I thought that the main culprit was that we allow memory size be calculated without checks for integer overflows.
A way to fix is it to use a malloc function that accepts two args (how calloc() does it) and to make an integer mult function with boundary checks.
Sun, Jan 14
I thought that the main culprit was that we allow memory size be calculated without checks for integer overflows.
Fri, Jan 12
For the record - a day after this mail I talked to a Cisco engineer who offered to help us with it.
Brecht is speaking here on his own terms, as one of the core team members but it's not an official Blender Foundation statement that we don't take these vulnerabilities seriously. There are just no simple or easy answers.
Dec 21 2017
Never mind, the list is still a tiny bit active. It's a public list, anyone can subscribe.
Where did you find a link to that list? It's inactive and should be removed.
Nov 13 2017
All our standard benchmark files survive. Performance is good. We don't have time now to restore or test production files.
It would go much faster if you would share a case, or tell us how to produce a case that's slow? Use one of the benchmark files, duplicate stuff or so?
We've just received a beefy system with Threadripper! Testing started :)
Nov 11 2017
This is a bit confusing now. Are we talking about a way to bake camera focus, or are there issues with export of baked actions in general, or both? :)
Nov 8 2017
Just browsing the dev site and I saw your report. Interesting bug :)
Let's check if Joshua has an answer.
Nov 7 2017
The Cisco team keeps mailing me in private about this. I really don't mind a public discussion.
Oct 24 2017
AMD was meant to send us (Blender Institute) a threadripper in July already. I reminded them again what happens with it.
Oct 9 2017
In today's meeting this patch came up as example how slow we review... we need to organise time for this better. Everyone's just too busy all the time.
Just a heads up, We're working on a solution.
Sep 27 2017
Just for everyone's interest, this is part of the report in the mail.
I have all the information in a private mail. It's quite interesting and elaborately documented.
It also includes a .blend that would (i guess) create an exploit. Will send that to the hardcore devs here in private
Sep 17 2017
Luca: Your point was made, developers responded in a fair way. Now we close this.
Sep 6 2017
Yes this is the right place to post vulnerabilities. If you really think it's better to not publish it, email to to firstname.lastname@example.org. No pgp key exists though.
Aug 25 2017
Jul 28 2017
Apr 26 2017
We can't update easily, it has to do with FreeBSD etc etc. Not an issue for our dev site really.
Mar 31 2017
Mar 23 2017
Feb 21 2017
Great fun report. Try Shift+C in viewport :)
Also make sure you have the layers set correctly. But further, help you can get in many places... this is not meant to be a support system.
Feb 16 2017
We require reporters here to present a case for others, which they can redo or verify.
Feb 1 2017
It's very unfortunate that you have this problem in Blender, but it's still a support case and not a bug report. It would only be valid if you can provide a case someone can redo.
Jan 15 2017
Note: the FSA flag (incl exr temp buffer saves) in the main scene should be cleared in the renders of the environment map. If crash doesnt happen without envmap render, it's there.
Jan 14 2017
The bug tracker is there for users to help developers make Blender better.
We have clear and friendly guidelines to remind reporters of that. The last line in the guidelines state:
Jan 7 2017
This report is hard to follow. Please note that the bug tracker is not to report errors, but to help developers to fix errors. For that you have to make sure anyone can clearly redo the issue.
Dec 28 2016
Dec 14 2016
Dec 9 2016
Nov 20 2016
Be careful editing this in WYSIWYG mode. Ask Pablo Vazquez
Nov 3 2016
Oct 16 2016
To my knowledge we still have a list of module owners for BGE.
Check the wiki for who these are and contact them. We could also look into refreshing the team with new members, like Tristan.
Sep 22 2016
No error for me (2.77a release)
Aug 21 2016
Jul 21 2016
I will be on a Siggraph Pixar lunch where USD gets launched, will talk to them about how Blender works and what they'd advise to us. I think their design doc is really great, but it's oriented at big studios with mixed software pipelines. We can make sure Blender fits in well though.
USD layers are (entirely) different concepts than what we have working in Blender currently. If we would redesign Blender's animation system that way, then yes - there's a need for 2 different "Layer" systems.
Jul 20 2016
I am running design ideas back and forth with Sergey and otehrs for how to formally treat DNA data, scene data (depsgraph controlled), and render engine date for 2.8. Will come with a write up asap. It will make clear how layers fit in well.
It is sane design to separate the data side of things (assets, objects, scenes, groups, referencing and linkage) from the display organization of things (layers). The fact we were using bitflag layers in the past to organize things was always a weak design (physics, metaballs)
Jul 19 2016
There are a lot of ways people can use (and will use) layers. When I worked with Julian on the design we looked at it from many angles and tried to find a good middle ground that will satisfy most use cases, while keeping sufficient compatibility with the past, and especially supporting how the viewport in 2.8 will work and how I envision workflow (and workflow configuration in general) to work.
Jul 15 2016
Jun 8 2016
The old license has a copyleft component. So it's closer to CC-BY-SA than CC-BY. It's not 100% compatible though. CC-BY-SA is a bit stricter.
Jun 1 2016
Mike: this is an open source project and a lot of people here spend their free time on Blender development and debugging. The goal of reporting bugs is to help making Blender better for everyone.
May 17 2016
Blender supports a non-disruptive parallel non-blocking workflow. No modal popup (windows) are allowed, nothing to stop you from working. Of course you shouldn't lose your work on accidents! Solutions for this could be:
May 16 2016
Roman: Octane is a CUDA-only render engine, it probably uses much smaller kernels - its a complete different architecture.
May 9 2016
Apr 24 2016
The original copyrights are Blender Foundation. Sometimes it's useful to mention, but not in the general license text. That Blender is a trademark we can leave out of this text too.
Apr 19 2016
Everyone: stop posting here unless you think you have information for the developer to help fixing the GTX Ti issue.
Apr 11 2016
Blender does not require an installer, the runtime is not being installed if you use Blender.
An important core principle we follow is to not (require to) change your operating system or environment to use Blender.
That is an interesting topic. Until now we have followed this FAQ statement: (much older than the one you quote)
Apr 8 2016
Joel; Interesting tests. We only have the Ti here, not a TitanX. I would prefer to see similar tests using Windows7 or Linux though. In every Blender release we add features or update or optimise things. Sometimes a change causes slowdown in 1 GPU type in surprising ways. This is why we make test builds and "Release Candidates" before releases. People with high performance expensive cards can help us by doing a test once a while.
Apr 1 2016
In your case you just set 'frames' to 300, and the rest leave as default and it works fine. Or to be clear, for the image sequence you set:
Mar 30 2016
Admiral sent a GTX 980 Ti to Blender Institute. Arrived this morning. It's going to be installed and tested soon. Stay tuned, and thanks a lot Admiral!
Mar 28 2016
Admiral: the Blender Foundation is not doing anything else but facilitation of a public open source project on blender.org. Nobody really works for "the Foundation" (aside of development fund grants). "The Blender Foundation" has no offices either (nor pays for it). I personally volunteer for Foundation.
Mar 24 2016
We were offered a Titan, I still wait for it...
Mar 16 2016
Mar 5 2016
Galen: when we add new features in Blender we should carefully try to be compatible with other programs. Having OpenVDB files to be exchanged in a mixed pipeline is a logical feature to implement.
Feb 29 2016
When I suggested it meant it to walk around like a tiny snake. Same amount of pixels as the corner things. Drawing the full box would distract a bit too much from the image (also when finished it pops away distractingly).
Feb 28 2016
I thought the spreadsheet conclusion now was that drivers for Windows10 are slow? And there are no Linux reports yet!
Feb 27 2016
I would strongly oppose going the same route as with user docs. A git/commit based system makes it a very unfriendly system for people to help out. It "looks good", that's all we have now. The current manual project is still struggling to find active contributors, for reasons.
Feb 26 2016
Interesting little device that! It's barely useful for Blender, but it could work a bit.
Feb 25 2016
Looks like a very smart and accurate fix for precision! Thanks.
Still.... it's something for one of the game devs to make final decision to commit this.
In contrary to popular belief - computers are logical and predictable instruments. There must be pattern to be found why Mike has working Titan and the others not :)
Feb 24 2016
Thanks Mike, that's encouraging news. But now... how did you get it work and the others not?
