From 7afd84df409ac40bc92faaa74181fa13015fe781 Mon Sep 17 00:00:00 2001 From: Julian Eisel Date: Tue, 14 Dec 2021 20:10:05 +0100 Subject: [PATCH] Fix possible use-after-free on error handling during VR view drawing Whenever an exception happens in VR session code, we cancel the entire session. Alongside that, we removed the "surface" item used to draw into an offscreen context. But this may still be stored as active surface, leading to a use-after-free when deactivating this active surface, for example. --- source/blender/windowmanager/intern/wm_surface.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/source/blender/windowmanager/intern/wm_surface.c b/source/blender/windowmanager/intern/wm_surface.c index 72b68788e79..39bff205cbd 100644 --- a/source/blender/windowmanager/intern/wm_surface.c +++ b/source/blender/windowmanager/intern/wm_surface.c @@ -119,6 +119,9 @@ void wm_surface_add(wmSurface *surface) void wm_surface_remove(wmSurface *surface) { + if (surface == g_drawable) { + wm_surface_clear_drawable(); + } BLI_remlink(&global_surface_list, surface); surface->free_data(surface); MEM_freeN(surface);