From 2cd7e70c18a81e95b279af661a35652e2fbf2b7b Mon Sep 17 00:00:00 2001 From: Iliya Katueshenock Date: Fri, 17 Feb 2023 21:23:35 +0100 Subject: [PATCH 1/2] Fix #104604: Potential crash when relinking node links In the first loop is safe to remove the current element. The second loop can remove any element, potentially the next. This triggers a read after freed. Pull Request #104897 --- source/blender/blenkernel/intern/node.cc | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/source/blender/blenkernel/intern/node.cc b/source/blender/blenkernel/intern/node.cc index 7c3055c41e5..1783a8b1fb1 100644 --- a/source/blender/blenkernel/intern/node.cc +++ b/source/blender/blenkernel/intern/node.cc @@ -2479,6 +2479,8 @@ void nodeInternalRelink(bNodeTree *ntree, bNode *node) link.tosock->link = &link; } + Vector duplicate_links_to_remove; + /* redirect downstream links */ LISTBASE_FOREACH_MUTABLE (bNodeLink *, link, &ntree->links) { /* do we have internal link? */ @@ -2495,7 +2497,7 @@ void nodeInternalRelink(bNodeTree *ntree, bNode *node) link_to_compare->tosock == link->tosock) { adjust_multi_input_indices_after_removed_link( ntree, link_to_compare->tosock, link_to_compare->multi_input_socket_index); - nodeRemLink(ntree, link_to_compare); + duplicate_links_to_remove.append_non_duplicates(link_to_compare); } } } @@ -2533,6 +2535,10 @@ void nodeInternalRelink(bNodeTree *ntree, bNode *node) } } + for (bNodeLink *link : duplicate_links_to_remove) { + nodeRemLink(ntree, link); + } + /* remove remaining upstream links */ LISTBASE_FOREACH_MUTABLE (bNodeLink *, link, &ntree->links) { if (link->tonode == node) { From 5cd2be7d543b487f037e2ffdfb9321e9ec8bc6e2 Mon Sep 17 00:00:00 2001 From: Richard Antalik Date: Sat, 18 Feb 2023 05:05:57 +0100 Subject: [PATCH 2/2] Fix #104806: Graphical glitches in VSE timeline region Region background was drawn, but color was set to fully transparent. --- source/blender/editors/space_sequencer/sequencer_draw.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/source/blender/editors/space_sequencer/sequencer_draw.c b/source/blender/editors/space_sequencer/sequencer_draw.c index a4c1a9b1139..0216224738b 100644 --- a/source/blender/editors/space_sequencer/sequencer_draw.c +++ b/source/blender/editors/space_sequencer/sequencer_draw.c @@ -2680,7 +2680,6 @@ void draw_timeline_seq(const bContext *C, ARegion *region) Editing *ed = SEQ_editing_get(scene); SpaceSeq *sseq = CTX_wm_space_seq(C); View2D *v2d = ®ion->v2d; - float col[3]; seq_prefetch_wm_notify(C, scene); @@ -2689,8 +2688,7 @@ void draw_timeline_seq(const bContext *C, ARegion *region) GPU_framebuffer_bind_no_srgb(framebuffer_overlay); GPU_depth_test(GPU_DEPTH_NONE); - UI_GetThemeColor3fv(TH_BACK, col); - GPU_clear_color(col[0], col[1], col[2], 0.0f); + UI_ThemeClearColor(TH_BACK); UI_view2d_view_ortho(v2d); draw_seq_timeline_channels(v2d);