Home Explore Help
Sign In
Godot
/
godot
mirror of https://github.com/godotengine/godot.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Fixed an access after free in ShaderLanguage::_reduce_expression.

Passing an element reference of a vector to a push_back call to
that same vector can cause an access after free. This is because push_back
will resize the vector, reallocating if necessary, leaving the reference
referring to the freed memory.
Removed an instance of this usage here.
Ibrahn Sahir 7 years ago
parent
9c2986abda
commit
bff864818f
1 changed files with 2 additions and 1 deletions
Split View Show Diff Stats
  1. 2 1
      servers/visual/shader_language.cpp

+ 2 - 1
servers/visual/shader_language.cpp
View File 

@@ -3437,8 +3437,9 @@ ShaderLanguage::Node *ShaderLanguage::_reduce_expression(BlockNode *p_block, Sha
 
 					}
 
 				}
 
 			} else {
 
+				ConstantNode::Value value = values[0];
 
 				for (int i = 1; i < cardinality; i++) {
 
-					values.push_back(values[0]);
 
+					values.push_back(value);
 
 				}
 
 			}
 
 		} else if (values.size() != cardinality) {