Fix T78636: Crash displaying many aligned buttons

Displaying user preferences search crashed on macOS when the search contained a common character such as 'E'. This caused alignment to 'alloca' too much memory. Replace with a heap allocation fallback.
Referenced by issue #78636, [Bug] Keymap filter crashed Blender Referenced by issue #77348, Blender LTS: Maintenance Task 2.83
2020-07-16 16:32:55 +10:00 · 2020-07-16 16:32:55 +10:00 · de3e797d47 · 2023-02-14 11:24:03 +01:00
parent 5c806a2f04
commit de3e797d47
1 changed files with 15 additions and 1 deletions
--- a/source/blender/editors/interface/interface_align.c
+++ b/source/blender/editors/interface/interface_align.c
@ -31,6 +31,8 @@

 #include "interface_intern.h"

+#include "MEM_guardedalloc.h"
+
 #ifdef USE_UIBUT_SPATIAL_ALIGN

 /**
@ -436,7 +438,16 @@ void ui_block_align_calc(uiBlock *block, const ARegion *region)
    return;
  }

-  butal_array = alloca(sizeof(*butal_array) * (size_t)num_buttons);
+  /* Note that this is typically less than ~20, and almost always under ~100.
+   * Even so, we can't ensure this value won't exceed available stack memory.
+   * Fallback to allocation instead of using #alloca, see: T78636. */
+  ButAlign butal_array_buf[256];
+  if (num_buttons <= ARRAY_SIZE(butal_array_buf)) {
+    butal_array = butal_array_buf;
+  }
+  else {
+    butal_array = MEM_mallocN(sizeof(*butal_array) * num_buttons, __func__);
+  }
  memset(butal_array, 0, sizeof(*butal_array) * (size_t)num_buttons);

  /* Second loop: we initialize our ButAlign data for each button. */
@ -535,6 +546,9 @@ void ui_block_align_calc(uiBlock *block, const ARegion *region)
      }
    }
  }
+  if (butal_array_buf != butal_array) {
+    MEM_freeN(butal_array);
+  }
 }

 #  undef SIDE_TO_UI_BUT_ALIGN