首页 发现 帮助
登录
Godot
/
godot
镜像自地址 https://github.com/godotengine/godot.git
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

Fixed an access after free in ShaderLanguage::_reduce_expression.

Passing an element reference of a vector to a push_back call to
that same vector can cause an access after free. This is because push_back
will resize the vector, reallocating if necessary, leaving the reference
referring to the freed memory.
Removed an instance of this usage here.
Ibrahn Sahir 7 年之前
父节点
9c2986abda
当前提交
bff864818f
共有 1 个文件被更改,包括 2 次插入1 次删除
分列视图 显示文件统计
  1. 2 1
      servers/visual/shader_language.cpp

+ 2 - 1
servers/visual/shader_language.cpp
查看文件 

@@ -3437,8 +3437,9 @@ ShaderLanguage::Node *ShaderLanguage::_reduce_expression(BlockNode *p_block, Sha
 
 					}
 
 				}
 
 			} else {
 
+				ConstantNode::Value value = values[0];
 
 				for (int i = 1; i < cardinality; i++) {
 
-					values.push_back(values[0]);
 
+					values.push_back(value);
 
 				}
 
 			}
 
 		} else if (values.size() != cardinality) {