From d1406bfeb42fcb5502ee3239f66621cf237575c2 Mon Sep 17 00:00:00 2001 From: Bojidar Marinov Date: Mon, 7 Jan 2019 21:17:19 +0200 Subject: [PATCH] Fix a nested ysort invalid memory read again Fixes #24755 --- servers/visual/visual_server_canvas.cpp | 28 +++++++++++-------------- 1 file changed, 12 insertions(+), 16 deletions(-) diff --git a/servers/visual/visual_server_canvas.cpp b/servers/visual/visual_server_canvas.cpp index 4ca3cd0fb44..bb020274795 100644 --- a/servers/visual/visual_server_canvas.cpp +++ b/servers/visual/visual_server_canvas.cpp @@ -68,6 +68,13 @@ void _collect_ysort_children(VisualServerCanvas::Item *p_canvas_item, Transform2 } } +void _mark_ysort_dirty(VisualServerCanvas::Item *ysort_owner, RID_Owner &canvas_item_owner) { + while (ysort_owner && ysort_owner->sort_y) { + ysort_owner->ysort_children_count = -1; + ysort_owner = canvas_item_owner.owns(ysort_owner->parent) ? canvas_item_owner.getornull(ysort_owner->parent) : NULL; + } +} + void VisualServerCanvas::_render_canvas_item(Item *p_canvas_item, const Transform2D &p_transform, const Rect2 &p_clip_rect, const Color &p_modulate, int p_z, RasterizerCanvas::Item **z_list, RasterizerCanvas::Item **z_last_list, Item *p_canvas_clip, Item *p_material_owner) { Item *ci = p_canvas_item; @@ -336,11 +343,7 @@ void VisualServerCanvas::canvas_item_set_parent(RID p_item, RID p_parent) { Item *item_owner = canvas_item_owner.get(canvas_item->parent); item_owner->child_items.erase(canvas_item); - Item *ysort_owner = item_owner; - while (ysort_owner && ysort_owner->sort_y) { - item_owner->ysort_children_count = -1; - ysort_owner = canvas_item_owner.owns(ysort_owner->parent) ? canvas_item_owner.getornull(ysort_owner->parent) : NULL; - } + _mark_ysort_dirty(item_owner, canvas_item_owner); } canvas_item->parent = RID(); @@ -360,11 +363,7 @@ void VisualServerCanvas::canvas_item_set_parent(RID p_item, RID p_parent) { item_owner->child_items.push_back(canvas_item); item_owner->children_order_dirty = true; - Item *ysort_owner = item_owner; - while (ysort_owner && ysort_owner->sort_y) { - item_owner->ysort_children_count = -1; - ysort_owner = canvas_item_owner.owns(ysort_owner->parent) ? canvas_item_owner.getornull(ysort_owner->parent) : NULL; - } + _mark_ysort_dirty(item_owner, canvas_item_owner); } else { @@ -873,7 +872,8 @@ void VisualServerCanvas::canvas_item_set_sort_children_by_y(RID p_item, bool p_e ERR_FAIL_COND(!canvas_item); canvas_item->sort_y = p_enable; - canvas_item->ysort_children_count = -1; + + _mark_ysort_dirty(canvas_item, canvas_item_owner); } void VisualServerCanvas::canvas_item_set_z_index(RID p_item, int p_z) { @@ -1351,11 +1351,7 @@ bool VisualServerCanvas::free(RID p_rid) { Item *item_owner = canvas_item_owner.get(canvas_item->parent); item_owner->child_items.erase(canvas_item); - Item *ysort_owner = item_owner; - while (ysort_owner && ysort_owner->sort_y) { - item_owner->ysort_children_count = -1; - ysort_owner = canvas_item_owner.owns(ysort_owner->parent) ? canvas_item_owner.getornull(ysort_owner->parent) : NULL; - } + _mark_ysort_dirty(item_owner, canvas_item_owner); } }