Commit: 102631486b480d98c2d9b921a95472688bba8416 Author: Andrew Williams Date: Tue Jan 22 12:51:14 2019 +0100 Branches: master https://developer.blender.org/rB102631486b480d98c2d9b921a95472688bba8416
Fix potential invalid memory access in surface force field BVH tree. Free the BVH tree immediately along with the mesh, otherwise we might access invalid mesh data. Differential Revision: https://developer.blender.org/D4201 =================================================================== M source/blender/blenkernel/intern/bvhutils.c M source/blender/blenlib/intern/BLI_kdopbvh.c M source/blender/modifiers/intern/MOD_surface.c =================================================================== diff --git a/source/blender/blenkernel/intern/bvhutils.c b/source/blender/blenkernel/intern/bvhutils.c index c264eb8a1d2..644672c52fc 100644 --- a/source/blender/blenkernel/intern/bvhutils.c +++ b/source/blender/blenkernel/intern/bvhutils.c @@ -1112,6 +1112,8 @@ BVHTree *BKE_bvhtree_from_mesh_get( data_cp.vert = mesh->mvert; if (data_cp.cached == false) { + /* TODO: a global mutex lock held during the expensive operation of + * building the BVH tree is really bad for performance. */ BLI_rw_mutex_lock(&cache_rwlock, THREAD_LOCK_WRITE); data_cp.cached = bvhcache_find( mesh->runtime.bvh_cache, type, &data_cp.tree); diff --git a/source/blender/blenlib/intern/BLI_kdopbvh.c b/source/blender/blenlib/intern/BLI_kdopbvh.c index d497c7a83ab..2819c1c5943 100644 --- a/source/blender/blenlib/intern/BLI_kdopbvh.c +++ b/source/blender/blenlib/intern/BLI_kdopbvh.c @@ -908,23 +908,17 @@ BVHTree *BLI_bvhtree_new(int maxsize, float epsilon, char tree_type, char axis) fail: - MEM_SAFE_FREE(tree->nodes); - MEM_SAFE_FREE(tree->nodebv); - MEM_SAFE_FREE(tree->nodechild); - MEM_SAFE_FREE(tree->nodearray); - - MEM_freeN(tree); - + BLI_bvhtree_free(tree); return NULL; } void BLI_bvhtree_free(BVHTree *tree) { if (tree) { - MEM_freeN(tree->nodes); - MEM_freeN(tree->nodearray); - MEM_freeN(tree->nodebv); - MEM_freeN(tree->nodechild); + MEM_SAFE_FREE(tree->nodes); + MEM_SAFE_FREE(tree->nodearray); + MEM_SAFE_FREE(tree->nodebv); + MEM_SAFE_FREE(tree->nodechild); MEM_freeN(tree); } } diff --git a/source/blender/modifiers/intern/MOD_surface.c b/source/blender/modifiers/intern/MOD_surface.c index c5fa510f2e0..a7198b5721e 100644 --- a/source/blender/modifiers/intern/MOD_surface.c +++ b/source/blender/modifiers/intern/MOD_surface.c @@ -96,8 +96,15 @@ static void deformVerts( SurfaceModifierData *surmd = (SurfaceModifierData *) md; const int cfra = (int)DEG_get_ctime(ctx->depsgraph); + /* Free mesh and BVH cache. */ + if (surmd->bvhtree) { + free_bvhtree_from_mesh(surmd->bvhtree); + MEM_SAFE_FREE(surmd->bvhtree); + } + if (surmd->mesh) { BKE_id_free(NULL, surmd->mesh); + surmd->mesh = NULL; } if (mesh) { @@ -168,10 +175,7 @@ static void deformVerts( surmd->cfra = cfra; - if (surmd->bvhtree) - free_bvhtree_from_mesh(surmd->bvhtree); - else - surmd->bvhtree = MEM_callocN(sizeof(BVHTreeFromMesh), "BVHTreeFromMesh"); + surmd->bvhtree = MEM_callocN(sizeof(BVHTreeFromMesh), "BVHTreeFromMesh"); if (surmd->mesh->totpoly) BKE_bvhtree_from_mesh_get(surmd->bvhtree, surmd->mesh, BVHTREE_FROM_LOOPTRI, 2); _______________________________________________ Bf-blender-cvs mailing list [email protected] https://lists.blender.org/mailman/listinfo/bf-blender-cvs
