkernel/intern/gpencil_update_cache.c
@@ -51,10 +51,8 @@ static void cache_node_free(void *node);
 
 static void update_cache_free(GPencilUpdateCache *cache)
 {
-  if (cache->children != NULL) {
-    BLI_dlrbTree_free(cache->children, cache_node_free);
-    MEM_freeN(cache->children);
-  }
+  BLI_dlrbTree_free(cache->children, cache_node_free);
+  MEM_SAFE_FREE(cache->children);
   MEM_freeN(cache);
 }
 
@@ -83,9 +81,8 @@ static void cache_node_update(void *node, void *data)
 
   /* In case the new cache does a full update, remove its children since they will be all
    * updated by this cache. */
-  if (new_update_cache->flag == GP_UPDATE_NODE_FULL_COPY && update_cache->children != NULL) {
+  if (new_update_cache->flag == GP_UPDATE_NODE_FULL_COPY) {
     BLI_dlrbTree_free(update_cache->children, cache_node_free);
-    MEM_freeN(update_cache->children);
   }
 
   update_cache_free(new_update_cache);