Domů Procházet Nápověda
Přihlásit se
software
/
assimp.assimp
zrcadlo https://github.com/assimp/assimp.git
2
0
Rozštěpit 0
Soubory Úkoly 0 Wiki
Procházet zdrojové kódy

Fixed a `heap-use-after-free` in `SortByPTypeProcess`. (#6326)

The process incorrectly deleted original meshes from the scene when cleaning up after an error if those meshes had been added to its output list (outMeshes). The fix ensures proper ownership transfer by nullifying the original mesh pointer in the scene (pScene->mMeshes[i] = nullptr;) when the mesh is moved to outMeshes. This prevents the scene destructor from attempting to delete the mesh again later, while allowing the error cleanup path in SortByPTypeProcess to correctly delete all meshes it owns (both newly created and transferred originals).

Co-authored-by: Kim Kulling <[email protected]>
Dongge Liu před 3 týdny
rodič
26e2372882
revize
4c42db1805
1 změnil soubory, kde provedl 1 přidání a 0 odebrání
Jednotné zobrazení Ukázat statistiku rozdílových dat
  1. 1 0
      code/PostProcessing/SortByPTypeProcess.cpp

+ 1 - 0
code/PostProcessing/SortByPTypeProcess.cpp
Zobrazit soubor 

@@ -165,6 +165,7 @@ void SortByPTypeProcess::Execute(aiScene *pScene) {
 
             if (!(mConfigRemoveMeshes & mesh->mPrimitiveTypes)) {
 
             if (!(mConfigRemoveMeshes & mesh->mPrimitiveTypes)) {
 
                 *meshIdx = static_cast<unsigned int>(outMeshes.size());
 
                 *meshIdx = static_cast<unsigned int>(outMeshes.size());
 
                 outMeshes.emplace_back(mesh);
 
                 outMeshes.emplace_back(mesh);
 
+                pScene->mMeshes[i] = nullptr; // Indicate ownership transfer
 
             } else {
 
             } else {
 
                 delete mesh;
 
                 delete mesh;
 
                 pScene->mMeshes[i] = nullptr;
 
                 pScene->mMeshes[i] = nullptr;