diff options
| author | RĂ©mi Verschelde <rverschelde@gmail.com> | 2020-04-02 13:07:55 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-04-02 13:07:55 +0200 |
| commit | 5f11e1557156617366d2c316a97716172103980d (patch) | |
| tree | 288d8275067df46a8fc58e99184c74955de39bd8 | |
| parent | 7341a8fe1df65dc4d36aa49938575b6099764c0a (diff) | |
| parent | 359bebd8c08a626e64ade1ac45c3c925352bd8a4 (diff) | |
Merge pull request #37504 from qarmin/out_of_bound_cursor
Fix array out of bounds access caused by uninitialised variables
| -rw-r--r-- | core/class_db.cpp | 1 | ||||
| -rw-r--r-- | core/math/expression.cpp | 2 | ||||
| -rw-r--r-- | modules/bullet/btRayShape.cpp | 1 | ||||
| -rw-r--r-- | modules/bullet/generic_6dof_joint_bullet.cpp | 6 | ||||
| -rw-r--r-- | modules/gdnative/videodecoder/video_stream_gdnative.h | 2 | ||||
| -rw-r--r-- | modules/webrtc/webrtc_multiplayer.cpp | 1 | ||||
| -rw-r--r-- | platform/linuxbsd/display_server_x11.cpp | 17 | ||||
| -rw-r--r-- | scene/3d/gi_probe.cpp | 1 | ||||
| -rw-r--r-- | scene/animation/animation_node_state_machine.cpp | 5 | ||||
| -rw-r--r-- | scene/gui/popup_menu.cpp | 1 | ||||
| -rw-r--r-- | scene/gui/rich_text_label.h | 2 | ||||
| -rw-r--r-- | scene/resources/animation.h | 5 | ||||
| -rw-r--r-- | scene/resources/dynamic_font.cpp | 1 | ||||
| -rw-r--r-- | servers/audio/effects/audio_effect_pitch_shift.cpp | 3 | ||||
| -rw-r--r-- | servers/rendering/rasterizer_rd/rasterizer_scene_rd.h | 6 | ||||
| -rw-r--r-- | servers/rendering/rasterizer_rd/rasterizer_storage_rd.h | 14 |
16 files changed, 48 insertions, 20 deletions
diff --git a/core/class_db.cpp b/core/class_db.cpp index 50c924bdd2..899b4e9cef 100644 --- a/core/class_db.cpp +++ b/core/class_db.cpp @@ -261,6 +261,7 @@ HashMap<StringName, StringName> ClassDB::compat_classes; ClassDB::ClassInfo::ClassInfo() { api = API_NONE; + class_ptr = nullptr; creation_func = NULL; inherits_ptr = NULL; disabled = false; diff --git a/core/math/expression.cpp b/core/math/expression.cpp index 04fda9d09a..4ae9e09a46 100644 --- a/core/math/expression.cpp +++ b/core/math/expression.cpp @@ -2215,6 +2215,8 @@ Expression::Expression() : root(NULL), nodes(NULL), execution_error(false) { + str_ofs = 0; + expression_dirty = false; } Expression::~Expression() { diff --git a/modules/bullet/btRayShape.cpp b/modules/bullet/btRayShape.cpp index 4071723a3e..0f54f848dc 100644 --- a/modules/bullet/btRayShape.cpp +++ b/modules/bullet/btRayShape.cpp @@ -43,6 +43,7 @@ btRayShape::btRayShape(btScalar length) : m_shapeAxis(0, 0, 1) { m_shapeType = CUSTOM_CONVEX_SHAPE_TYPE; setLength(length); + slipsOnSlope = false; } btRayShape::~btRayShape() { diff --git a/modules/bullet/generic_6dof_joint_bullet.cpp b/modules/bullet/generic_6dof_joint_bullet.cpp index a6a01ebaa8..638944df76 100644 --- a/modules/bullet/generic_6dof_joint_bullet.cpp +++ b/modules/bullet/generic_6dof_joint_bullet.cpp @@ -43,6 +43,12 @@ Generic6DOFJointBullet::Generic6DOFJointBullet(RigidBodyBullet *rbA, RigidBodyBullet *rbB, const Transform &frameInA, const Transform &frameInB) : JointBullet() { + for (int i = 0; i < 3; i++) { + for (int j = 0; j < PhysicsServer3D::G6DOF_JOINT_FLAG_MAX; j++) { + flags[i][j] = false; + } + } + Transform scaled_AFrame(frameInA.scaled(rbA->get_body_scale())); scaled_AFrame.basis.rotref_posscale_decomposition(scaled_AFrame.basis); diff --git