[Bf-committers] "off by one" error in renderdatabase.c?

[Ton Roosendaal]

Hi,

I tried rendering (OSX 10.3), no errors.

The Blender code you suspect also has no evidence of 32/64 bits issues,  
and is in use 1.5 year in Blender without giving bug reports (if you  
were right we would also have issues in 32 bits Blender versions).

> I think I know what is causing this. By looking
> how the function RE_freeRotateBlenderScene in
> source/blender/renderconverter/intern/convertBlenderScene.c
> frees the elements of the arrays R.blove, R.blovl and R.bloha,
> I conclude that these arrays are supposed to be terminated by
> an element which is a null pointer.

No that is not true. The arrays are initialized with NULL pointers, and  
then all filled with data. Your proposed patch just skips the last free  
entry... why would that fix your issue, and why only for 64 bits?

I think you have to dive deeper? :)

-Ton-



>
> If I now look at source/blender/render/intern/source/renderdatabase.c,
> it contains the following code (slightly shortened):
> <snipped>

> Now image that the variable a gets the value rblovllen-1. In this case,
> new memory is not yet allocated, but all the rblovllen members of
> R.blovl (with indices 0 to rblovllen-1) are non-null pointers.
> Therefore, R.blovl is not null terminated until further calls to
> RE_findOrAddVlak cause the value of a to become rblovllen.
> RE_freeRotateBlenderScene barfs if it is called in this situation.
>
> R.blove and R.bloha have the same problem. I therefore propose to apply
> the attached patch. It fixes the problem for me.
>
> Thank you very much,
> Martin
> <offbyone.diff>_______________________________________________
> Bf-committers mailing list
> Bf-committers at projects.blender.org
> http://projects.blender.org/mailman/listinfo/bf-committers
>
------------------------------------------------------------------------ 
--
Ton Roosendaal  Blender Foundation ton at blender.org  
http://www.blender.org