From 8ebb7590462c4b1093c948bffccfda59f2e4995e Mon Sep 17 00:00:00 2001 From: Hans Goudey Date: Thu, 26 Jun 2025 15:07:34 +0200 Subject: [PATCH 1/2] Fix: Realize Instances use-after-free with collections The calls to `to_geometry_set` in this file can create a temporary Instances struct for collections. That instances component will contain two attributes, which are currently referenced in the attributes map even after the temporary compoment storage goes out of scope. A simple fix is to avoid adding these attributes to the map in the first place. An alternative that would also be more efficient would be to handle each instance reference type explicitly, without converting it to a temporary geometry set. That seems to significantly complicate the code though; for now it doesn't seem worth it. Pull Request: https://projects.blender.org/blender/blender/pulls/140999 --- source/blender/geometry/intern/realize_instances.cc | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/source/blender/geometry/intern/realize_instances.cc b/source/blender/geometry/intern/realize_instances.cc index c6636ed55ea..368a6c3f3c4 100644 --- a/source/blender/geometry/intern/realize_instances.cc +++ b/source/blender/geometry/intern/realize_instances.cc @@ -987,6 +987,14 @@ static Map gather_attributes_to_propagate( return; } } + if (component->type() == bke::GeometryComponent::Type::Instance) { + if (ELEM(iter.name, "instance_transform", ".reference_index")) { + /* These attributes reference potentially temporary instance components in the set above. + * If we added these names, the string references in the result map would outlive the + * attributes they reference. */ + return; + } + } if (iter.data_type == CD_PROP_STRING) { /* Propagating string attributes is not supported yet. */ return; @@ -1037,8 +1045,6 @@ static OrderedAttributes gather_generic_instance_attributes_to_propagate( Map attributes_to_propagate = gather_attributes_to_propagate( in_geometry_set, bke::GeometryComponent::Type::Instance, options, varied_depth_option); attributes_to_propagate.pop_try("id"); - attributes_to_propagate.pop_try("instance_transform"); - attributes_to_propagate.pop_try(".reference_index"); OrderedAttributes ordered_attributes; for (const auto item : attributes_to_propagate.items()) { ordered_attributes.ids.add_new(item.key); From 6fee44760a8a7f31e0f485b5075883bdc74d8e20 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20Foucault?= Date: Thu, 26 Jun 2025 15:39:01 +0200 Subject: [PATCH 2/2] Fix: Overlay: Missing refresh when toggling retopology overlay This appear as meshes still present or missing when toggling the option. This was caused by the change in update detection from the overlay properties. --- source/blender/makesrna/intern/rna_space.cc | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/source/blender/makesrna/intern/rna_space.cc b/source/blender/makesrna/intern/rna_space.cc index 0c06fd30834..646f20438a8 100644 --- a/source/blender/makesrna/intern/rna_space.cc +++ b/source/blender/makesrna/intern/rna_space.cc @@ -1096,6 +1096,14 @@ static void rna_SpaceView3D_shading_use_compositor_update(Main * /*bmain*/, WM_main_add_notifier(NC_SPACE | ND_SPACE_NODE, nullptr); } +static void rna_SpaceView3D_retopology_update(Main * /*bmain*/, Scene *scene, PointerRNA * /*ptr*/) +{ + /* Retopology can change the visibility of active object. + * There is no actual data change but we just notify the viewport engine to refresh and pickup + * the new visibility. */ + DEG_id_tag_update(&scene->id, ID_RECALC_BASE_FLAGS); +} + static void rna_SpaceView3D_region_quadviews_begin(CollectionPropertyIterator *iter, PointerRNA *ptr) { @@ -4940,7 +4948,8 @@ static void rna_def_space_view3d_overlay(BlenderRNA *brna) "Retopology", "Hide the solid mesh and offset the overlay towards the view. " "Selection is occluded by inactive geometry, unless X-Ray is enabled"); - RNA_def_property_update(prop, NC_SPACE | ND_SPACE_VIEW3D | NS_VIEW3D_SHADING, nullptr); + RNA_def_property_update( + prop, NC_SPACE | ND_SPACE_VIEW3D | NS_VIEW3D_SHADING, "rna_SpaceView3D_retopology_update"); prop = RNA_def_property(srna, "retopology_offset", PROP_FLOAT, PROP_DISTANCE); RNA_def_property_float_sdna(prop, nullptr, "overlay.retopology_offset");