From a696bd6a46428181d2c67eee6aff3f1490f33170 Mon Sep 17 00:00:00 2001 From: Erwin Coumans Date: Wed, 25 Jul 2018 19:59:29 +0200 Subject: [PATCH 1/2] fix memory leak reported in Issue #1800 avoid access to array elements outside of range --- examples/SharedMemory/PhysicsServerCommandProcessor.cpp | 6 ++++-- .../btCompoundCompoundCollisionAlgorithm.cpp | 9 +++++++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/examples/SharedMemory/PhysicsServerCommandProcessor.cpp b/examples/SharedMemory/PhysicsServerCommandProcessor.cpp index ab0314a1a..41c4bf6f9 100644 --- a/examples/SharedMemory/PhysicsServerCommandProcessor.cpp +++ b/examples/SharedMemory/PhysicsServerCommandProcessor.cpp @@ -5022,8 +5022,10 @@ bool PhysicsServerCommandProcessor::processSyncUserDataCommand(const struct Shar b3AlignedObjectArray userDataHandles; m_data->m_userDataHandles.getUsedHandles(userDataHandles); - memcpy(bufferServerToClient, &userDataHandles[0], sizeof(int) * userDataHandles.size()); - + if (userDataHandles.size()) + { + memcpy(bufferServerToClient, &userDataHandles[0], sizeof(int) * userDataHandles.size()); + } serverStatusOut.m_syncUserDataArgs.m_numUserDataIdentifiers = userDataHandles.size(); serverStatusOut.m_type = CMD_SYNC_USER_DATA_COMPLETED; return hasStatus; diff --git a/src/BulletCollision/CollisionDispatch/btCompoundCompoundCollisionAlgorithm.cpp b/src/BulletCollision/CollisionDispatch/btCompoundCompoundCollisionAlgorithm.cpp index 108942b88..20b542f67 100644 --- a/src/BulletCollision/CollisionDispatch/btCompoundCompoundCollisionAlgorithm.cpp +++ b/src/BulletCollision/CollisionDispatch/btCompoundCompoundCollisionAlgorithm.cpp @@ -181,11 +181,12 @@ struct btCompoundCompoundLeafCallback : btDbvt::ICollide btSimplePair* pair = m_childCollisionAlgorithmCache->findPair(childIndex0,childIndex1); - + bool removePair = false; btCollisionAlgorithm* colAlgo = 0; if (m_resultOut->m_closestPointDistanceThreshold > 0) { colAlgo = m_dispatcher->findAlgorithm(&compoundWrap0, &compoundWrap1, 0, BT_CLOSEST_POINT_ALGORITHMS); + removePair = true; } else { @@ -223,7 +224,11 @@ struct btCompoundCompoundLeafCallback : btDbvt::ICollide m_resultOut->setBody0Wrap(tmpWrap0); m_resultOut->setBody1Wrap(tmpWrap1); - + if (removePair) + { + colAlgo->~btCollisionAlgorithm(); + m_dispatcher->freeCollisionAlgorithm(colAlgo); + } } } From d7c68dd822fd8d828ed5af3229e56b106661039f Mon Sep 17 00:00:00 2001 From: Erwin Coumans Date: Fri, 27 Jul 2018 10:13:09 +0200 Subject: [PATCH 2/2] fix leak --- .../CollisionDispatch/btCompoundCollisionAlgorithm.cpp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/BulletCollision/CollisionDispatch/btCompoundCollisionAlgorithm.cpp b/src/BulletCollision/CollisionDispatch/btCompoundCollisionAlgorithm.cpp index 9d96ef8ad..91b7809c1 100644 --- a/src/BulletCollision/CollisionDispatch/btCompoundCollisionAlgorithm.cpp +++ b/src/BulletCollision/CollisionDispatch/btCompoundCollisionAlgorithm.cpp @@ -156,10 +156,12 @@ public: btCollisionObjectWrapper compoundWrap(this->m_compoundColObjWrap,childShape,m_compoundColObjWrap->getCollisionObject(),newChildWorldTrans,-1,index); btCollisionAlgorithm* algo = 0; + bool allocatedAlgorithm = false; if (m_resultOut->m_closestPointDistanceThreshold > 0) { algo = m_dispatcher->findAlgorithm(&compoundWrap, m_otherObjWrap, 0, BT_CLOSEST_POINT_ALGORITHMS); + allocatedAlgorithm = true; } else { @@ -204,7 +206,11 @@ public: { m_resultOut->setBody1Wrap(tmpWrap); } - + if(allocatedAlgorithm) + { + algo->~btCollisionAlgorithm(); + m_dispatcher->freeCollisionAlgorithm(algo); + } } } void Process(const btDbvtNode* leaf)