Fix T48824: Crash when having too many ray-to-volume intersections

Code might have writing past the array boundaries.

intern/cycles/kernel/bvh/bvh_shadow_all.h

@@ -254,6 +254,9 @@ ccl_device bool BVH_FUNCTION_FULL_NAME(BVH)(KernelGlobals *kg,
 
 						/* shadow ray early termination */
 						if(hit) {
+							/* Update number of hits now, so we do proper check on max bounces. */
+							(*num_hits)++;
+
 							/* detect if this surface has a shader with transparent shadows */
 
 							/* todo: optimize so primitive visibility flag indicates if
@@ -284,14 +287,11 @@ ccl_device bool BVH_FUNCTION_FULL_NAME(BVH)(KernelGlobals *kg,
 								return true;
 							}
 
-							/* move on to next entry in intersections array */
-							isect_array++;
-							(*num_hits)++;
 #if BVH_FEATURE(BVH_INSTANCING)
 							num_hits_in_instance++;
 #endif
-
-							isect_array->t = isect_t;
+							/* Move on to next entry in intersections array */
+							isect_array++;
 						}
 
 						prim_addr++;

intern/cycles/kernel/bvh/bvh_volume_all.h

@@ -201,13 +201,11 @@ ccl_device uint BVH_FUNCTION_FULL_NAME(BVH)(KernelGlobals *kg,
 								                         object,
 								                         prim_addr);
 								if(hit) {
-									/* Move on to next entry in intersections array. */
-									isect_array++;
+									/* Update number of hits now, so we do proper check on max bounces. */
 									num_hits++;
 #if BVH_FEATURE(BVH_INSTANCING)
 									num_hits_in_instance++;
 #endif
-									isect_array->t = isect_t;
 									if(num_hits == max_hits) {
 #if BVH_FEATURE(BVH_INSTANCING)
 #  if BVH_FEATURE(BVH_MOTION)
@@ -222,6 +220,9 @@ ccl_device uint BVH_FUNCTION_FULL_NAME(BVH)(KernelGlobals *kg,
 #endif  /* BVH_FEATURE(BVH_INSTANCING) */
 										return num_hits;
 									}
+									/* Move on to next entry in intersections array */
+									isect_array++;
+									isect_array->t = isect_t;
 								}
 							}
 							break;
@@ -246,13 +247,11 @@ ccl_device uint BVH_FUNCTION_FULL_NAME(BVH)(KernelGlobals *kg,
 								                                object,
 								                                prim_addr);
 								if(hit) {
-									/* Move on to next entry in intersections array. */
-									isect_array++;
+									/* Update number of hits now, so we do proper check on max bounces. */
 									num_hits++;
 #  if BVH_FEATURE(BVH_INSTANCING)
 									num_hits_in_instance++;
 #  endif
-									isect_array->t = isect_t;
 									if(num_hits == max_hits) {
 #  if BVH_FEATURE(BVH_INSTANCING)
 #    if BVH_FEATURE(BVH_MOTION)
@@ -267,6 +266,9 @@ ccl_device uint BVH_FUNCTION_FULL_NAME(BVH)(KernelGlobals *kg,
 #  endif  /* BVH_FEATURE(BVH_INSTANCING) */
 										return num_hits;
 									}
+									/* Move on to next entry in intersections array */
+									isect_array++;
+									isect_array->t = isect_t;
 								}
 							}
 							break;

intern/cycles/kernel/bvh/qbvh_shadow_all.h

@@ -337,6 +337,9 @@ ccl_device bool BVH_FUNCTION_FULL_NAME(QBVH)(KernelGlobals *kg,
 
 						/* Shadow ray early termination. */
 						if(hit) {
+							/* Update number of hits now, so we do proper check on max bounces. */
+							(*num_hits)++;
+
 							/* detect if this surface has a shader with transparent shadows */
 
 							/* todo: optimize so primitive visibility flag indicates if
@@ -367,13 +370,11 @@ ccl_device bool BVH_FUNCTION_FULL_NAME(QBVH)(KernelGlobals *kg,
 								return true;
 							}
 
-							/* move on to next entry in intersections array */
-							isect_array++;
-							(*num_hits)++;
 #if BVH_FEATURE(BVH_INSTANCING)
 							num_hits_in_instance++;
 #endif
-
+							/* Move on to next entry in intersections array */
+							isect_array++;
 							isect_array->t = isect_t;
 						}
 

intern/cycles/kernel/bvh/qbvh_volume_all.h

@@ -268,13 +268,11 @@ ccl_device uint BVH_FUNCTION_FULL_NAME(QBVH)(KernelGlobals *kg,
 								/* Intersect ray against primitive. */
 								hit = triangle_intersect(kg, &isect_precalc, isect_array, P, visibility, object, prim_addr);
 								if(hit) {
-									/* Move on to next entry in intersections array. */
-									isect_array++;
+									/* Update number of hits now, so we do proper check on max bounces. */
 									num_hits++;
 #if BVH_FEATURE(BVH_INSTANCING)
 									num_hits_in_instance++;
 #endif
-									isect_array->t = isect_t;
 									if(num_hits == max_hits) {
 #if BVH_FEATURE(BVH_INSTANCING)
 #  if BVH_FEATURE(BVH_MOTION)
@@ -289,6 +287,9 @@ ccl_device uint BVH_FUNCTION_FULL_NAME(QBVH)(KernelGlobals *kg,
 #endif  /* BVH_FEATURE(BVH_INSTANCING) */
 										return num_hits;
 									}
+									/* Move on to next entry in intersections array */
+									isect_array++;
+									isect_array->t = isect_t;
 								}
 							}
 							break;
@@ -306,13 +307,11 @@ ccl_device uint BVH_FUNCTION_FULL_NAME(QBVH)(KernelGlobals *kg,
 								/* Intersect ray against primitive. */
 								hit = motion_triangle_intersect(kg, isect_array, P, dir, ray->time, visibility, object, prim_addr);
 								if(hit) {
-									/* Move on to next entry in intersections array. */
-									isect_array++;
+									/* Update number of hits now, so we do proper check on max bounces. */
 									num_hits++;
 #  if BVH_FEATURE(BVH_INSTANCING)
 									num_hits_in_instance++;
 #  endif
-									isect_array->t = isect_t;
 									if(num_hits == max_hits) {
 #  if BVH_FEATURE(BVH_INSTANCING)
 #    if BVH_FEATURE(BVH_MOTION)
@@ -327,6 +326,9 @@ ccl_device uint BVH_FUNCTION_FULL_NAME(QBVH)(KernelGlobals *kg,
 #  endif  /* BVH_FEATURE(BVH_INSTANCING) */
 										return num_hits;
 									}
+									/* Move on to next entry in intersections array */
+									isect_array++;
+									isect_array->t = isect_t;
 								}
 							}
 							break;