a/modules/gdnative/videodecoder/video_stream_gdnative.h b/modules/gdnative/videodecoder/video_stream_gdnative.h index 21b5245a16..8eef6f9098 100644 --- a/modules/gdnative/videodecoder/video_stream_gdnative.h +++ b/modules/gdnative/videodecoder/video_stream_gdnative.h @@ -194,7 +194,7 @@ public: virtual void set_audio_track(int p_track); virtual Ref<VideoStreamPlayback> instance_playback(); - VideoStreamGDNative() {} + VideoStreamGDNative() { audio_track = 0; } }; class ResourceFormatLoaderVideoStreamGDNative : public ResourceFormatLoader { diff --git a/modules/webrtc/webrtc_multiplayer.cpp b/modules/webrtc/webrtc_multiplayer.cpp index c24ae3468f..216eaf1ca3 100644 --- a/modules/webrtc/webrtc_multiplayer.cpp +++ b/modules/webrtc/webrtc_multiplayer.cpp @@ -371,6 +371,7 @@ WebRTCMultiplayer::WebRTCMultiplayer() { unique_id = 0; next_packet_peer = 0; target_peer = 0; + client_count = 0; transfer_mode = TRANSFER_MODE_RELIABLE; refuse_connections = false; connection_status = CONNECTION_DISCONNECTED; diff --git a/platform/linuxbsd/display_server_x11.cpp b/platform/linuxbsd/display_server_x11.cpp index c2b5657081..786bc37bad 100644 --- a/platform/linuxbsd/display_server_x11.cpp +++ b/platform/linuxbsd/display_server_x11.cpp @@ -3374,6 +3374,15 @@ DisplayServerX11::DisplayServerX11(const String &p_rendering_driver, WindowMode r_error = OK; + current_cursor = CURSOR_ARROW; + mouse_mode = MOUSE_MODE_VISIBLE; + + for (int i = 0; i < CURSOR_MAX; i++) { + + cursors[i] = None; + img[i] = NULL; + } + last_button_state = 0; xmbstring = NULL; @@ -3652,14 +3661,6 @@ DisplayServerX11::DisplayServerX11(const String &p_rendering_driver, WindowMode for (int i = 0; i < CURSOR_MAX; i++) { - cursors[i] = None; - img[i] = NULL; - } - - current_cursor = CURSOR_ARROW; - - for (int i = 0; i < CURSOR_MAX; i++) { - static const char *cursor_file[] = { "left_ptr", "xterm", diff --git a/scene/3d/gi_probe.cpp b/scene/3d/gi_probe.cpp index a46cd90612..607b176cdd 100644 --- a/scene/3d/gi_probe.cpp +++ b/scene/3d/gi_probe.cpp @@ -293,6 +293,7 @@ GIProbeData::GIProbeData() { propagation = 0.7; anisotropy_strength = 0.5; interior = false; + use_two_bounces = false; probe = RS::get_singleton()->gi_probe_create(); } diff --git a/scene/animation/animation_node_state_machine.cpp b/scene/animation/animation_node_state_machine.cpp index ce1e75a61d..05c5e86491 100644 --- a/scene/animation/animation_node_state_machine.cpp +++ b/scene/animation/animation_node_state_machine.cpp @@ -516,6 +516,11 @@ AnimationNodeStateMachinePlayback::AnimationNodeStateMachinePlayback() { len_current = 0; fading_time = 0; stop_request = false; + len_total = 0.0; + pos_current = 0.0; + loops_current = 0; + fading_pos = 0.0; + start_request_travel = false; } /////////////////////////////////////////////////////// diff --git a/scene/gui/popup_menu.cpp b/scene/gui/popup_menu.cpp index 7ed2bbe53b..1e933c9aa1 100644 --- a/scene/gui/popup_menu.cpp +++ b/scene/gui/popup_menu.cpp @@ -1514,6 +1514,7 @@ PopupMenu::PopupMenu() { submenu_over = -1; initial_button_mask = 0; during_grabbed_click = false; + invalidated_click = false; allow_search = false; search_time_msec = 0; diff --git a/scene/gui/rich_text_label.h b/scene/gui/rich_text_label.h index dd439208af..495e839958 100644 --- a/scene/gui/rich_text_label.h +++ b/scene/gui/rich_text_label.h @@ -122,6 +122,8 @@ private: parent = NULL; E = NULL; line = 0; + index = 0; + type = ITEM_FRAME; } virtual ~Item() { _clear_children(); } }; diff --git a/scene/resources/animation.h b/scene/resources/animation.h index 36d5df52df..e4e5177a8c 100644 --- a/scene/resources/animation.h +++ b/scene/resources/animation.h @@ -84,7 +84,10 @@ private: float transition; float time; // time in secs - Key() { transition = 1; } + Key() { + transition = 1; + time = 0; + } }; // transform key holds either Vector3 or Quaternion diff --git a/scene/resources/dynamic_font.cpp b/scene/resources/dynamic_font.cpp index 107f07ec7d..108b1d0d5a 100644 --- a/scene/resources/dynamic_font.cpp +++ b/scene/resources/dynamic_font.cpp @@ -997,6 +997,7 @@ SelfList<DynamicFont>::List *DynamicFont::dynamic_fonts = NULL; DynamicFont::DynamicFont() : font_list(this) { + valid = false; cache_id.size = 16; outline_cache_id.size = 16; spacing_top = 0; diff --git a/servers/audio/effects/audio_effect_pitch_shift.cpp b/servers/audio/effects/audio_effect_pitch_shift.cpp index 56529e208e..a74ac3c007 100644 --- a/servers/audio/effects/audio_effect_pitch_shift.cpp +++ b/servers/audio/effects/audio_effect_pitch_shift.cpp @@ -363,4 +363,7 @@ AudioEffectPitchShift::AudioEffectPitchShift() { pitch_scale = 1.0; oversampling = 4; fft_size = FFT_SIZE_2048; + wet = 0.0; + dry = 0.0; + filter = false; } diff --git a/servers/rendering/rasterizer_rd/rasterizer_scene_rd.h b/servers/rendering/rasterizer_rd/rasterizer_scene_rd.h index e26607aba5..dbdaf2f447 100644 --- a/servers/rendering/rasterizer_rd/rasterizer_scene_rd.h +++ b/servers/rendering/rasterizer_rd/rasterizer_scene_rd.h @@ -571,7 +571,7 @@ private: Rect2 atlas_rect; }; - RS::LightType light_type; + RS::LightType light_type = RS::LIGHT_DIRECTIONAL; ShadowTransform shadow_transform[4]; @@ -581,7 +581,7 @@ private: Vector3 light_vector; Vector3 spot_vector; - float linear_att; + float linear_att = 0.0; uint64_t shadow_pass = 0; uint64_t last_scene_pass = 0; @@ -590,7 +590,7 @@ private: uint32_t light_index = 0; uint32_t light_directional_index = 0; - uint32_t current_shadow_atlas_key; + uint32_t current_shadow_atlas_key = 0; Vector2 dp; diff --git a/servers/rendering/rasterizer_rd/rasterizer_storage_rd.h b/servers/rendering/rasterizer_rd/rasterizer_storage_rd.h index e69be644d7..ab02ca1331 100644 --- a/servers/rendering/rasterizer_rd/rasterizer_storage_rd.h +++ b/servers/rendering/rasterizer_rd/rasterizer_storage_rd.h @@ -218,7 +218,7 @@ private: struct Mesh { struct Surface { - RS::PrimitiveType primitive; + RS::PrimitiveType primitive = RS::PRIMITIVE_POINTS; uint32_t format = 0; RID vertex_buffer; @@ -232,8 +232,8 @@ private: // cache-efficient structure. struct Version { - uint32_t input_mask; - RD::VertexFormatID vertex_format; + uint32_t input_mask = 0; + RD::VertexFormatID vertex_format = 0; RID vertex_array; }; @@ -246,7 +246,7 @@ private: uint32_t index_count = 0; struct LOD { - float edge_length; + float edge_length = 0.0; RID index_buffer; RID index_array; }; @@ -456,9 +456,9 @@ private: RID color; //used for retrieving from CPU - RD::DataFormat color_format; - RD::DataFormat color_format_srgb; - Image::Format image_format; + RD::DataFormat color_format = RD::DATA_FORMAT_R4G4_UNORM_PACK8; + RD::DataFormat color_format_srgb = RD::DATA_FORMAT_R4G4_UNORM_PACK8; + Image::Format image_format = Image::FORMAT_L8; bool flags[RENDER_TARGET_FLAG_MAX]; |