From 8b6a0f677f816f9021b9bd58f924bb03726714ad Mon Sep 17 00:00:00 2001 From: Jonas Holzman Date: Thu, 16 Oct 2025 20:24:38 +0200 Subject: [PATCH] Fix: Stack-buffer-overflow when running the "Save System Info" operator The Cycles cpu/device.cpp `device_cpu_capabilities()` function used to fill out a string of supported CPU capabilities separated with spaces, with some trailing-space cleaning logic at the end of the function. However, if no check succeeded, and especially after commit 2bf6d0fd71 which left only one check and removed the need for removing trailing spaces, the check would run against an empty string, resulting in an unsigned 0 - 1 operation which would then cause an out of bound access catched by ASan. Fixed by removing the now superflous trailing space cleaning logic and simplifying to a direct return. Pull Request: https://projects.blender.org/blender/blender/pulls/148227 --- intern/cycles/device/cpu/device.cpp | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/intern/cycles/device/cpu/device.cpp b/intern/cycles/device/cpu/device.cpp index c89a4d047c7..3299dcf32cd 100644 --- a/intern/cycles/device/cpu/device.cpp +++ b/intern/cycles/device/cpu/device.cpp @@ -48,12 +48,7 @@ void device_cpu_info(vector &devices) string device_cpu_capabilities() { - string capabilities; - capabilities += system_cpu_support_avx2() ? "AVX2" : ""; - if (capabilities[capabilities.size() - 1] == ' ') { - capabilities.resize(capabilities.size() - 1); - } - return capabilities; + return system_cpu_support_avx2() ? "AVX2" : ""; } CCL_NAMESPACE_END