From 87937059b1114584f7abf2bf1df7c6d4dd450e4d Mon Sep 17 00:00:00 2001 From: Campbell Barton Date: Sun, 12 Oct 2025 08:43:04 +0000 Subject: [PATCH] Fix #147639: Crash When Clicking On Extrude Region in Edit Mode Account for change in !141303 which increased the size by 1 returned by RNA_property_string_length, which now includes the nil byte. --- .../gizmo_types/button2d_gizmo.cc | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/source/blender/editors/gizmo_library/gizmo_types/button2d_gizmo.cc b/source/blender/editors/gizmo_library/gizmo_types/button2d_gizmo.cc index 890e9cd8beb..84268f3e2ab 100644 --- a/source/blender/editors/gizmo_library/gizmo_types/button2d_gizmo.cc +++ b/source/blender/editors/gizmo_library/gizmo_types/button2d_gizmo.cc @@ -152,14 +152,16 @@ static void button2d_draw_intern(const bContext *C, } else if (RNA_property_is_set(gz->ptr, shape_prop)) { const uint polys_len = RNA_property_string_length(gz->ptr, shape_prop); - /* We shouldn't need the +1, but a null char is set. */ - char *polys = MEM_malloc_arrayN(polys_len + 1, __func__); - RNA_property_string_get(gz->ptr, shape_prop, polys); - button->shape_batch[0] = GPU_batch_tris_from_poly_2d_encoded( - (uchar *)polys, polys_len, nullptr); - button->shape_batch[1] = GPU_batch_wire_from_poly_2d_encoded( - (uchar *)polys, polys_len, nullptr); - MEM_freeN(polys); + if (LIKELY(polys_len > 0)) { + char *polys = MEM_malloc_arrayN(polys_len, __func__); + RNA_property_string_get(gz->ptr, shape_prop, polys); + /* Subtract 1 because this holds a null byte. */ + button->shape_batch[0] = GPU_batch_tris_from_poly_2d_encoded( + (const uchar *)polys, polys_len - 1, nullptr); + button->shape_batch[1] = GPU_batch_wire_from_poly_2d_encoded( + (const uchar *)polys, polys_len - 1, nullptr); + MEM_freeN(polys); + } } }