Commit: ff814ec5f687aac769a12327f9f38f7291385530 Author: Jeroen Bakker Date: Mon Jan 16 11:12:14 2023 +0100 Branches: master https://developer.blender.org/rBff814ec5f687aac769a12327f9f38f7291385530
Metal: Fix read from uninitialized memory. Implementation didn't count the string terminator when allocating memory to store `msl_patch_default`. The string terminator could be overwritted by other memory adding some undefined behavior. =================================================================== M source/blender/gpu/metal/mtl_shader_generator.mm =================================================================== diff --git a/source/blender/gpu/metal/mtl_shader_generator.mm b/source/blender/gpu/metal/mtl_shader_generator.mm index fc37263d239..93429800888 100644 --- a/source/blender/gpu/metal/mtl_shader_generator.mm +++ b/source/blender/gpu/metal/mtl_shader_generator.mm @@ -521,7 +521,7 @@ char *MSLGeneratorInterface::msl_patch_default_get() std::stringstream ss_patch; ss_patch << datatoc_mtl_shader_defines_msl << std::endl; ss_patch << datatoc_mtl_shader_shared_h << std::endl; - size_t len = strlen(ss_patch.str().c_str()); + size_t len = strlen(ss_patch.str().c_str()) + 1; msl_patch_default = (char *)malloc(len * sizeof(char)); strcpy(msl_patch_default, ss_patch.str().c_str()); _______________________________________________ Bf-blender-cvs mailing list Bf-blender-cvs@blender.org List details, subscription details or unsubscribe: https://lists.blender.org/mailman/listinfo/bf-blender-cvs
