From ade103d7b8a76dcc178f02eb57eefc755d3ff47d Mon Sep 17 00:00:00 2001
From: Bastien Montagne <bastien@blender.org>
Date: Fri, 7 Apr 2023 15:46:19 +0200
Subject: [PATCH] Depsgrpah: Fix 'use after free' invalid access to stored keys
 names.

Stored `ComponentIDKey` and `OperationIDKey` would still use string
references (char pointers) to data in related IDs, instead of using the
already locally stored std::string name of their matching `ComponentNode`
or `OperationNode` for that.

During undo, to reduce updates and speedup undo steps, a lot of IDs get
'replaced in place', i.e. new data read from the undo memfile is moved
into the existing 'old' ID memory address. And the depsgraph is also
re-used from the old BMain.

Calling `DEG_id_tag_update` and similar on the ID could then cause
depsgraph code to access freed memory from the 'old' data.

Joint effort with @sergey and the rest of the depsgraph team, thanks!
---
 source/blender/depsgraph/intern/node/deg_node_component.cc | 2 +-
 source/blender/depsgraph/intern/node/deg_node_id.cc        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/source/blender/depsgraph/intern/node/deg_node_component.cc b/source/blender/depsgraph/intern/node/deg_node_component.cc
index 6ef3ea8aeab..cc2feeec42b 100644
--- a/source/blender/depsgraph/intern/node/deg_node_component.cc
+++ b/source/blender/depsgraph/intern/node/deg_node_component.cc
@@ -167,7 +167,7 @@ OperationNode *ComponentNode::add_operation(const DepsEvalOperationCb &op,
     op_node = (OperationNode *)factory->create_node(this->owner->id_orig, "", name);
 
     /* register opnode in this component's operation set */
-    OperationIDKey key(opcode, name, name_tag);
+    OperationIDKey key(opcode, op_node->name.c_str(), name_tag);
     operations_map->add(key, op_node);
 
     /* Set back-link. */
diff --git a/source/blender/depsgraph/intern/node/deg_node_id.cc b/source/blender/depsgraph/intern/node/deg_node_id.cc
index 5baff0c92d9..60a8891f930 100644
--- a/source/blender/depsgraph/intern/node/deg_node_id.cc
+++ b/source/blender/depsgraph/intern/node/deg_node_id.cc
@@ -155,7 +155,7 @@ ComponentNode *IDNode::add_component(NodeType type, const char *name)
     comp_node = (ComponentNode *)factory->create_node(this->id_orig, "", name);
 
     /* Register. */
-    ComponentIDKey key(type, name);
+    ComponentIDKey key(type, comp_node->name.c_str());
     components.add_new(key, comp_node);
     comp_node->owner = this;
   }