[Bf-blender-cvs] [d7cc907a49b] refactor-mesh-uv-map-generic: Fix use-after-free when passing BKE_id_attribute_remove the name owned by the layer itself
Martijn Versteegh
noreply at git.blender.org
Thu Jan 5 15:39:54 CET 2023
Commit: d7cc907a49b9f637d59f22bb880b3ffaa0d9cb60
Author: Martijn Versteegh
Date: Thu Jan 5 15:39:02 2023 +0100
Branches: refactor-mesh-uv-map-generic
https://developer.blender.org/rBd7cc907a49b9f637d59f22bb880b3ffaa0d9cb60
Fix use-after-free when passing BKE_id_attribute_remove the name owned by the layer itself
===================================================================
M source/blender/blenkernel/intern/attribute.cc
===================================================================
diff --git a/source/blender/blenkernel/intern/attribute.cc b/source/blender/blenkernel/intern/attribute.cc
index f03911fbdc0..8b151e81354 100644
--- a/source/blender/blenkernel/intern/attribute.cc
+++ b/source/blender/blenkernel/intern/attribute.cc
@@ -392,11 +392,15 @@ bool BKE_id_attribute_remove(ID *id, const char *name, ReportList *reports)
BM_data_layer_free_named(em->bm, data, BKE_uv_map_pin_name_get(name, buffer_src));
}
}
+ /* Because it's possible that name is owned by the layer and will be freed
+ * when freeing the layer, do these checks before freeing. */
+ const bool is_active_color_attribute = name == StringRef(mesh->active_color_attribute);
+ const bool is_default_color_attribute = name == StringRef(mesh->default_color_attribute);
if (BM_data_layer_free_named(em->bm, data, name)) {
- if (name == StringRef(mesh->active_color_attribute)) {
+ if (is_active_color_attribute) {
MEM_SAFE_FREE(mesh->active_color_attribute);
}
- else if (name == StringRef(mesh->default_color_attribute)) {
+ else if (is_default_color_attribute) {
MEM_SAFE_FREE(mesh->default_color_attribute);
}
return true;
More information about the Bf-blender-cvs
mailing list