Skip to content
Snippets Groups Projects
Commit 1849e539 authored by Xavier Hallade's avatar Xavier Hallade Committed by Gitea
Browse files

Fix #129235: Cycles: out of bound read from Embree

6c03339e moved from
rtcSetNewGeometryBuffer to rtcSetSharedGeometryBuffer but kept the
additional padding of 1 element in the function call.

It was previously used for over-allocating, to allow 16-byte reads of
all accessed elements, as Embree requires.
With rtcSetSharedGeometryBuffer, this argument led to an out-of-bounds
read as memory was already allocated without padding.
float3 is already 16-bytes so there is no need for padding, hence we
remove it.

We can also note that now, even when using rtcSetSharedGeometryBuffer,
over-allocating is not needed as it's done and functional on Embree side
since v3.6.

Pull Request: https://projects.blender.org/blender/blender/pulls/129643

Pull Request: https://projects.blender.org/blender/blender/pulls/130274
parent 773570d3
No related branches found
No related tags found
No related merge requests found
...@@ -342,11 +342,9 @@ void BVHEmbree::set_tri_vertex_buffer(RTCGeometry geom_id, const Mesh *mesh, con ...@@ -342,11 +342,9 @@ void BVHEmbree::set_tri_vertex_buffer(RTCGeometry geom_id, const Mesh *mesh, con
} }
else { else {
if (!rtc_device_is_sycl) { if (!rtc_device_is_sycl) {
/* NOTE(sirgienko) Embree requires padding for VERTEX layout as last buffer element static_assert(sizeof(float3) == 16,
* must be readable using 16-byte SSE load instructions. Because of this, we are "Embree requires that each buffer element be readable with 16-byte SSE load "
* artificially increasing shared buffer size by 1 - it shouldn't cause any memory "instructions");
* access violation as this last element is not accessed directly since no triangle
* can reference it. */
rtcSetSharedGeometryBuffer(geom_id, rtcSetSharedGeometryBuffer(geom_id,
RTC_BUFFER_TYPE_VERTEX, RTC_BUFFER_TYPE_VERTEX,
t, t,
...@@ -354,7 +352,7 @@ void BVHEmbree::set_tri_vertex_buffer(RTCGeometry geom_id, const Mesh *mesh, con ...@@ -354,7 +352,7 @@ void BVHEmbree::set_tri_vertex_buffer(RTCGeometry geom_id, const Mesh *mesh, con
verts, verts,
0, 0,
sizeof(float3), sizeof(float3),
num_verts + 1); num_verts);
} }
else { else {
/* NOTE(sirgienko): If the Embree device is a SYCL device, then Embree execution will /* NOTE(sirgienko): If the Embree device is a SYCL device, then Embree execution will
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment