Page MenuHome

Fix T71260: GPencil: Blender crashes after Malloc returns null while drawing a line

Authored by Germano Cavalcante (mano-wii) on Nov 2 2019, 12:24 AM.



Two reasons caused the crash.

  1. The buffer pointer is referenced first, then the buffer is reallocated and the original pointer is reused.
  2. gpd->runtime.sbuffer_size is a short and can be clamped to negative values.

I solved these two reasons and added a NULL check for more safeness.
Ref T71260

Diff Detail

rB Blender
Build Status
Buildable 5529
Build 5529: arc lint + arc unit

Event Timeline

@Germano Cavalcante (mano-wii) I think we did the same fix at the same time... make any change to my commit if you think is required.... we don't need unsigned int, the limit is so high that is impossible get that value (other areas of Blender would crash before of that).

I's ok, good to know that has been fixed ;)