[Bf-blender-cvs] [ff814ec5f68] master: Metal: Fix read from uninitialized memory.
Jeroen Bakker
noreply at git.blender.org
Mon Jan 16 11:14:20 CET 2023
Commit: ff814ec5f687aac769a12327f9f38f7291385530
Author: Jeroen Bakker
Date: Mon Jan 16 11:12:14 2023 +0100
Branches: master
https://developer.blender.org/rBff814ec5f687aac769a12327f9f38f7291385530
Metal: Fix read from uninitialized memory.
Implementation didn't count the string terminator when allocating
memory to store `msl_patch_default`. The string terminator could
be overwritted by other memory adding some undefined behavior.
===================================================================
M source/blender/gpu/metal/mtl_shader_generator.mm
===================================================================
diff --git a/source/blender/gpu/metal/mtl_shader_generator.mm b/source/blender/gpu/metal/mtl_shader_generator.mm
index fc37263d239..93429800888 100644
--- a/source/blender/gpu/metal/mtl_shader_generator.mm
+++ b/source/blender/gpu/metal/mtl_shader_generator.mm
@@ -521,7 +521,7 @@ char *MSLGeneratorInterface::msl_patch_default_get()
std::stringstream ss_patch;
ss_patch << datatoc_mtl_shader_defines_msl << std::endl;
ss_patch << datatoc_mtl_shader_shared_h << std::endl;
- size_t len = strlen(ss_patch.str().c_str());
+ size_t len = strlen(ss_patch.str().c_str()) + 1;
msl_patch_default = (char *)malloc(len * sizeof(char));
strcpy(msl_patch_default, ss_patch.str().c_str());
More information about the Bf-blender-cvs
mailing list