mirror/openmw-tes3mp
1
0
Fork 1
mirror of https://github.com/TES3MP/openmw-tes3mp.git synced 2025-11-04 00:26:45 +00:00
Code Issues Releases Wiki Activity

Merge pull request #2098 from xyzz/fix-loading-screen-uaf

Browse source 
loadingscreen: Fix UaF in loading screen.
This commit is contained in:
Bret Curtis 2018-12-28 18:58:04 +01:00 committed by GitHub
commit d80d056140
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
apps/openmw/mwgui/loadingscreen.cpp
View file

@ -133,22 +133,23 @@ namespace MWGui
public:
CopyFramebufferToTextureCallback(osg::Texture2D* texture)
: mTexture(texture)
, oneshot(true)
{
}
virtual void operator () (osg::RenderInfo& renderInfo) const
{
if (!oneshot)
return;
oneshot = false;
int w = renderInfo.getCurrentCamera()->getViewport()->width();
int h = renderInfo.getCurrentCamera()->getViewport()->height();
mTexture->copyTexImage2D(*renderInfo.getState(), 0, 0, w, h);
// Callback removes itself when done
if (renderInfo.getCurrentCamera())
renderInfo.getCurrentCamera()->setInitialDrawCallback(nullptr);
}
private:
osg::ref_ptr<osg::Texture2D> mTexture;
mutable bool oneshot;
};
class DontComputeBoundCallback : public osg::Node::ComputeBoundingSphereCallback
@ -308,6 +309,8 @@ namespace MWGui
mGuiTexture.reset(new osgMyGUI::OSGTexture(mTexture));
}
// Notice that the next time this is called, the current CopyFramebufferToTextureCallback will be deleted
// so there's no memory leak as at most one object of type CopyFramebufferToTextureCallback is allocated at a time.
mViewer->getCamera()->setInitialDrawCallback(new CopyFramebufferToTextureCallback(mTexture));
mBackgroundImage->setBackgroundImage("");