Time for Admiral and Steve to start checking their installations...
Feb 17 2016
Here is a (google doc) diagram. I tried to visualize the simplest (2.7x compatible) I/O pipeline.
Feb 16 2016
Galen: thanks for sharing, very useful this kind of info. The more detail studios share the better.
Jan 3 2016
We choose to live with this limited implementation, even though it has the consequences as you witness.
The alternative is using double precision floats, which will nearly double the amount of memory needed for storing 3D data in Blender.
Dec 29 2015
Nov 13 2015
Aug 20 2015
"Mesh Fusion" features wouls be totally possible with our boolean library. It's having the same limits - needs manifold (water tight) models.
The boolean library can do great work because it assumes strict sane input, just use manifold volumes without self intersections.
I don't think you'll find better boolean tools out there easily... but you never know!
Jul 27 2015
If people or companies are concerned, it will be quite simple to make a .blend anonimizer.
We can mark it as a todo item, and wait for the first case of someone who needs it. A big studio I mean.
Jul 1 2015
Quick review, copied from irc.
Jun 30 2015
No it's 90% sure our fault. In 2.75 rc I still get problems with the cont grab here. Warping mouse pointers is fishy in OS X.
I don't have time to test this unfortunately...
Jun 26 2015
Everyone who works on Blender knows that there are myriads of unfinished features, half working features, old and unmaintained code and flaws in design that makes using Blender frustrating.
Jun 16 2015
For the 2.5 project we discussed dashed line usage as well. (I should lookup such notes, I am sure we wrote it down).
Conclusion was to limit it to a minimum, and have it only in use (as visual language) for temporary things or for hints.
Jun 15 2015
Wow, this is the error in clipping code I wrote in early 90ies. It is a numerical imprecision in comparing float values, and I never could solve it.
Jun 9 2015
Jun 3 2015
May 28 2015
It would be quite a simple task to investigate the limits of Blender on your super computer.
Just start small and increase sizes in sensible steps, Observe how things take longer and/or what takes suspicious amount of times more.
May 26 2015
Sergey: in contrary. It wraps the mouse in this case too (and it fails to).
This option is broken on Macs since the beginning. Mouse warping or hiding is against the Apple UI guidelines, which is why it works so bad I guess.
May 13 2015
Drag and drop functionality is just like menus or buttons or shortcuts. Each item and each option should be possible to enable or disable or configure. That's a bit of work, but it's useful to learn and keep in end user control.
Automatic registry of operators to run is a really bad idea. In any case, not only this one. You can easily picture how this runs out of control.
Just make a list of operators per handler you want to call. Software shouldn't start thinking for users, especially not when usability comes in the picture.
Apr 29 2015
We (and Antonis) have a 64 GB system here for testing.
Interesting bug (even though the resolution is insane!)
Apr 26 2015
Apr 13 2015
I asked Lukas to revert. Not acceptable to break files for such minor reasons
Apr 2 2015
Mar 4 2015
You propose to have a way to filter and categorize data types drawn in outliner. Sofar so good. I can see the use for that.
The problem (which your UI illustrates) is that the amount of choices and options here easiy goes out of control. There is no obvious selection possible either. That is why a regex could work. Like: "Ob type is mesh and has subsurf". (In reality these look quite more clumsy).
There are a couple of major problems with the proposal.
Mar 1 2015
The UI team is new still, it has to be empowered, but also still has prove itself. We should definitely treat UI design as something requiring expertise and years of experience just like any other contribution we want in Blender. We want high quality, simplicity, the best design possible. And we should acknowledge that merely using software doesn't make anyone such an expert - which makes the topic so difficult to communicate about.
Feb 28 2015
- I do not agree on a tip in the splash (the thing gets too much info). Make a tip popup up, like a system requester (windows) or a Mac notification maybe.
- I do not agree with the idea that "new users" will find it useful (it is annoying as many people too). Make it an optional, separated from the splash, and always add the option to immediately disable it.
Feb 4 2015
And to be clear, until 2012 (since the beginning of Blender) Actions were added with 'Fake' user flag.
It was changed for rational reasons that make sense, but not without having users in control again over the assets they lose.