Fix T70315: Blender exit with code `-6` with message `Attempt to free NULL pointer`.

This is not actually fixing the real issue here, PackedFile structs are never supposed to have a NULL pointer - and in that monster .blend file, the pointer is not NULL, but the actual data chunk has been lost somehow, so it gets NULL during read process. Very unlikely we ever know how such corrupted .blend was created though (there's probably a fair chance that this is not even due to a bug in Blender, but rather a glitch in filesystem or something). So for now, ensure at read time that we get a coherent state (i.e. remove any read PackedFile that would have a NULL data field), and add a few asserts in relevant code to check we never get NULL data pointer here.
Referenced by issue #70315, Blender exit with code `-6` with message `Attempt to free NULL pointer`.
2019-10-01 20:02:57 +02:00 · 2019-10-01 20:02:57 +02:00 · b1b4e00076 · 2023-02-14 07:53:51 +01:00
parent 8dd9172aa2
commit b1b4e00076
2 changed files with 15 additions and 2 deletions
--- a/source/blender/blenkernel/intern/packedFile.c
+++ b/source/blender/blenkernel/intern/packedFile.c
@ -141,7 +141,9 @@ int BKE_packedfile_count_all(Main *bmain)
 void BKE_packedfile_free(PackedFile *pf)
 {
  if (pf) {
-    MEM_freeN(pf->data);
+    BLI_assert(pf->data != NULL);
+
+    MEM_SAFE_FREE(pf->data);
    MEM_freeN(pf);
  }
  else {
@ -151,6 +153,9 @@ void BKE_packedfile_free(PackedFile *pf)

 PackedFile *BKE_packedfile_duplicate(const PackedFile *pf_src)
 {
+  BLI_assert(pf_src != NULL);
+  BLI_assert(pf_src->data != NULL);
+
  PackedFile *pf_dst;

  pf_dst = MEM_dupallocN(pf_src);
@ -161,6 +166,8 @@ PackedFile *BKE_packedfile_duplicate(const PackedFile *pf_src)

 PackedFile *BKE_packedfile_new_from_memory(void *mem, int memlen)
 {
+  BLI_assert(mem != NULL);
+
  PackedFile *pf = MEM_callocN(sizeof(*pf), "PackedFile");
  pf->data = mem;
  pf->size = memlen;
@ -178,7 +185,7 @@ PackedFile *BKE_packedfile_new(ReportList *reports, const char *filename, const
  /* render result has no filename and can be ignored
   * any other files with no name can be ignored too */
  if (filename[0] == '\0') {
-    return NULL;
+    return pf;
  }

  // XXX waitcursor(1);
--- a/source/blender/blenloader/intern/readfile.c
+++ b/source/blender/blenloader/intern/readfile.c
@ -2829,6 +2829,12 @@ static PackedFile *direct_link_packedfile(FileData *fd, PackedFile *oldpf)

  if (pf) {
    pf->data = newpackedadr(fd, pf->data);
+    if (pf->data == NULL) {
+      /* We cannot allow a PackedFile with a NULL data field,
+       * the whole code assumes this is not possible. See T70315. */
+      printf("%s: NULL packedfile data, cleaning up...\n", __func__);
+      MEM_SAFE_FREE(pf);
+    }
  }

  return pf;