From 359bebd8c08a626e64ade1ac45c3c925352bd8a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=C5=82=20Mikrut?= Date: Wed, 1 Apr 2020 19:29:35 +0200 Subject: [PATCH] Fix out of bound array access caused by unassigned variable --- core/class_db.cpp | 1 + core/math/expression.cpp | 2 ++ modules/bullet/btRayShape.cpp | 1 + modules/bullet/generic_6dof_joint_bullet.cpp | 6 ++++++ .../videodecoder/video_stream_gdnative.h | 2 +- modules/webrtc/webrtc_multiplayer.cpp | 1 + platform/linuxbsd/display_server_x11.cpp | 17 +++++++++-------- scene/3d/gi_probe.cpp | 1 + .../animation/animation_node_state_machine.cpp | 5 +++++ scene/gui/popup_menu.cpp | 1 + scene/gui/rich_text_label.h | 2 ++ scene/resources/animation.h | 5 ++++- scene/resources/dynamic_font.cpp | 1 + .../audio/effects/audio_effect_pitch_shift.cpp | 3 +++ .../rasterizer_rd/rasterizer_scene_rd.h | 6 +++--- .../rasterizer_rd/rasterizer_storage_rd.h | 14 +++++++------- 16 files changed, 48 insertions(+), 20 deletions(-) diff --git a/core/class_db.cpp b/core/class_db.cpp index 50c924bdd21..899b4e9cef9 100644 --- a/core/class_db.cpp +++ b/core/class_db.cpp @@ -261,6 +261,7 @@ HashMap ClassDB::compat_classes; ClassDB::ClassInfo::ClassInfo() { api = API_NONE; + class_ptr = nullptr; creation_func = NULL; inherits_ptr = NULL; disabled = false; diff --git a/core/math/expression.cpp b/core/math/expression.cpp index 04fda9d09a5..4ae9e09a462 100644 --- a/core/math/expression.cpp +++ b/core/math/expression.cpp @@ -2215,6 +2215,8 @@ Expression::Expression() : root(NULL), nodes(NULL), execution_error(false) { + str_ofs = 0; + expression_dirty = false; } Expression::~Expression() { diff --git a/modules/bullet/btRayShape.cpp b/modules/bullet/btRayShape.cpp index 4071723a3e9..0f54f848dc4 100644 --- a/modules/bullet/btRayShape.cpp +++ b/modules/bullet/btRayShape.cpp @@ -43,6 +43,7 @@ btRayShape::btRayShape(btScalar length) : m_shapeAxis(0, 0, 1) { m_shapeType = CUSTOM_CONVEX_SHAPE_TYPE; setLength(length); + slipsOnSlope = false; } btRayShape::~btRayShape() { diff --git a/modules/bullet/generic_6dof_joint_bullet.cpp b/modules/bullet/generic_6dof_joint_bullet.cpp index a6a01ebaa85..638944df767 100644 --- a/modules/bullet/generic_6dof_joint_bullet.cpp +++ b/modules/bullet/generic_6dof_joint_bullet.cpp @@ -43,6 +43,12 @@ Generic6DOFJointBullet::Generic6DOFJointBullet(RigidBodyBullet *rbA, RigidBodyBullet *rbB, const Transform &frameInA, const Transform &frameInB) : JointBullet() { + for (int i = 0; i < 3; i++) { + for (int j = 0; j < PhysicsServer3D::G6DOF_JOINT_FLAG_MAX; j++) { + flags[i][j] = false; + } + } + Transform scaled_AFrame(frameInA.scaled(rbA->get_body_scale())); scaled_AFrame.basis.rotref_posscale_decomposition(scaled_AFrame.basis); diff --git a/modules/gdnative/videodecoder/video_stream_gdnative.h b/modules/gdnative/videodecoder/video_stream_gdnative.h index 21b5245a162..8eef6f9098a 100644 --- a/modules/gdnative/videodecoder/video_stream_gdnative.h +++ b/modules/gdnative/videodecoder/video_stream_gdnative.h @@ -194,7 +194,7 @@ public: virtual void set_audio_track(int p_track); virtual Ref instance_playback(); - VideoStreamGDNative() {} + VideoStreamGDNative() { audio_track = 0; } }; class ResourceFormatLoaderVideoStreamGDNative : public ResourceFormatLoader { diff --git a/modules/webrtc/webrtc_multiplayer.cpp b/modules/webrtc/webrtc_multiplayer.cpp index c24ae3468f7..216eaf1ca37 100644 --- a/modules/webrtc/webrtc_multiplayer.cpp +++ b/modules/webrtc/webrtc_multiplayer.cpp @@ -371,6 +371,7 @@ WebRTCMultiplayer::WebRTCMultiplayer() { unique_id = 0; next_packet_peer = 0; target_peer = 0; + client_count = 0; transfer_mode = TRANSFER_MODE_RELIABLE; refuse_connections = false; connection_status = CONNECTION_DISCONNECTED; diff --git a/platform/linuxbsd/display_server_x11.cpp b/platform/linuxbsd/display_server_x11.cpp index c2b56570811..786bc37bad1 100644 --- a/platform/linuxbsd/display_server_x11.cpp +++ b/platform/linuxbsd/display_server_x11.cpp @@ -3374,6 +3374,15 @@ DisplayServerX11::DisplayServerX11(const String &p_rendering_driver, WindowMode r_error = OK; + current_cursor = CURSOR_ARROW; + mouse_mode = MOUSE_MODE_VISIBLE; + + for (int i = 0; i < CURSOR_MAX; i++) { + + cursors[i] = None; + img[i] = NULL; + } + last_button_state = 0; xmbstring = NULL; @@ -3650,14 +3659,6 @@ DisplayServerX11::DisplayServerX11(const String &p_rendering_driver, WindowMode cursor_theme = "default"; } - for (int i = 0; i < CURSOR_MAX; i++) { - - cursors[i] = None; - img[i] = NULL; - } - - current_cursor = CURSOR_ARROW; - for (int i = 0; i < CURSOR_MAX; i++) { static const char *cursor_file[] = { diff --git a/scene/3d/gi_probe.cpp b/scene/3d/gi_probe.cpp index a46cd906123..607b176cddb 100644 --- a/scene/3d/gi_probe.cpp +++ b/scene/3d/gi_probe.cpp @@ -293,6 +293,7 @@ GIProbeData::GIProbeData() { propagation = 0.7; anisotropy_strength = 0.5; interior = false; + use_two_bounces = false; probe = RS::get_singleton()->gi_probe_create(); } diff --git a/scene/animation/animation_node_state_machine.cpp b/scene/animation/animation_node_state_machine.cpp index ce1e75a61d4..05c5e864911 100644 --- a/scene/animation/animation_node_state_machine.cpp +++ b/scene/animation/animation_node_state_machine.cpp @@ -516,6 +516,11 @@ AnimationNodeStateMachinePlayback::AnimationNodeStateMachinePlayback() { len_current = 0; fading_time = 0; stop_request = false; + len_total = 0.0; + pos_current = 0.0; + loops_current = 0; + fading_pos = 0.0; + start_request_travel = false; } /////////////////////////////////////////////////////// diff --git a/scene/gui/popup_menu.cpp b/scene/gui/popup_menu.cpp index c096dc94cb9..986141aca19 100644 --- a/scene/gui/popup_menu.cpp +++ b/scene/gui/popup_menu.cpp @@ -1514,6 +1514,7 @@ PopupMenu::PopupMenu() { submenu_over = -1; initial_button_mask = 0; during_grabbed_click = false; + invalidated_click = false; allow_search = false; search_time_msec = 0; diff --git a/scene/gui/rich_text_label.h b/scene/gui/rich_text_label.h index dd439208af3..495e839958e 100644 --- a/scene/gui/rich_text_label.h +++ b/scene/gui/rich_text_label.h @@ -122,6 +122,8 @@ private: parent = NULL; E = NULL; line = 0; + index = 0; + type = ITEM_FRAME; } virtual ~Item() { _clear_children(); } }; diff --git a/scene/resources/animation.h b/scene/resources/animation.h index 36d5df52df0..e4e5177a8c2 100644 --- a/scene/resources/animation.h +++ b/scene/resources/animation.h @@ -84,7 +84,10 @@ private: float transition; float time; // time in secs - Key() { transition = 1; } + Key() { + transition = 1; + time = 0; + } }; // transform key holds either Vector3 or Quaternion diff --git a/scene/resources/dynamic_font.cpp b/scene/resources/dynamic_font.cpp index 107f07ec7df..108b1d0d5a4 100644 --- a/scene/resources/dynamic_font.cpp +++ b/scene/resources/dynamic_font.cpp @@ -997,6 +997,7 @@ SelfList::List *DynamicFont::dynamic_fonts = NULL; DynamicFont::DynamicFont() : font_list(this) { + valid = false; cache_id.size = 16; outline_cache_id.size = 16; spacing_top = 0; diff --git a/servers/audio/effects/audio_effect_pitch_shift.cpp b/servers/audio/effects/audio_effect_pitch_shift.cpp index 56529e208e2..a74ac3c007a 100644 --- a/servers/audio/effects/audio_effect_pitch_shift.cpp +++ b/servers/audio/effects/audio_effect_pitch_shift.cpp @@ -363,4 +363,7 @@ AudioEffectPitchShift::AudioEffectPitchShift() { pitch_scale = 1.0; oversampling = 4; fft_size = FFT_SIZE_2048; + wet = 0.0; + dry = 0.0; + filter = false; } diff --git a/servers/rendering/rasterizer_rd/rasterizer_scene_rd.h b/servers/rendering/rasterizer_rd/rasterizer_scene_rd.h index 0a1cc8ebd79..2b308559155 100644 --- a/servers/rendering/rasterizer_rd/rasterizer_scene_rd.h +++ b/servers/rendering/rasterizer_rd/rasterizer_scene_rd.h @@ -571,7 +571,7 @@ private: Rect2 atlas_rect; }; - RS::LightType light_type; + RS::LightType light_type = RS::LIGHT_DIRECTIONAL; ShadowTransform shadow_transform[4]; @@ -581,7 +581,7 @@ private: Vector3 light_vector; Vector3 spot_vector; - float linear_att; + float linear_att = 0.0; uint64_t shadow_pass = 0; uint64_t last_scene_pass = 0; @@ -590,7 +590,7 @@ private: uint32_t light_index = 0; uint32_t light_directional_index = 0; - uint32_t current_shadow_atlas_key; + uint32_t current_shadow_atlas_key = 0; Vector2 dp; diff --git a/servers/rendering/rasterizer_rd/rasterizer_storage_rd.h b/servers/rendering/rasterizer_rd/rasterizer_storage_rd.h index e69be644d7b..ab02ca13313 100644 --- a/servers/rendering/rasterizer_rd/rasterizer_storage_rd.h +++ b/servers/rendering/rasterizer_rd/rasterizer_storage_rd.h @@ -218,7 +218,7 @@ private: struct Mesh { struct Surface { - RS::PrimitiveType primitive; + RS::PrimitiveType primitive = RS::PRIMITIVE_POINTS; uint32_t format = 0; RID vertex_buffer; @@ -232,8 +232,8 @@ private: // cache-efficient structure. struct Version { - uint32_t input_mask; - RD::VertexFormatID vertex_format; + uint32_t input_mask = 0; + RD::VertexFormatID vertex_format = 0; RID vertex_array; }; @@ -246,7 +246,7 @@ private: uint32_t index_count = 0; struct LOD { - float edge_length; + float edge_length = 0.0; RID index_buffer; RID index_array; }; @@ -456,9 +456,9 @@ private: RID color; //used for retrieving from CPU - RD::DataFormat color_format; - RD::DataFormat color_format_srgb; - Image::Format image_format; + RD::DataFormat color_format = RD::DATA_FORMAT_R4G4_UNORM_PACK8; + RD::DataFormat color_format_srgb = RD::DATA_FORMAT_R4G4_UNORM_PACK8; + Image::Format image_format = Image::FORMAT_L8; bool flags[RENDER_TARGET_FLAG_MAX];